3100 matches found
JSBoard 2.0.10 - login.php?table Local File Inclusion
JSBoard 2.0.10 - login.php?table Local File Inclusion !/usr/bin/perl jsboard 2.0.10login.php tableLocal File Inclusion Exploit D.Script: http://kldp.net/frs/download.php/1729/jsboard-2.0.10.tar.gz if$table && fileexists"data/$table/config.php" include "data/$table/config.php"; Discovered & Coded ...
JC URLShrink 1.3.1 - Remote Code Execution
.-""""""""-. / Dj7xpl \ | | |, .-. .-. ,| | o/ \o | |/ /\ | @ ^^ \|IIIIII|/ @8@8 / \ / @ +Iranian Are The Best In World+ + + /I N F O\ + | | + | U R L S H R I N K | +...
Corel Wordperfect X3 13.0.0.565 (.PRS) Local Buffer Overflow Exploit
No description provided by source. / wp13exp.c - Wordperfect X3 remote exploit Proof of concept exploit for a stack based overflow in Corel Wordperfext X3. The vulnerability can be exploited by tricking a user into opening a specially crafted document. Usage: c:\win13exp evildoc.wpd Original...
fizzle-access.txt
Fizzle allows feeds to use HTML in feed data resulting in JavaScript being run in the chrome: window with chrome permissions. The extension will convert HTML entities back to their ASCII equivalents thus for formatting to lose their layout I told him it would be too difficult to sanitize the data...
Oracle 10g KUPM$MCP.MAIN - SQL Injection (2)
Oracle 10g KUPM$MCP.MAIN - SQL Injection 2 !/usr/bin/perl Remote Oracle KUPM$MCP.MAIN exploit 10g - Version 2 - New "evil cursor injection" tip! - No "create procedure" privilege needed! - See: http://www.databasesecurity.com/ Cursor Injection Grant or revoke dba permission to unprivileged user...
Gnome Evolution格式串漏洞
Gnome Evolution是一款开放源代码的邮件客户端。 Gnome Evolution包含的"writehtml"函数存在格式串问题,远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 问题存在于calendar/gui/e-cal-component-memo-preview.c中的"writehtml"函数中,当显示memo的目录时存在格式串错误,目标用户如果在邮箱中打开共享的MEMO,并点接收,在"Memo"标签下查看MEMO可触发漏洞。 GNOME Evolution 2.8.2.1 目前没有解决方案提供: http://www.gnome.org/...
Mercur Messaging 2005 <= SP4 IMAP Remote Exploit (egghunter mod)
No description provided by source. !/usr/bin/python Mercur Messaging 2005 SP3 IMAP service - Egghunter mod [email protected] http://www.offensive-security.com Original exploit by Winny Thomas Thanks Thomas, this code really came in handy ! VMWare seems to alter the stack a bit as the...
LedgerSMB/SQL-Ledger login本地文件包含和验证绕过漏洞
SQL-Ledger/LedgerSMB是开源的ERP系统。 SQL-Ledger/LedgerSMB不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是'am.pl'脚本对用户提交的'login'参数缺少过滤,提交恶意脚本代码作为参数数据,并诱使用户访问,可导致获得目标用户敏感信息。 SQL-Ledger SQL-Ledger 2.6.26 SQL-Ledger SQL-Ledger 2.6.25 SQL-Ledger SQL-Ledger 2.6.21 SQL-Ledger SQL-Ledger 2.6.19 SQL-Ledger SQL-Ledge...
pragmaMX Module Landkarten 2.1 Local File Inclusion Exploit (win)
No description provided by source. !Perl pragmaMX Landkartenmodule 2.1 Local File Inclusion Exploit Vendor: http://www.pragmamx.org/Downloads-op-getit-lid-599-noJpC-.html Vulnerable Code: requireonce"modules/$modulename/inc/conf.php"; Coded by bd0rk || SOH-Crew Greetz: str0ke, Diddi, seduce, TheJ...
PHP-Nuke Module splattforum 4.0 RC1 Local File Inclusion Exploit
Exploit for unknown platform in category web applications ================================================================ PHP-Nuke Module splattforum 4.0 RC1 Local File Inclusion Exploit ================================================================ !/usr/bin/perl Modulo Splatt Forum v4.0...
Katalog Plyt Audio (pl) 1.0 - SQL Injection
126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex = '\b\d1,3.\d1,3.\d1,3.\d1,3:\d1,5\b'; function...
Katalog Plyt Audio (pl) <= 1.0 Remote SQL Injection Exploit
Exploit for unknown platform in category web applications =========================================================== Katalog Plyt Audio pl 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if...
Guestbara 1.2 - Change Admin Login and Password
Guestbara = 1.2 Change admin login & password exploit by Kacper Admin Email Admin Name Admin Pass by Kacper for DEVIL TEAM script download: http://www.hotscripts.pl/produkt-3051.html Greetz @ll DEVIL TEAM milw0rm.com 2007-03-18...
ScriptMagix Photo Rating <= 2.0 Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ============================================================ ScriptMagix Photo Rating : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit;...
PHP <= 4.4.6 / 5.2.1 array_user_key_compare() ZVAL dtor Local Exploit
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / //...
PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Command Execution
126...
OpenBSD ICMPv6 Fragment Remote Execution Exploit PoC
No description provided by source. The PoC executes the shellcode int 3 and returns. It overwrites the extfree function pointer on the mbuf and forces a mfreem on the overflowed packet. The Impacket library is used to craft and send packets http://oss.coresecurity.com/projects/impacket.html or...
PHP 5.2.0/5.2.1 Rejected Session ID Double Free Exploit
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...
phpmysport-rfi.txt
------=Part134509048419.1173540747323 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Application : phpMySport CMS URL : http://phpmysport.sourceforge.net/en/ Variable menu.php includeonceROOT."/team/sqlteam.php";...
PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure
?php / PHP 4.4.6 cpdfopen source code disclosure poc by rgod site: http://retrogod.altervista.org to be launched from the cli this will show as output something like this: ClibPDF: Cannot open A 11111$mypasswordis="suntzu";newline $mypasswordis="suntzu";etc... for PDF output X-Powered-By: PHP/4.4...