local Calendar System v1.1 (lcStdLib.inc) Remote File Include

+------------------------------------------------------------------------------------------- local Calendar System v1.1 lcStdLib.inc Remote File Include TrZiNDaN [email protected] Turkey -------------------------------------------------------------------------------------------- download :...

Drunken:Golem Portal 0.5.1 Alpha 2 Remote File Include Exploit

Exploit for unknown platform in category web applications ============================================================== Drunken:Golem Portal 0.5.1 Alpha 2 Remote File Include Exploit ============================================================== C MackRulZ - 2007 Bug name: Drunken:Golem Gaming...

Mac OS X 10.4.8 (UserNotificationCenter) Privilege Escalation Exploit

No description provided by source. !/usr/bin/ruby Copyright c 2007 Kevin Finisterre kflists at digitalmunition.com Lance M. Havok lmh at info-pull.com All pwnage reserved. "Exploit" for MOAB-22-01-2007: All your crash are belong to us. require 'fileutils' bugselected = ARGV0 || 0.toi...

Oracle 10g SYS.DBMS_CDC_IMPDP.BUMP_SEQUENCE PL/SQL Injection

Exploit for multiple platform in category local exploits ============================================================ Oracle 10g SYS.DBMSCDCIMPDP.BUMPSEQUENCE PL/SQL Injection ============================================================ / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxe...

PHPMyphorum 1.5a (mep/frame.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ================================================================== PHPMyphorum 1.5a mep/frame.php Remote File Include Vulnerability ================================================================== PHPMyphorum 1.5a Class: File Include...

All In One Control Panel SQL注入漏洞

All In One Control Panel是一款基于PHP的WEB应用程序。 All In One Control Panel不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是多个脚本对用户提交的WEB参数缺少过滤，提交恶意脚本代码作为参数数据，可导致获得敏感信息。 AIOCP AIOCP 1.3.9 AIOCP AIOCP 1.3.7 AIOCP AIOCP 1.3.6 AIOCP AIOCP 1.3.5 AIOCP AIOCP 1.3.4 目前没有解决方案提供： http://sourceforge.net/projects/aiocp/...

Indexu 5.05.3 - register.php Multiple Cross-Site Scripting Vulnerabilities

Indexu 5.05.3 - register.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have...

dayfox-rfi.txt

BhhGroup.Org & Bilgi-Yonetimi.Org.Tr script name : Dayfox Blog Script Download : http://hotscripts.com/Detailed/66344.html Risk : High Found By : ShaFuck31 Vulnerable file : index.php Vuln : http://www.victim.com/ScriptPath/index.php?page=sheLL...

shop Server 1.3 (fieldValidation.php) Remote File Include Vulnerability

========================================================================== scripts : Jshop Server 1.3 Discovered By : irvian script : http://www.jshop.co.uk/ Thanks To : hitamputih nyubicrew patihack special To : nyubi,ibnusina,arioo,jipank,kacung,trangkil,cahgemblunkz dork :powered by jshop...

Magic Photo Storage Website - '/user/add_category.php?_config[site_path]' Remote File Inclusion

source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying...

gmx-xss.txt

hello everybody, recently, i've detected that gmx, a german freemail-provider it offers professional services too is prone to a xss-vulnerability. An attacker could send an email containing these string: Because gmx-webmail displays html-mails also, you can color the code white so that the...

IMGallery Start.PHP任意文件上传漏洞

IMGallery是一款基于PHP的WEB应用程序。 IMGallery不正确过滤用户提交的输入，远程攻击者可以利用漏洞上传任意脚本以WEB权限执行任意命令。 问题是上传处理脚本对用户提交的扩展名缺少过滤，提交类似hauru.jpg.png.php之类的PHP，可绕过检查，以WEB权限执行任意PHP命令。 IMGallery IMGallery 2.5 目前没有解决方案提供： http://www.imgallery.zor.pl/ ? //Kacper Settings $exploitname = "IMGallery = 2.5 Create Uploader Script...

IMGallery <= 2.5 Create Uploader Script Exploit

Exploit for unknown platform in category web applications =============================================== IMGallery DEVIL TEAM IRC:...

WYWO - InOut Board 1.0 Multiple Remote Vulnerabilities

No description provided by source. Title : WYWO - InOut Board 1.0 Multiple Vulnerabilities Author : ajann Contact : : S.Page : http://cybercoded.com $$ : 9.95 $ SQL--------------------------------------------------------- http://target/path/phonemessage.asp?num=SQL Example:...

Newxooper Mapage.PHP远程文件包含漏洞

Newxooper是一款基于PHP的WEB应用程序。 Newxooper不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'Mapage.PHP'脚本对用户提交的'chemin'参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 newxooper newxooper 0.9.1 目前没有解决方案提供： http://www.easy-script.com http://www.example.com/compteur/mapage.php?chemin=Evil Code...

Oracle 9i10g - utl_file FileSystem Access

Oracle 9i10g - utlfile FileSystem Access -- -- $Id: raptororafile.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororafile.sql - file system access suite for oracle -- Copyright c 2006 Marco Ivaldi -- -- This is an example file system access suite for Oracle based on the utlfile -- package...

8Pixel.net SimpleBlog ID SQL注入漏洞

Simple Blog是一款基于PHP的网络日记程序。 Simple Blog不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'default.asp'脚本对用户提交的"id"参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息。 8pixel.net Simple Blog 2.3 http://www.8pixel.net/...

Bandwebsite 1.5 - &#039;LOGIN&#039; Remote Add Admin

Name: Pass: milw0rm.com 2006-12-16...

Somery Include.PHP远程文件包含漏洞

Somery是一款基于PHP的WEB应用程序。 Somery不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Include.PHP'脚本对用户提交的'skindir'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Somery Somery 0.4.6 目前没有解决方案提供,请关注以下链接： http://somery.danwa.net/...

mxBB Module Activity Games 0.92 - Remote File Inclusion

mxBB Module Activity Games 0.92 - Remote File Inclusion mxact mxBB Games Module --Remote File Inclusion Exploit Bug Found & Exploit coded By Dr Max Virus Download:http://www.mx-system.com/index.php?page=4&action=file&fileid=71 Problem area: if !fileexists$mxrootpath . 'modules/mxact/language/lang...