3100 matches found
BlueShoes Framework 4.6 - Remote File Inclusion
BlueShoes Framework 4.6 - Remote File Inclusion $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ BlueShoes Framework 4.6 = Remote File Include Vulnerability $$ Script site: http://www.blueshoes.org/ $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$ Find...
CVE-2006-2737
The CVE-2006-2737 issue affects Nukedit 4.9.6 and earlier where utilities/register.asp allows remote creation of new users and assignment to arbitrary groups by tampering with the groupid parameter in the addDB action. This enables potential elevation to the administrative group. The vulnerabilit...
AssoCIateD CMS 1.1.3 - ROOT_PATH Remote File Inclusion
AssoCIateD CMS 1.1.3 - ROOTPATH Remote File Inclusion DEVIL TEAM THE BEST POLISH TEAM ACID v1.1.3 CMS rootpath - Remote File Include Vulnerabilities Script site: http://herve.labas.free.fr/acid/en/ Find by Kacper Rahim. Greetings; DragonHeart, Satan, Leito, Leon, Luzak, Adam, DeathSpeed, Drzewko,...
AssoCIateD CMS 1.1.3 (root_path) Remote File Include Vulnerability
No description provided by source. DEVIL TEAM THE BEST POLISH TEAM ACID v1.1.3 CMS rootpath - Remote File Include Vulnerabilities Script site: http://herve.labas.free.fr/acid/en/ Find by Kacper Rahim. Greetings; DragonHeart, Satan, Leito, Leon, Luzak, Adam, DeathSpeed, Drzewko, pepi Special greet...
AR-Blog 5.2 - Multiple Cross-Site Scripting Vulnerabilities
AR-Blog 5.2 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/18120/info AR-Blog is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may levera...
NucleusCMS.txt
!/usr/bin/php -q -d shortopentag=on ...
e107072.txt
Software: e107 CMS Versions: list$uid, $upw=$COOKIE$pref'cookiename' ? explode".", $COOKIE$pref'cookiename' : explode".", $SESSION$pref'cookiename'; ..... if$result = getuserdata$uid, "AND md5u.userpassword='$upw'", FALSE ..... Exploit: 0.6.xxx 1.blablahashpassword' union select from e107user whe...
ScozNews <= 1.2.1 (mainpath) Remote File Inclusion Vulnerability
No description provided by source. DEVIL TEAM THE BEST POLISH TEAM ScozNews v1.2.1 - Remote File Include Find by Kacper Rahim. Greetings For ALL DEVIL TEAM members, Special DragonHeart : Contact: [email protected] or http://www.devilteam.yum.pl dork: "Powered By ScozNews"...
TR Newsportal 0.36tr1 - 'poll.php' Remote File Inclusion
DEVIL TEAM THE BEST POLISH TEAM TR Newsportal - Remote File Include Find by Kacper Rahim. Greetings For ALL DEVIL TEAM members, Special DragonHeart : Contact: [email protected] or http://www.devilteam.yum.pl dork: "TR Newsportal" brought by TRanx. extras/poll/poll.php: code /code...
GNUnet <= 0.7.0d (Empty UDP Packet) Remote Denial of Service Exploit
Exploit for unknown platform in category dos / poc ==================================================================== GNUnet = 0.7.0d Empty UDP Packet Remote Denial of Service Exploit ==================================================================== http://www.inj3ct0r.com/sploits/6148.zip...
Sugar Suite Open Source 4.2 - 'OptimisticLock' Command Execution
!/usr/bin/php -q -d shortopentag=on \r\n"; die; / software site: http://www.sugarcrm.com/crm/ i vulnerable code in modules/OptimisticLock/LockResolve.php:...
Empire <= 4.3.2 (strncat) Denial of Service Exploit
Exploit for unknown platform in category dos / poc =================================================== Empire = 4.3.2 strncat Denial of Service Exploit =================================================== http://www.inj3ct0r.com/sploits/6145.zip 0day.today 2018-02-02...
FreeBSD : openvpn -- LD_PRELOAD code execution on client through malicious or compromised server (be4ccb7b-c48b-11da-ae12-0002b3b60e4c)
Hendrik Weimer reports : OpenVPN clients are a bit too generous when accepting configuration options from a server. It is possible to transmit environment variables to client-side shell scripts. There are some filters in place to prevent obvious nonsense, however they don't catch the good old...
ASP-Nuke-community-v1.4SP3.txt
I MurderSkillz from g00ns.net have found xss vulnerabilities in ASP-Nuke community v1.4 SP3 and possibly other versions. Shouts go to all the g00ns. Once again..g00ns.net fucking owns j00! Found in XSS /aspnuke/default.asp?poll='alertdocument.cookie;&results=1 ----------...
Invision Power Board 2.1.5 - 'from_contact' SQL Injection
!/usr/bin/perl IPB =2.1.4 exploit possibly 2.1.5 too Brought to you by the Ykstortion security team. The bug is in the pm system so you must have a registered user. The exploit will extract a password hash from the forum's data base of the target user. You need to know the target user's member ID...
Invision Power Board <= 2.1.5 search.php Remote Code Execution Exploit
No description provided by source. !/usr/bin/perl Wed Apr 26 16:44:15 CEST 2006 [email protected] INVISION POWER BOARD 2.1.5 www.invisionboard.com pr00f 0f c0ncept remote command execution. vuln credits goes to IceShaman. works only if you have perms to post a comment. Exploit with replye is in m...
I-RATER Platinum - 'Config_settings.TPL.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/17731/info I-RATER Platinum is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...
CoolMenus 4.0 - index.php Remote File Inclusion
CoolMenus 4.0 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/17738/info CoolMenus is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include...
FlexBB <= 0.5.5 (function/showprofile.php) SQL Injection Exploit
Exploit for unknown platform in category web applications ================================================================ FlexBB new...
IntelliLink Pro 5.06 - 'addlink_lwp.cgi?url' Cross-Site Scripting
source: https://www.securityfocus.com/bid/17605/info IntelliLink Pro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execut...