3100 matches found
Fuju News 1.0 - Authentication Bypass / SQL Injection
Internet Security | |---==============================================================---| title: fuju news 1.0 remote sql injection release: 2006-04-16 author: snatcher snatcher at gmx.ch country: switzerland |+| application: Fuju News 1.0 description: a php / mysql based newsscript download:...
Blackorpheus ClanMemberSkript 1.0 - SQL Injection
Internet Security | |---==============================================================---| title: Blackorpheus ClanMemberSkript 1.0 remote sql injection release: 2006-04-16 author: snatcher snatcher at gmx.ch country: switzerland |+| application: Blackorpheus ClanMemberSkript 1.0 description: a p...
Chucky A. Ivey N.T. 1.1 - 'index.php' Multiple HTML Injection Vulnerabilities
source: https://www.securityfocus.com/bid/17387/info N.T. is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the...
Tru64 UNIX 5.0 (Rev. 910) - rdist NLSPATH Buffer Overflow
Tru64 UNIX 5.0 Rev. 910 - rdist NLSPATH Buffer Overflow !/usr/bin/perl -w based on work by stripey from back in the day kflistsatdigitalmunitiondotcom http://www.digitalmunition.com $sc .= "\x30\x15\xd9\x43\x11\x74\xf0\x47\x12\x14\x02\x42"; $sc .= "\xfc\xff\x32\xb2\x12\x94\x09\x42\xfc\xff\x32\xb2...
Plogger <= Beta 2.1 Administrative Credentials Disclosure Exploit
Exploit for unknown platform in category web applications ================================================================= Plogger works with magicquotesgpc = Off\r\n\r\n"; echo "dork: intext:"Powered by Plogger!" -plogger.org\r\n\r\n"; if $argc3 echo "Usage: php ".$argv0." host path...
WebGUI < 6.7.6 arbitrary command execution
The remote web server contains a CGI script that is prone to arbitrary code execution. Description : The remote host is running WebGUI, a content management system from Plain Black Software. The installed version of WebGUI on the remote host fails to sanitize user-supplied input via the OpenVAS...
WebGUI < 6.7.6 arbitrary command execution
The installed version of WebGUI on the remote host fails to sanitize user-supplied input via the SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
php iCalendar <= 2.21 (Cookie) Remote Code Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "php iCalendar =2.21 "cookielanguage"/"cookiestyle" remote cmmnds xctn\r\n"; echo "- arbitrary local inclusion through cookies\r\n"; echo "by rgod rgodATautisticiDOTorg\r\n"; echo "site:...
GuestBook Script <= 1.7 (include_files) Remote Code Execution Exploit
No description provided by source. !/usr/bin/perl use IO::Socket; print "guestbook script = 1.7 exploit\r\n"; print "rgod [email protected]\r\n"; print "dork: "powered by guestbook script"\r\n\r\n"; short explaination: we have this code in nearly all scripts: ... if isset $includefiles and...
WMNews - footer.php?ctrrowcol Cross-Site Scripting
WMNews - footer.php?ctrrowcol Cross-Site Scripting source: https://www.securityfocus.com/bid/17076/info WMNews is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these...
txtForum 1.0.3/1.0.4 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/17054/info txtForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in t...
DCP-Portal 3.7/4.x/5.x/6.x - 'calendar.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/17050/info DCP Portal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in...
gallery203.php.txt
!/usr/bin/php -q -d shortopentag=on autisticiorg \r\n"; echo "site: http://retrogod.altervista.org \r\n\r\n"; echo "- works with registerglobals = On and magicquotesgpc = Off \r\n"; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$...
loudCMS.txt
"Loudblog is a sleek and easy-to-use Content Management System CMS for publishing media content on the web." SQL Injection in podcast.php magicquotes=off: http://target/loudblog/podcast.php?id=1' and '1'='0' union select...
MS Visual Studio 6.0 sp6 (Malformed .dbp File) Buffer Overflow Exploit
Exploit for unknown platform in category local exploits ====================================================================== MS Visual Studio 6.0 sp6 Malformed .dbp File Buffer Overflow Exploit ====================================================================== / Microsoft Visual Studio 6.0...
phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution
No description provided by source. !/usr/bin/perl root@host perl rpc.pl phprpc.sourceforge.net /modules/phpRPC/server.php --== IHS IRAN HOMELAND SECURITY ==-- phpRPC = 0.7 commands execute exploit by LorD http://www.ihs.ir IRAN HOMELAND SECURITY$ uname -a;id;pwd Linux sc8-pr-web9.sourceforge.net...
Safari archive metadata command execution
Added: 02/24/2006 CVE: CVE-2006-0848 BID: 16736 OSVDB: 23366 Background The Safari web browser supports explicit binding, which allows a file to override the default application for its file type. Safe files are files such as pictures, movies, and archives which are opened automatically when...
Noahs Classifieds 1.01.3 - Search Page SQL Injection
Noahs Classifieds 1.01.3 - Search Page SQL Injection source: https://www.securityfocus.com/bid/16773/info Noah's Classifieds is prone to an SQL-injection vulnerability. The application fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...
myPHPNuke 1.8.8 - reviews.php Cross-Site Scripting
myPHPNuke 1.8.8 - reviews.php Cross-Site Scripting source: https://www.securityfocus.com/bid/16815/info MyPHPNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage thes...
CVE-2006-0698
CVE-2006-0698 affects Zen Cart prior to version 1.2.7. The vulnerability is described as unspecified vulnerabilities allowing remote attackers to cause unknown impact via unspecified vectors (other than SQL injection). The connected documents do not provide concrete exploit details, concrete root...