Iperius Remote Server Path Elevation of Privilege Vulnerability

Iperius Backup is a database backup software. A server path elevation of privilege vulnerability exists in Iperius Remote 1.7.0. The vulnerability allows users to install system privileged services, which can be exploited to elevate privileges by executing arbitrary code on the local search path...

Information Disclosure in extension "LDAP" (eu_ldap)

It has been discovered that the extension "LDAP" euldap is susceptible to Information Disclosure. Release Date: September 30, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.8.18 and below Vulnerability Type:...

Command Execution Vulnerability in Youyou's Email System of Shenzhen Hechen Communication Technology Co.

Shenzhen Hechen Communication Technology Co., Ltd. Youyou mail system is a modern enterprise to set up a professional e-mail service of a set of overall solutions, the mail system not only provides the conventional e-mail functions, but also extends the e-mail monitoring, e-mail antivirus, e-mail...

info fisier 1.0 - Multiple Vulnerabilities

Author : kaozc9 + Email : [email protected] + Site : www.paradisextem.co.cc + Team : ParadisexTeam + Dork : Powered by Info Fisier. =========================================XSS================================================== Affected Files: http://server/path/search.php...

DS CMS 1.0 (NewsId) Remote SQL Injection Vulnerability

No description provided by source. Script : DS CMS 1.0 NewsId Remote SQL Injection Vulnerability Script site : http://cms.dsinternal.com/Home AUTHOR : Palyo34 HOME : http://www.1923turk.biz ======================================================= +++++++++++++++++++++++ Exploit...

MemHT Portal <= 4.0 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl =about MemHT Portal = 4.0 Perl exploit AUTHOR: Discovered and written by Ams ax330d doggy gmail dot com DESCRIPTION: Here we are able to make SQL-injection due to weak filtering. So, look at inc/incheader.php lines 74, where hides code $checktitle...

MemHT Portal 4.0.1 - SQL Injection Code Execution Exploit

No description provided by source. !/usr/bin/perl =about MemHT 4.0.1 Perl exploit AUTHOR discovered & written by Ams ax330d doggy gmail dot com VULN. DESCRIPTION: Due to weak params filtering we are able to make SQL-Injection. So, 1. Look at 'inc/ajax/ajaxrating.php', line 29. It is not enough to...

Live CMS SQL Injection Vulnerability

No description provided by source. / - Live CMS SQL Injection Vulnerability - ---Date : 2010-06-17 ---Author : ahwak2000 ---Email : z.u5athotmail.com - Script Info - ---Home : http://live-space.ru ---Demo : http://demo.live-space.ru/index.php - Vulnerability -...

Mail.ru: Раскрытие полного серверного пути

Приветствую! Уязвимый ресурс - http://s2.11x11.ru Бага - http://s2.11x11.ru/config/config.php Fatal error: requireonce function.require: Failed opening required 'config/consts.inc.php' includepath='.:/usr/share/pear:/usr/share/php' in /var/www/11x11.ru/config/config.php on line 2...

wordpress_fullpathdisclosure

This plugin try to find the path in the server where WordPress is installed. Plugin type Crawl Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the...

Sky classroom file upload vulnerability-vulnerability warning-the black bar safety net

Brief description: Allow the upload of dangerous file type,this system is still a lot of Open the network course website, as shown in Figure, landing it, and now SkyDrive. Upload a PHP file, the web site didn't filter PHP file. ! 1 8-300x166. png ! 1 8-300x166. png ! 1 8-300x166. png After enteri...

Google, Paypal, Facebook Internal IP disclosure vulnerability

Do you have any idea about an Internal IP Address or a Private IP Address that too assigned for Multinational Companies? Yeah, today we are gonna discuss about Internal IP or Private IP address Disclosure. Disclosure of an Internal IP like 192.168.. or 172.16.. , can really Impact ? Most security...

Google, Paypal, Facebook Internal IP disclosure vulnerability

Do you have any idea about an Internal IP Address or a Private IP Address that too assigned for Multinational Companies? Yeah, today we are gonna discuss about Internal IP or Private IP address Disclosure. Disclosure of an Internal IP like 192.168.. or 172.16.. , can really Impact ? Most security...

Nmap NSE net: http-favicon

Gets the favicon 'favorites icon' from a web page and matches it against a database of the icons of known web applications. If there is a match, the name of the application is printed; otherwise the MD5 hash of the icon data is printed. If the script argument 'favicon.uri' is given, that relative...

DVD Rental Software - SQL Injection

Exploit Title: DVD Rental Software SQL injection Vulnerability Date: 19/11/2010 Author: JaMbA Team: SwT Script url: http://www.commodityrentals.com/dvd.php Version: N/A Tested on: Demo CVE : EXPL0!T...

DA Mailing List System 2 - Multiple Vulnerabilities

DA Mailing List System V2 Remote Admin Login Exploit Author : Phenom Dork: DA Mailing List System V2 Powered by DigitalArakan.Net Version : 2 Exploit : 1- http://server/path/admincp.asp 2- login with "admin" as user name and 'or' as password...

PR09-02 Multiple Cross-Site Scripting &#40;XSS&#41; / Cross Domain redirects and Server path information disclosure on SAP BusinessObjects version 12

Hi, We have found that SAP BusinessObjects version 12 is vulnerable to Multiple Cross-Site Scripting XSS, Cross Domain redirects and Server path information disclosure with the following consecuences: -An attacker may be able to cause execution of malicious scripting code in the browser of a vict...

WEB Calendar Database Disclosure

--------------------------------------- WEB Calendarcalendar35.mdb Remote Database Disclosure Vulnerability --------------------------------------- + Author : RENO + Email : [email protected] + Site : www.vxx9.cc + Team : SauDi ViRuS TeaM + Dork : search for it :p + Script : WEB Calendar vuln. in :...

Smart PHP Uploader 1.0 Remote File Upload Vulnerability

No description provided by source. Smart PHP Uploader 1.0 Remote File Upload Vulnerability Author : Phenom vendor : http://www.scriptsez.net language : PHP Version : 1.0 Exploit : 1- http://server/path/phpuploader.php...

PDQ Script 1.0 <== [listingid] SQL Injection

Exploit for unknown platform in category web applications ============================================ PDQ Script 1.0 == listingid SQL Injection ============================================ +===================================================================================+ | | | PDQ Script 1.0 ...