weechat (important)

added weechat-fix-hookprocess-shell-injection.patch which fixes a shell injection vulnerability in the hookprocess function bnc790217, CVE-2012-5534 - added weechat-fix-buffer-overflow-in-irc-color-decoding.patch which fixes a heap-based overflow when decoding IRC colors in strings bnc789146,...

Mastery OA2007 version vulnerability and getshell-a vulnerability warning-the black bar safety net

Currently testing mastery OA2007 version Office Anywhere 2 0 0 7 network intelligent office systems http://127.0.0.1/pda/news/read.php?P=%cf' pig points. Storm web directory.. This time looked under the code, there is injected into the variables of the statements in the first 3 fields in the file...

Two security issues fixed in ioQuake3 engine

Hello, Quake 3 is a popular online first person shooter developed by IDsoftware 1 that has been released in 1999 and is still widely played. After the release of the source code under the GPL, the ioQuake3 project 2 was started that is dedicated to maintaining the existing codebase. Several game...

Quake 3 Shell Injection / Code Execution

Hello, Quake 3 is a popular online first person shooter developed by IDsoftware 1 that has been released in 1999 and is still widely played. After the release of the source code under the GPL, the ioQuake3 project 2 was started that is dedicated to maintaining the existing codebase. Several game...

PHP-Nuke <= 8.1.3.5 (Your_Account) Remote Command Exec Exploit

No description provided by source. PHP-Nuke = 8.1.0.3.5b Remote Command Execution Exploit Author/s: Dante90 & yawn Contact Us: www.unitx.net Requirements: magicquotesgpc : off Greetings: [email protected] | [email protected] You will remember, Watson, how the dreadful business of the Abernetty...

PHP-Nuke 8.1.0.3.5b - Remote Command Execution

PHP-Nuke 8.1.0.3.5b - Remote Command Execution PHP-Nuke REMEMBER TO ADD THE FINAL / TO THE HOSTNAME "; Change Here to Set your custom shell for example use...

Sun VirtualBox 3.0.6 - Local Privilege Escalation

Sun VirtualBox 3.0.6 - Local Privilege Escalation !/bin/sh CVE-2009-3692 Sun VirtualBox runme.c include include include include include int mainint argc, char argv FILE from, to; int fd; char ch; setuid0; setgid0; from = fopen"/bin/sh","rb"; to = fopen"./sh","wb"; while!feoffrom ch = fgetcfrom;...

Sun VirtualBox <= 3.0.6 privilege escalation

No description provided by source. !/bin/sh CVE-2009-3692 Sun VirtualBox = 3.0.6 local root exploit ======================================================== Exploits popen meta char shell injection vulnerability in Sun VirtualBox. E.g. admin@sundevil:/test$ id uid=101admin gid=10staff...

openSUSE 10 Security Update : nagios (nagios-6355)

A shell injection bug in nagios' statuswml.cgi CGI script has been fixed. CVE-2009-2288 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update nagios-6355. The text...

SuSE 10 Security Update : nagios (ZYPP Patch Number 6356)

A shell injection bug in nagios' statuswml.cgi CGI script has been fixed. CVE-2009-2288 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 11 Security Update : nagios (SAT Patch Number 1105)

A shell injection bug in nagios' statuswml.cgi CGI script has been fixed. CVE-2009-2288 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is...

openSUSE Security Update : nagios (nagios-1102)

A shell injection bug in nagios' statuswml.cgi CGI script has been fixed. CVE-2009-2288 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update nagios-1102. The text...

openSUSE Security Update : nagios (nagios-1102)

A shell injection bug in nagios' statuswml.cgi CGI script has been fixed. CVE-2009-2288 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update nagios-1102. The text...

RunCMS 1.6.3 Shell Injection

!/usr/bin/perl RunCMS = 1.6.3 "double ext" remote shell injection exploit Note: you may upload files with double extension FCKEditor must be enabled for users by staker ------------------------------ mail: stakerathotmaildotit url: http://www.runcms.org ------------------------------ Discovered o...

RunCMS 1.6.3 - Remote Shell Injection

!/usr/bin/perl RunCMS = 1.6.3 "double ext" remote shell injection exploit Note: you may upload files with double extension FCKEditor must be enabled for users by staker ------------------------------ mail: stakerathotmaildotit url: http://www.runcms.org ------------------------------ Discovered o...

RunCMS <= 1.6.3 (double ext) Remote Shell Injection Exploit

No description provided by source. !/usr/bin/perl RunCMS = 1.6.3 "double ext" remote shell injection exploit Note: you may upload files with double extension FCKEditor must be enabled for users by staker ------------------------------ mail: stakerathotmaildotit url: http://www.runcms.org...

L-Forum 2.4.0 SQL Injection / Command Execution

!/usr/bin/perl Web App: L-Forum 2.4.0 Link : http://l-forum.sourceforge.net/ Bug : SQL INJECTIONS SQL Command Injection Exploit Needs MQ Off Dork: Copyright 2000-2001 Leszek 'Leon' Krupinski Credits to Giovanni Buzzin, "Osirys" Mail: osirysatautisticidotorg...

Syzygy CMS 0.3 LFI/SQL Command Injection Exploit

No description provided by source. !/usr/bin/perl Web App : Syzygy CMS 0.3 Link : http://sourceforge.net/project/downloading.php?groupid=103298&usemirror=heanet&filename=syzygycms-0.3.tar.gz&a=89932245 Remote Command Execution Exploit : Case 1: If LFI works, exploitation via Shell Injection + LFI...

Syzygy CMS 0.3 LFI/SQL Command Injection Exploit

Exploit for unknown platform in category web applications ================================================ Syzygy CMS 0.3 LFI/SQL Command Injection Exploit ================================================ !/usr/bin/perl Web App : Syzygy CMS 0.3 Link :...

Syzygy CMS 0.3 - Local File Inclusion / SQL Injection

!/usr/bin/perl Web App : Syzygy CMS 0.3 Link : http://sourceforge.net/project/downloading.php?groupid=103298&usemirror=heanet&filename=syzygycms-0.3.tar.gz&a=89932245 Remote Command Execution Exploit : Case 1: If LFI works, exploitation via Shell Injection + LFI Case 2: Unless, exploitation via S...