1763 matches found
Fedora 19 : mediawiki-1.21.11-1.fc19 (2014-7805)
bug 65839 SECURITY: Prevent external resources in SVG files. - bug 66428 MimeMagic: Don't seek before BOF. This has weird side effects like only extracting the tail of the file partially or not at all. Note that Tenable Network Security has extracted the preceding description block directly from...
N/X WCMS <= 4.1 (nxheader.inc.php) Remote File Include Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? print ' | \\ | \\ | \ . . |\ \ \ /\ \ / /| || | | | | \ | \ Y / | || | | \ | \ \ / | || | |/ // / / ||| \ | / / \ / \ |\ /\ / / \ / \ | | | | / /\ \ / \ / \ | | | | / | / Y \ || / /| /| /...
PostNuke <= 0.763 (PNSV lang) Remote Code Execution Exploit
No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...
Microsoft Windows XP Explorer.EXE Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9924/info Microsoft Windows Explorer for Windows XP has been reported to be prone to a remote denial of service vulnerability. This issue is due to a failure of the application to properly validate user-supplied input via...
virtuemart <= 1.1.2 - Multiple Vulnerabilities
No description provided by source. Author: Janek Vind waraxe Date: 24. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-71.html Description of vulnerable software: VirtueMart is an Open Source E-Commerce solution to be used together with a Content Management System CMS...
Wordpress <= 1.5.1.2 xmlrpc Interface SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w sorry for the late posting, had to test it. /str0ke Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML RPC server...
CMSQLite <= 1.2 & CMySQLite <= 1.3.1 - Remote Code Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo CMSQLite = 1.2 & CMySQLite = 1.3.1 Remote Code Execution Exploit by BlackHawk hawkgotyou gmail com http://twitter.com/itablackhawk Thanks to rgod for the php code and Natural Killer ; if $argc4 echo Usage: php .$argv0...
op5 Monitoring 5.4.2 - (VM Applicance) Multiple Vulnerabilities
No description provided by source. Author: loneferret of Offensive Security Product: op5 Monitoring VM appliance Version: 5.4.2 Vendor Site: http://www.op5.com/ Software Download: http://www.op5.com/get-op5-monitor/get-started/ Software Description: op5 is a market leading developer of Open Sourc...
ReloadCMS <= 1.2.5 Cross Site Scripting / Remote Code Execution Exploit
No description provided by source. ?php / ReloadCMS = 1.2.5stable Cross site scripting / remote command execution software site: http://reloadcms.com/ description: ReloadCMS is a free CMS written on PHP and based on flat files. vulnerability: ReloadCMS do not properly sanitize User-Agent request...
wget <= 1.9 - Directory Traversal exploit
No description provided by source. !/usr/bin/perl -W wgettrap.poc -- A POC for the wget1 directory traversal vulnerability Copyright 2004 Jan Min=C3=A1=C5=99 jjminar fastmail fm License: Public Domain - SECU When wget connects to us, we send it a HTTP redirect constructed so that wget wget will...
Linksys X3000 1.0.03 build 001 - Multiple Vulnerabilities
No description provided by source. Device: X3000 Vendor: Linksys ============ Vulnerable Firmware Releases: ============ Firmware Version: v1.0.03 build 001 Jun 11,2012 ============ Vulnerability Overview: ============ OS Command Injection The vulnerability is caused by missing input validation i...
Unclassified NewsBoard <= 1.6.1 patch 1 Arbitrary Local Inclusion Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo Unclassified NewsBoard = 1.6.1 patch 1 ABBCConfigsmileset arbitrary\r\n; echo local inclusion\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; echo works with registerglobals ...
Microsoft IIS 4.0,Microsoft JET 3.5/3.5.1 Database Engine VBA Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/286/info Microsoft's JET database engine feature allows the embedding of Visual Basic for Application in SQL string expressions and the lack of metacharacter filtering by many web applications may allow remote users to...
kr-web <= 1.1b2 - Remote File Inclusion Vulnerability
No description provided by source. Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg KR-Web = 1.1b2 Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/krw/files/ Dork : dieHacking attempt; :D Vuln : ./KR-Web-1.1b2/adm/krgourl.php line 2 ?php include...
SunOS <= 4.1.3 kmem setgid /etc/crash Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/59/info /etc/crash was installed setgid kmem and excutable by anyone. Any user can use the ! shell command escape to executes commands, which are then performed with group set to kmem. $ /etc/crash ! sh...
Mountain Network Systems WebCart 8.4 Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3453/info Mountain Network Systems WebCart is a cgi based online shopping suite. An error in the webcart.cgi script allows a remote user to pass an arbitrary shell command which will be executed by the script. WebCart...
QPopper 4.0.x PopAuth Trace File Shell Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3710/info Qpopper is a freely available, open source Post Office Protocol server. It is maintained and distributed by Qualcomm. When popauth is executed with the trace option, it does not correctly handle user-supplied...
WebText <= 0.4.5.2 - Remote Code Execution Exploit
No description provided by source. ? //Kacper Settings $exploitname = WebText = 0.4.5.2 Remote Code Execution Exploit; $scriptname = WebText 0.4.5.2; $scriptsite = http://www.webtext.pl/?go=download; $dork = 'Powered by WebText'; // print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+:...
Drupal <= 4.7 (attachment mod_mime) Remote Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo Drupal = 4.7 attachment modmime poc exploit\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; / this works with a user account with upload rights and with permissions to modify...
PhpCommander <= 3.0 (upload) Remote Code Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? $devilteam = ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+:...