Sendmail transport arbitrary shell execution

More info at http://blog.swiftmailer.org/post/88660759928/security-fix-swiftmailer-5-2-1-released...

Sendmail transport arbitrary shell execution

More info at http://blog.swiftmailer.org/post/88660759928/security-fix-swiftmailer-5-2-1-released...

用友办公平台任意文件上传getshell

简要描述： 详细说明： 无需登录，通杀用友办公平台。。。 http://oa.bamatea.com http://oa.moonbasa.com http://oa.etonetech.com http://oa.ztcz.cn http://218.249.130.74 http://119.146.190.170:9988 http://zhidao.baidu.com http://wenku.baidu.com http://223.4.22.36 http://222.243.160.83:9090 http://www.chipshow.cn...

Fog Dragonfly 0.8.2 Command Injection Vulnerability

Ruby Gem Fog Dragonfly version 0.8.2 suffers from a remote command injection vulnerability. TITLE: Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem Credit: Larry W. Cashdollar, @larry0 Date: 8/16/2013 CVE: 2013-5671 Download: https://rubygems.org/gems/fog-dragonfly Description: "Dragonfly...

w-CMS 2.0.1 - Remote Code Execution

w-CMS 2.0.1 - Remote Code Execution Exploit Title: w-CMS 2.0.1 Remote Code Execution Vulnerability Google Dork: intext:"Powered by w-CMS" Date: 15/08/2013 Exploit Author: ICheerNo0M - http://icheernoom.blogspot.com/ Vendor Homepage: http://w-cms.org/ Software Link: - Version: 2.0.1 Tested on:...

Novell Zenworks Mobile Device Management Local File Inclusion

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Novell Zenworks Mobile Device Managme...

Cydia Repo Manager - Cross-Site Request Forgery

Cydia Repo Manager - Cross-Site Request Forgery Cydia Repo Manager CSRF Vulnerability By cr4wl3r http://bastardlabs.info http://bastardlabs.info/exploits/CydiaRepoManager.txt Software Link: http://damarist.de/?lang=en Download : http://damar1st.de/downloads/CydiaRepoManager3.1.zip Tested: Win 7...

Wordpress Remote Command Execution

No description provided by source. Exploit Title : Wordpress All Versions Remote Command Execution Author : Nafsh Discovered By : Tapco Security & Research Lab Date : 3 Oct 2012 Home : http://Sec-Lab.Tap-Co.Net Contact : [email protected] Source :...

Slackware: Security Advisory (SSA:2005-278-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GIMP script-fu buffer overflow

Buffer overflow on message parsing, shell execution...

pBot - Remote Code Execution

pBot - Remote Code Execution !/usr/bin/perl Exploit Title: pBot Remote Code Execution "" hostauth Date: 31.07.2012 Exploit Author: @bwallHatesTwits Software Link: https://www.firebwall.com/decoding/read.php?u=620d21fd31b87046e94975e03fdafa8a decoded from attempted attack Version: Various versions...

eGlibc Signedness Code Execution

Exploit Title: eGlibc Signedness Vulnerability Date: November 2011 Exploit Author: c0ntex Vendor Homepage: http://www.eglibc.org Software Link: http://www.eglibc.org/home Version: eGlibc supplied by Ubuntu 10.4 LTS Tested on: Ubuntu 10.4 LTS CVE : CVE-2011-2702 A delicious, yet slightly cold...

Calibre E-Book Reader - Local Privilege Escalation (1)

Calibre E-Book Reader - Local Privilege Escalation 1 !/bin/sh .50-Calibrer Assault Mount by zx2c4 Calibre uses a suid mount helper, and like nearly all suid mount helpers that have come before it, it's badly broken. Let's go through Calibre's faulty code available at http://pastebin.com/auz9SULi...

Calibre E-Book Reader - Local Privilege Escalation (1)

!/bin/sh .50-Calibrer Assault Mount by zx2c4 Calibre uses a suid mount helper, and like nearly all suid mount helpers that have come before it, it's badly broken. Let's go through Calibre's faulty code available at http://pastebin.com/auz9SULi and look at the array of silly things done, only one ...

Drupal 7.0 Shell Execution

!/usr/bin/env php ================ + In any Drupal , detecting the file http://local/Path/scripts/drupal.sh The content file 'drupal.sh' is this PHP CODE for EXECUTING Scripts ================ ------------------------ Check for your PHP interpreter - on Windows you'll probably have to replace lin...

WSN Links SQL Injection Vulnerability

Exploit for php platform in category web applications ===================================== WSN Links SQL Injection Vulnerability ===================================== I. DESCRIPTION --------------------------------------- A vulnerability exists in the search.php code that allows for SQL injectio...

JAF CMS Multiple Remote File Include and Remote Shell Command Execution Vulnerabilities

JAF CMS is prone to an shell-command-execution vulnerability and multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit the remote shell-command-execution issue to execute arbitrary shell commands in the context...

MobPartner Counter - Arbitrary File Upload

MobPartner Counter Remote File Upload Vulnerability + Author : wlhaan hacker + Email : [email protected] + Site : www.sa-hacker.com/vb + team wlhaan Hacker + Dork : "MobPartner Counter" "upload files" The exploit : http://localhost/path/upload.php edit shell shell.php.pgif Get now shell :...

Joomla RSGallery2 Backdoor

Vulnerability: Remote code execution back doors Software: RSGallery2 - Gallery Extension for Joomla! We are currently working on a new website. All files are still available at the JoomlaCode project page. Severity: Not a big deal. Joomla components contain all sorts of obfuscated junk all the...

Dokuwiki 2009-02-14 Remote/Temporary File Inclusion exploit

Exploit for unknown platform in category web applications =========================================================== Dokuwiki 2009-02-14 Remote/Temporary File Inclusion exploit =========================================================== Dokuwiki 2009-02-14 Remote/Temporary File Inclusion exploit...