Minigal b13 (index.php list) Remote File Disclosure Exploit

Exploit for unknown platform in category web applications =========================================================== Minigal b13 index.php list Remote File Disclosure Exploit =========================================================== ?php settimelimit0; function findpass$data $pass =...

linux/x86 setuid(0) & execve(/bin/sh,0,0) shellcode 27 bytes

No description provided by source. ----------- C Source Code ----------- / Smallest GNU/Linux x86 setuid0 && execve"/bin/sh",0,0 Shellcode without NULLs Coded by Chema Garcia aka sch3m4 + [email protected] + http://opensec.es Shellcode Size: 27 bytes Date: 13/11/2008 / include stdio.h const char...

CVE-2008-4955

freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/-.pid, 2 /tmp/freevo-gdb, 3 /tmp/freevo-gdb.sh, and 4 /tmp/.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code...

persiabme-sql.txt

www.BugReport.ir AmnPardaz Security Research Team Title: Persia BME E-Catalogue SQL Injection Vulnerability Vendor: http://www.persiabme.com/products/ Impact: High Fix: N/A Original Advisory: http://www.bugreport.ir/index55.htm 1. Description: Persia BME E-Catalogue is a powerful engine which...

Webshell under to crack computer administrator password-vulnerability warning-the black bar safety net

Information source: evil octal information security team www.eviloctal.com） This idea derived from previous studies runas command when inspired. Method of use: 1, The your password dictionary was renamed into the psw. txt, upload to the target server is an executable, writable directory. It is...

Ipswitch WhatsUp Professional Multiple Vulnerabilities

The remote web server is affected by multiple flaws. Description : The remote host appears to be running Ipswitch WhatsUp Professional, which is used to monitor states of applications, services and hosts. The version of WhatsUp Professional installed on the remote host is prone to multiple issues...

Ipswitch WhatsUp Professional Multiple Vulnerabilities

Deprecated since it didn SPDX-FileCopyrightText: 2008 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.80068";...

Access online decryption[PHP source code]-vulnerability warning-the black bar safety net

You can only decrypt 2 0 0 0 or 9 7 MDB file ? /site:/ /If reproduced please retain this information / /by:7jdg QQ:7 2 5 9 5 6 1 / $file=$FILES'uploadfile''tmpname'; $oldname =$FILES'uploadfile''name'; $ext =via strtolowersubstrstrrchr$oldname, '.', 1; if $file if $ext != "the mdb" echo "your pas...

ParsaWeb CMS SQL Injection

www.BugReport.ir AmnPardaz Security Research Team Title: ParsaWeb CMS SQL Injection Vendor: http://www.parsagostar.com Demo: http://cms.parsagostar.com/ Exploit: Available Impact: High Fix: N/A Original advisory: http://www.bugreport.ir/index53.htm 1. Description: ParsaWeb is a commercial ASP.NET...

ParsaWeb CMS (Search) Remote SQL Injection Vulnerability

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: ParsaWeb CMS SQL Injection Vendor: http://www.parsagostar.com Demo: http://cms.parsagostar.com/ Exploit: Available Impact: High Fix: N/A Original advisory: http://www.bugreport.ir/index53.htm 1. Descriptio...

Gentoo Security Advisory GLSA 200804-19 (php-toolkit)

The remote host is missing updates announced in advisory GLSA 200804-19. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

[MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues

MajorSecurity Advisory 53BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues Details ======= Product: BLUEPAGE CMS Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.bluepage-cms.com/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered b...

Gentoo Security Advisory GLSA 200804-19 (php-toolkit)

The remote host is missing updates announced in advisory GLSA 200804-19. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

major_rls53.txt

MajorSecurity Advisory 53BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues Details ======= Product: BLUEPAGE CMS Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.bluepage-cms.com/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered b...

Attachmax Dolphin <= 2.1.0 Multiple Remote Vulnerabilities

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV101$2008 ----------------------------------------------------------------------------------------- ECHOADV101$2008 Attachmax Dolphin = 2.1.0 Multiple Vulnerability...

Attachmax Dolphin <= 2.1.0 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ========================================================== Attachmax Dolphin = 2.1.0 Multiple Remote Vulnerabilities ==========================================================...

Attachmax Dolphin 2.1.0 - Multiple Vulnerabilities

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV101$2008 ----------------------------------------------------------------------------------------- ECHOADV101$2008 Attachmax Dolphin = 2.1.0 Multiple Vulnerability...

Masir Camp E-Shop Module <= 3.0 (ordercode) SQL Injection Vuln

Exploit for unknown platform in category web applications ============================================================== Masir Camp E-Shop Module = 3.0 ordercode SQL Injection Vuln ============================================================== Title: Masir Camp E-Shop Module = 3.0 SQL Injection...

eWebEditorNet upload.aspx 上传漏洞

WebEditorNet 主要是一个upload.aspx文件存在上传漏洞。 form id="post" encType="server" "uploadfile" style="file" size="uploadfile" runat= "lbtnUpload" runat= "JavaScript" 只是简单的对ID进行验证,只要构造javascript:lbtnUpload.click;满足条件达到上传木马的效果。成功以后查看源代码 a "lbtnUpload" "javascript:doPostBack'lbtnUpload',''"/script 'javascript'...

Embedthis GoAhead < 2.1.8 Script Source Code Disclosure Vulnerability - Active Check

Embedthis GoAhead is prone to a script source code disclosure vulnerability. SPDX-FileCopyrightText: 2008 Ferdy Riphagen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...