117 matches found
FHFS - FTPHTTP File Server 2.1.2 Remote Command Execution
FHFS - FTPHTTP File Server 2.1.2 Remote Command Execution !/usr/bin/python FHFS - FTP/HTTP File Server 2.1.2 Remote Command Execution Author: Naser Farhadi Date: 26 August 2015 Version: 2.1.2 Tested on: Windows 7 SP1 32 bit Link : http://sourceforge.net/projects/fhfs/ Description : FHFS is a FTP...
SupportEzzy Ticket System WordPress Plugin Stored XSS Vulnerability
SupportEzzy is an elegant support tickets system and faqs portal for WordPress. This is a stand-alone AngularJS app which runs on a single WordPress page of your website. This app does not interfere with your existing theme and plugins and will work with any kind of WordPress website. You can use...
Cart Engine 3.0 XSS / Open Redirect / SQL Injection
=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...
ibProArcade <= 3.3.0 - Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl ibProArcade = v3.3.0 sql injection exploit coded by 1dt.w0lf RST/GHC THIS IS UNPUBLISHED RST/GHC EXPLOIT CODE KEEP IT PRIVATE use Tk; use Tk::BrowseEntry; use Tk::DialogBox; use LWP::UserAgent; BEGIN if$^O eq 'MSWin32' require Win32::Console;...
XML-Sitemaps.com Sitemap Generator 6.0 Cross Site Scripting
XML-Sitemaps.com Sitemap Generator Date: 2nd July 2013 Author: Christy Philip Mathew www.offcon.org Vendor or Software Link: http://www.xml-sitemaps.com/generator-demo/ Version : 6.0 XSS Vulnerability a Configuration Miscellaneous Settings Send email notifications: Update the email to [email protected]" b...
CVE-2013-3383
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID CSCzv69294...
Twister Peer-To-Peer Microblogging Information Disclosure
======================================================================== TWISTER Peer-To-Peer microblogging Multiples Application Error Message and disclosing sensitive information ======================================================================== TIME-LINE VULNERABILITY Multiples Advisorie...
WebEmlak Real Estate Cross Site Scripting
Exploit Title: WebEmlak Real Estate Script Stored XSS Date: 2011 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr ISSUE Cross Site Scripting can be done using the URL input Vulnerable Page: index.php Example: index.php/ Exploit:...
RealPlayer: URL unescape buffer overflow
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a URL argument containing a % percent...
Debian Security Advisory DSA 1560-1 (kronolith2)
The remote host is missing an update to kronolith2 announced via advisory DSA 1560-1. OpenVAS Vulnerability Test $Id: deb15601.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1560-1 kronolith2 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
Picture Rating 1.0 Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl -- Picture Rating 1.0 Blind SQL Injection Exploit -- -Info/Instructions- After running this perl script, you will have admin details therefore you will be able to login to the admin area at http://site.com/control/ ok once you have logged in has...
awstats -- multiple XSS vulnerabilities
Secunia reports: Morgan Todd has discovered a vulnerability in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed in the URL to awstats.pl is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary...
QQ Traveler vulnerability analysis and exploit(0day)-vulnerability warning-the black bar safety net
Vulnerability overview Tencent TTQQ Traveleris a multi-page browser has a friendly user interface, offers a variety of skin for the user based on personal preferences, in addition TT is a new more user-friendly features that make surfing the Internet more easily and freely, saving time and effort...
SOL6592 - Cross-Site Scripting vulnerability in the logon page
A cross-site scripting XSS vulnerability exists in the FirePass logon page. The affected FirePass logout URL fails to fully sanitize URL input before the web page content is sent to the browser. It is possible for an attacker to create web pages or emails with URLs that include executable code or...
Internet Download Manager <= 4.05 Input URL Stack Overflow Exploit
No description provided by source. / Title : Internet Download Manager = 4.05 universal remote overflow Exploit bug analyse and exploit code by : c0d3r "Kaveh Razavi" [email protected] my advisory : http://www.ihsteam.com/advisory/downloadmanageradv.txt this bug is differnt from what was found in...
ibrow NewsDesk does not securely handle input passed to open()
Overview A vulnerability in ibrow NewsDesk allows an attacker to view files and execute operating system commands with the privileges of the web server. Description ibrow NewsDesk is a Perl CGI script that is designed to create and display news articles on a web site. The code for NewsDesk is...
CVE-1999-0844
Denial of service in MDaemon WorldClient and WebConfig services via a long URL...