543 matches found
BlackBerry Z10 Authentication Bypass
--------------------------------------------------------------------- modzero Security Advisory: BlackBerry Z 10 - Storage and Access File-Exchange Authentication By-Pass MZ-13-04 ---------------------------------------------------------------------...
CyberCMS Remote SQL Injection Vuln.
No description provided by source. Exploit Title: CyberCMS Remote SQL Injection Vuln. Date: 26/11/2009 Author: hc0de | hc0de.blogspot.comhttp://hc0de.blogspot.com Software Link: http://cyberfusion.ramx.org/cyber-cms Version: app version Tested on: Ubuntu Linux 9.04 CVE : PoC: +Target:...
WordPress CevherShare Plugin 2.0 - SQL Injection
No description provided by source. = WordPress CevherShare 2.0 plugin SQL Injection Vulnerability = Bugfounder: bd0rk = Contact: bd0rkathackermail.com = Greetings: Perle, Martin K., Carsten R., x0r32 = Affected-Software: WordPress CevherShare 2.0 plugin = Vendor: http://phpkode.com/ = Download:...
Maian Gallery 2 - Local File Download Vulnerability
No description provided by source. !/usr/bin/python This vulnerability uses filegetcontents so we have some limitations, we cant execute PHP and we cant read files that the web server will interpret such as PHP, conf etc tested on: Ubuntu Linux 2.6.32 with php v5.3.2 registerglobals = Off PRIVATE...
CF Image Hosting Script 1.3.82 File Disclosure
No description provided by source. !/usr/bin/perl CF Image Hosting Script 1.3.82 File Disclosure Exploit Bugfounder and Exploitcoder: bd0rk Contact: www.sohcrew.school-of-hack.net eMail: bd0rkathackermail.com Affected-Software: CF Image Hosting Script 1.3.82 Vendor: http://www.phpkode.com Downloa...
BOOKSolved 1.2.2 - Remote File Disclosure
No description provided by source. ...BOOKSolved 1.2.2 l Remote File Disclosure Vulnerability ...Discovered by bd0rk ...Contact: bd0rkathackermail.com or follow me on twitter ...Greetz: inj3ct0r-Team, x0r32, Perle, Siber King ...Tested on: Ubuntu-Linux ...MEZ-Time: 08:17 ...Vendor:...
Contrexx Shopsystem <= 2.2 SP3 - Blind SQL Injection
No description provided by source. Exploit title: Contrexx Shopsystem Blind SQL Injection Exploit Exploit PoC: index.php?section=shop&productId=VALID productid and YOUR BLIND SQL CODE Exploit tested on: Debian 6, Ubuntu Linux 11.04 Exploit found and written by: Penguin Version: = 2.2 SP 3 Date...
PHP <= 5.3.6 shmop_read() Integer Overflow DoS
No description provided by source. ?php Exploit Title: PHP =5.3.5 Integer Overflow DoS Date: 12-03-11 Author: Jose Carlos Norte - www.rooibo.com Software Link: www.php.net Version: = 5.3.5 Tested on: Ubuntu Linux CVE : CVE-2011-1092 $shmkey = ftokFILE, 't'; $shmid = shmopopen$shmkey, c, 0644, 100...
Mozilla Firefox 3.0 - Malformed JPEG File Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29984/info Mozilla Firefox is prone to a remote denial-of-service vulnerability. Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions. This issue affects Firefox...
Ghostscript 'CCITTFax' Decoding Filter - Denial of Service Vulnerability
No description provided by source. Ghostscript is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input. Exploiting this issue allows remote attackers to crash the application and possibly to execute code, but this has not been confirmed...
WeBid <= 1.0.5 - Cross Site Scripting Vulnerabilities
No description provided by source. Exploit Title: WeBid =1.0.5 Cross Site Scripting Vulnerabilities Date: 11/17/2012 Exploit Author: Woody Hughes [email protected] Vendor Homepage: http://www.webidsupport.com Software Link:...
webid <= 1.0.5 - Directory Traversal
No description provided by source. Author: loneferret of Offensive Security Product: WeBid Version: 1.0.4 & 1.0.5 and maybe older versions Vendor Site: http://www.webidsupport.com Software Download:...
vAuthenticate 3.0.1 Authentication Bypass
No description provided by source. ----------------------------------------------------------------------- vAuthenticate 3.0.1 Auth Bypass by Cookie SQL Injection Vulnerability ----------------------------------------------------------------------- Author: bd0rk Contact: bd0rkathackermail.com Dat...
PHP Server Monitor Stored XSS
No description provided by source. Author: loneferret of Offensive Security Product: PHP Server Monitor Version: 2.0.1 and maybe older versions Google Dork: intext=Powered by PHP Server Monitor v2.0.1 yes people have made this available on the web Software Download:...
nodesforum 1.059 - Remote File Inclusion Vulnerability
No description provided by source. Exploit Title: nodesforum 1.059 Remote File Inclusion Vulnerability Google Dork: inurl: powered by Nodesforum Date: 6/23/2011 Author: bd0rk bd0rkathackermail.com Software-Download: http://home.nodesforum.com/download?file=nodesforum1.059withbbcode1.004.zip Teste...
Kordil EDMS 2.2.60rc3 - SQL Injection Vulnerability
No description provided by source. Exploit Title: Kordil EDMS v2.2.60rc3 SQL Injection Vulnerability Date: 12/05/2012 Exploit Author: Woody Hughes [email protected] Vendor Homepage: http://sourceforge.net/projects/kordiledms/ Software Link:...
phpMyRecipes 1.2.2 (viewrecipe.php, r_id param) - SQL Injection Vulnerability
No description provided by source. phpMyRecipes 1.2.2 SQL Injection Exploit By cr4wl3r http://bastardlabs.info Script: http://sourceforge.net/projects/php-myrecipes/files/ Demo: http://bastardlabs.info/demo/phpMyRecipes.png Tested: Ubuntu Linux Bugs found in viewrecipe.php $rid = $GET'rid'; if !...
openSUSE Security Update : python-apache-libcloud (openSUSE-SU-2014:0198-1)
Updated to 0.13.3 bnc857209, CVE-2013-6480 + Security fix release, for destroying nodes on digitalOcean 'datascrub' method is always invoked - Require python-setuptools instead of distribute upstreams merged - Updated to 0.13.2 - General : - Don't sent Content-Length: 0 header with POST and PUT...
CVE-2012-6648
gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different...
CVE-2012-0943
debian/guest-account in Light Display Manager lightdm 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and...