Archie Exploit Kit Landing Page Code Execution

Archie exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with Archie exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution o...

Pacific Software Carello 1.2.1 File Duplication and Source Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1245/info A remote user can gain read and write access on a target machine running Carello shopping cart software. First, a user may create a duplicate of a known file in a known directory on the target host through add.e...

Flicks Software AuthentiX 6.3b1 - 'username' Parameter Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/28040/info Flicks Software AuthentiX is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script...

Image Racer SearchResults.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25010/info Image Racer is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise t...

NUVICO DVR NVDV4 / PdvrAtl Module (PdvrAtl.DLL 1.0.1.25) - BoF Exploit

No description provided by source. !-- NUVICO DVR NVDV4 / PdvrAtl Module PdvrAtl.DLL 1.0.1.25 remote heap overflow exploit IE7/XP SP2 check a camera demo here: http://www.2mcctv.com/2mdemo.php codebase: http://www.dvrstation.com/pdvratl.php?vendor=0 rgod ///////////////////////////////...

Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute

No description provided by source. $Id: ciscoanyconnectexec.rb 12872 2011-06-06 20:15:51Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

VBulletin 1.0.1 lite/2.x/3.0 /admincp/user.php email Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues t...

Blog Manager inc_webblogmanager.asp ItemID Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/33314/info DMXReady Blog Manager is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues coul...

ASPNuke 0.80 register.asp Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14062/info ASPNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to...

Vignette StoryServer 4.1 Sensitive Stack Memory Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7296/info It has been reported that Vignette StoryServer, under some circumstances may reveal stack memory content. If a specially crafted request is made for a page that accepts user-supplied data an error state may be...

PHPLive! 3.2.2 'request.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35718/info PHPLive! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

Sulata iSoft (stream.php) Local File Disclosure Exploit

No description provided by source. ========================================================= Sulata iSoft stream.php Local File Disclosure Exploit ========================================================= Exploit Title : Sulata iSoft developer by Rizwan Azam you look site.com/about.php Date : 10...

LDAP Injection PoC

No description provided by source. + Vurnerebility: LDAP Injection + Category : Implemented Web exploit + Category : Attack Technique + Author : mc2s3lector + dork : X/o\ + Contact : www.yogyacarderlink.web.id + date : 4-2-10 + biGthank to : Allah SWT,jasakom,KeDai Computerworks,0n3-d4y...

Infinity Exploit Kit Landing Page (CVE-2013-1347; CVE-2013-2423; CVE-2013-2465; CVE-2014-0322; CVE-2014-0502; CVE-2014-1776)

Infinity is a web exploit kit that operates by delivering a malicious payload to the victim's computer. Remote attackers can infect users with Infinity exploit kit by enticing them to visit a malicious web page. Infinity Exploit Kit installs payloads on infected computer, which could result in da...

g01pack Exploit Kit Remote Code Execution

g01pack exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with g01pack exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to download additional malware t...

BlackHole Toolkit URL Pattern Remote Code Execution

BlackHole is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with BlackHole by enticing them to visit a specially crafted link...

eshtery CMS 'FileManager.aspx'本地文件泄漏漏洞

Bugtraq ID:65740 CVE ID:CVE-2014-2069 eshtery CMS是一款内容管理系统。 eshtery CMS不正确过滤用户的输入，允许远程攻击者利用漏洞提交请求读取系统任意文件内容。 0 eshtery CMS 目前没有详细解决方案提供： http://eshtery.she7ata.com/projects/eshtery/ http://www.example.com/path/FileManager.aspx?file=E:\web\admin.asp...

Jorjweb - id SQL Injection

Jorjweb - id SQL Injection source: https://www.securityfocus.com/bid/66377/info Jorjweb is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit will allow an attacker to compromise the applicatio...

BlackHole Toolkit v2 JAVA Payload Stage Code Execution (CVE-2012-0507; CVE-2012-1723; CVE-2013-0422; CVE-2013-0431; CVE-2013-1493)

BlackHole is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with BlackHole by enticing them to visit a malicious web page. Successful infection will allow the attacker to download additional malware to the target...

BlackHole Toolkit v2 EXE Payload Stage Code Execution

Blackhole is a web exploit kit that operates by delivering malicious payload to the victim's computer...