artmedic_links5 remote file access exploit

You can read details of this vulnerability here: http://www.securityfocus.com/archive/1/367144 Very simple source of exploit, enjoy. / artmediclinks5 remote file access exploit Adam Simuntis [email protected] / include stdio.h include stdlib.h include arpa/inet.h include sys/types.h include sys/socket.h...

phpbb2013SQL.txt

heres a update of the paper: phpBB 2.0.13 = downloads.php Mod SQL injection www.batznet.com Discussion: -------------------- This exploit makes it possible to insert SQL Code through downloads.php Bug: -------------------- http://www.phpbb.de/downloads.php?cat=batz Spits out an error msg: Could n...

phpBB 2.0.12 - Session Handling Authentication Bypass

phpBB 2.0.12 - Session Handling Authentication Bypass phpBB 2.0.12 Session Handling Authentication Bypass .. easy to use exploit .. YOU DON'T HAVE TO REGISTER AT THE VICTIM'S FORUM.. 1- Simply VISIT the forum using Mozilla Firefox.. and be sure that the cookie is made : 3- Close the Browser .. 2-...

Einstein <= 1.01 Local Password Disclosure Exploit

Exploit for unknown platform in category local exploits ================================================== Einstein include HKEY hKey; define BUFSIZE 100 char usernameBUFSIZE, passwordBUFSIZE; DWORD dwBufLen=BUFSIZE; LONG lRet; int mainvoid ifRegOpenKeyExHKEYLOCALMACHINE,"Software\einstein", 0,...

HP-UX PHNE_30224 : HP-UX sendmail, Remote Unauthorized Privileged Access (HPSBUX00281 SSRT3631 rev.11)

s700800 11.04 VVOS sendmail1m 8.9.3 patch : A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. %NASLMINLEVEL 70300 C Tenable...

CVE-2005-0192

Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 6.0.12.1040 and earlier allows remote attackers to read arbitrary files via a .. dot dot in an RJS filename...

[SECURITY] [DSA 660-1] New kdebase packages fix authentication bypass

-------------------------------------------------------------------------- Debian Security Advisory DSA 660-1 [email protected] http://www.debian.org/security/ Martin Schulze January 26th, 2005 http://www.debian.org/security/faq -...

YardRadius process_menu Function Remote Buffer Overflow

The remote host appears to be running YARD RADIUS 1.0.20 or older. This version is vulnerable to a buffer overflow that allows a remote attacker to execute arbitrary code in the context of the RADIUS server. It is likely that this check made the remote RADIUS server crash C Tenable Network...

Debian DSA-172-1 : tkmail - insecure temporary files

It has been discovered that tkmail creates temporary files insecurely. Exploiting this an attacker with local access can easily create and overwrite files as another user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...

Debian DSA-438-1 : linux-kernel-2.4.18-alpha+i386+powerpc - missing function return value check

Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap2 system call. Due to missing function return value check of internal functions a local attacker can gain root privileges. %NASLMINLEVEL 70300 C...

Artmedic Webdesign Kleinanzeigen Script - Remote File Inclusion

Artmedic Webdesign Kleinanzeigen Script - Remote File Inclusion / source: https://www.securityfocus.com/bid/10746/info Kleinanzeigen is prone to a file include vulnerability. This issue could allow a remote attacker to include malicious files containing arbitrary code to be executed on a vulnerab...

Solaris 2.6 (x86) : 108493-01

SunOS 5.6x86: Snoop may be exploited to gain root access. Date this patch was last updated by Sun : Dec/07/99 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security,...

Solaris 2.6 (sparc) : 108492-01

SunOS 5.6: Snoop may be exploited to gain root access. Date this patch was last updated by Sun : Dec/07/99 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc...

Easy Chat Server 1.x - Multiple Denial of Service Vulnerabilities

source: https://www.securityfocus.com/bid/10649/info It is reported that Easy Chat Server is susceptible to multiple denial of service vulnerabilities. The chat software is implemented as a web server serving a chat web application to clients. The software is reported to contain two denial of...

Roundup 0.5/0.6 - Remote File Disclosure

source: https://www.securityfocus.com/bid/10495/info Roundup is prone to a remote file disclosure vulnerability. A remote user can disclose files on a vulnerable computer by using the /home/@@file/ prefix and '../' directory traversal sequences. This vulnerability affects Roundup 0.6.11 and prior...

PHP-Nuke 5.x/6.x/7.x - Direct Script Access Security Bypass

source: https://www.securityfocus.com/bid/10447/info PHP-Nuke is affected by a direct script access security vulnerability. This issue is due to a failure to properly validate the location and name of the file being accessed. This issue will allow an attacker to gain access to sensitive scripts...

ADA IMGSVR 0.4 - Arbitrary File Download

ADA IMGSVR 0.4 - Arbitrary File Download source: https://www.securityfocus.com/bid/10027/info A vulnerability has been reported in the ImgSvr server software that may allow a remote user to the retrieve arbitrary files from the web server root directory and any subdirectories therein. An attacker...

[Full-Disclosure] Confixx 2.0.xx SQL_Injections and reading MySQL Root-PW

SQL-Injections in Confixx 2.0.xx // reading MySQL Root-PW include"auth.php"; dbconnect$dbhost, $dbuser, $dbpass; $id = dbquery"select countdatenbank as mysql from mysqldatenbanken where kunde = '$PHPAUTHUSER'"; $werte = dbfetcharray$id; $mysql = $werte"mysql"; $id = dbquery"select dbname from...

PWebServer 0.3.x - Directory Traversal

PWebServer 0.3.x - Directory Traversal source: https://www.securityfocus.com/bid/9817/info It has been reported that PWebServer is prone to a remote directory traversal vulnerability. This issue is due to a failure of the server process to properly filter user supplied URI requests. Information...

BolinTech DreamFTP Server 1.2 (1.02TryFTP 1.0.0.1) - Remote User Name Format String

BolinTech DreamFTP Server 1.2 1.02TryFTP 1.0.0.1 - Remote User Name Format String include include include include // WIN NT/2K/XP cmd.exe shellcode // kernel32.dll baseaddress calculation: OS/SP-independent // string-save: 00, 0a and 0d free. // portbinding: port 28876 // looping: reconnect after...