iShopCart vGetPost() Remote Buffer Overflow Exploit (cgi)

No description provided by source. / Creator: K-sPecial xzziroz.net of .aware awarenetwork.org Name: ishopcart-cgi-bof.c = easy-scart6.c Date: 5/25/2006 Version: 1.00 5/25/2006 - ishopcart-cgi-bof.c created Description: there is an overflow in the vGetPost function, it does not do any size checki...

iShopCart - 'vGetPost()' Remote Buffer Overflow (CGI)

/ Creator: K-sPecial xzziroz.net of .aware awarenetwork.org Name: ishopcart-cgi-bof.c include include include include include include include include define PORT 80 define CBPORT 31337 define IPOFFSET 33 + 13 define PORTOFFSET 39 + 13 // + 13 to these for the new forking mod added to cb define...

CVE-2006-2743

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with modmime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory...

CVE-2006-2743

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with modmime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory...

CVE-2006-2743

CVE-2006-2743 concerns Drupal 4.6.x (pre-4.6.7) and 4.7.0, running on Apache with mod_mime. The flaw: files with multiple extensions are not handled properly, allowing remote attackers to upload, modify, or execute arbitrary files in Drupal’s files directory. Connected references confirm this CVE...

Write-up by Amit Klein: "IE + some popular forward proxy servers = XSS, defacement (browser cache poisoning)"

IE + some popular forward proxy servers = XSS, defacement browser cache poisoning Or "Exploiting the XmlHttpRequest object in IE" part II Amit Klein, May 2006 Preface ======= When I published my Exploiting the XmlHttpRequest object in IE - Referrer spoofing and a lot more..." 1 paper, I only...

Code injection

Coppermine galleries before 1.4.6, when running on Apache with modmime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions...

CVE-2006-2514

Coppermine galleries before 1.4.6, when running on Apache with modmime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions...

CVE-2006-2514

CVE-2006-2514 affects Coppermine galleries prior to version 1.4.6 when run on Apache with the mod_mime module. The vulnerability allows remote attackers to upload arbitrary files by using a filename containing multiple extensions, enabling potential arbitrary file upload. The core issue is the ha...

CVE-2006-2514

Coppermine galleries before 1.4.6, when running on Apache with modmime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions...

deluxebb.txt

!/usr/bin/php -q -d shortopentag=on ? echo "DeluxeBB = v1.06 attachment modmime exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "tested & working against a fresh deluxebb installation\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host...

coppermine -- Multiple File Extensions Vulnerability

Secunia reports: Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of file uploads where a filename has multiple file extensions. This can be exploited to upload...

XOOPS <= 2.0.13.2 xoopsOption[nocommon] Remote Exploit

Exploit for unknown platform in category web applications ====================================================== XOOPS = 2.0.13.2 xoopsOptionnocommon Remote Exploit ====================================================== !/usr/bin/php -q -d shortopentag=on ? echo "XOOPS = 2.0.13.2...

XOOPS 2.0.13.2 - &#039;xoopsOption[nocommon]&#039; Remote Command Execution

!/usr/bin/php -q -d shortopentag=on ? echo "XOOPS = 2.0.13.2 'xoopsOptionnocommon' exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; / works with: magicquotesgpc = Off registerglobals = On / if $argc4 echo "Usage: php ".$argv0." host path cm...

phpListPro 2.0.1 - &#039;Language&#039; Remote Code Execution

!/usr/bin/perl Title: phpListPro = 2.0.1 Remote Command Execution Exploit URL: http://www.smartisoft.com/ Info: - arbitrary local inclusion - need magicquotesgpc=off use IO::Socket; use LWP::Simple; ripped from rgod @apache= "/var/log/httpd/accesslog%00", "/var/log/httpd/errorlog%00",...

drupal -- multiple vulnerabilities

The Drupal team reports: Vulnerability: SQL injection A security vulnerability in the database layer allowed certain queries to be submitted to the database without going through Drupal's query sanitizer. Vulnerability: Execution of arbitrary files Certain -- alas, typical -- configurations of...

DeluxeBB 1.06 - Attachment mod_mime Remote Command Execution

DeluxeBB 1.06 - Attachment modmime Remote Command Execution !/usr/bin/php -q -d shortopentag=on ? echo "DeluxeBB = v1.06 attachment modmime exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "tested & working against a fresh deluxebb...

DeluxeBB &lt;= 1.06 (Attachment mod_mime) Remote Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "DeluxeBB = v1.06 attachment modmime exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "tested & working against a fresh deluxebb installation\r\n\r\n"; if $argc4...

DeluxeBB 1.06 - &#039;Attachment mod_mime&#039; Remote Command Execution

!/usr/bin/php -q -d shortopentag=on ? echo "DeluxeBB = v1.06 attachment modmime exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "tested & working against a fresh deluxebb installation\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host...

DeluxeBB <= 1.06 (Attachment mod_mime) Remote Exploit

Exploit for unknown platform in category web applications ===================================================== DeluxeBB = 1.06 Attachment modmime Remote Exploit ===================================================== !/usr/bin/php -q -d shortopentag=on ? echo "DeluxeBB = v1.06 attachment modmime...