RevokeBB <= 1.0 RC4 - Blind SQL Injection / Hash Retrieve Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo ------------------------------------------------------------- RevokeBB = 1.0 RC4 Blind SQL Injection / Hash Retrieve Exploit Site: http://www.revokesoft.net by BlackHawk [email protected]...

Fengcms SQL injection &amp; 读取任意文件漏洞

简要描述： Fengcms SQL injection & 读任意文件 & XSS。 详细说明： Searchcontrol 中。 if!empty$POST ifURLTYPE==1 echo ''; else echo ''; else 直接输出了 $POST‘tags’ 可以反射xss了。 在downcontrol 中 $GET'file'=base64decode$GET'file'; iffileexistsROOTPATH.$GET'file' header"Content-Type: application/force-download";...

WordPress AdRotate plugin <= 3.6.6 - SQL Injection

No description provided by source. Exploit Title: WordPress AdRotate plugin = 3.6.6 SQL Injection Vulnerability Date: 2011-11-8 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/adrotate.3.6.6.zip Version: 3.6.6 tested Note:...

metinfo enterprise website management system SQL injection vulnerability-vulnerability warning-the black bar safety net

Brief description: metinfo enterprise website management systemSQL injectionvulnerability Detailed description: member/getpassword. php with admin/admin/getpassword. php file if$p $array = explode'.', base64decode$p; $sql="SELECT FROM $metadmintable WHERE adminid='".$ array0."'"; $sqlarray =...

PHP-Charts 1.0 - index.php?type Remote Code Execution

PHP-Charts 1.0 - index.php?type Remote Code Execution !/usr/bin/python Original Advisory came from: http://packetstormsecurity.com/files/119582/PHP-Charts-1.0-Code-Execution.html infodox - insecurety.net import requests import random import threading import sys def genpayloadhost, port: """ Perl...

Novell Zenworks Mobile Device Management Local File Inclusion

This Metasploit module attempts to gain remote code execution on a server running Novell Zenworks Mobile Device Management. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on...

DataLife Engine preview.php PHP Code Injection

This module exploits a PHP code injection vulnerability DataLife Engine 9.7. The vulnerability exists in preview.php, due to an insecure usage of pregreplace with the e modifier, which allows to inject arbitrary php code, when there is a template installed which contains a catlist or not-catlist...

Active Collab "chat module" Remote PHP Code Injection Exploit

This module exploits an arbitrary code injection vulnerability in the chat module that is part of Active Collab versions 2.3.8 and earlier by abusing a pregreplace using the /e modifier and its replacement string using double quotes. The vulnerable function can be found in...

Discuz! X2 SQL injection vulnerability 0day-vulnerability warning-the black bar safety net

File: source\module\forum\forumattachment.php if! defined'INDISCUZ' exit'Access Denied'; define'NOROBOT', TRUE; @list$G'gpaid', $G'gpk', $G'gpt', $G'gpuid', $G'gptableid' = explode'|', base64decode$G'gpaid'; if! empty$G'gpfindpost' && $attach = DB::fetchfirst"SELECT pid, tid FROM ". DB::table...

FreeBSD Ports: lighttpd

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2011-4362

Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...

CVE-2011-4362

Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...

CVE-2011-4362

Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...

CVE-2011-4362

Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...

CVE-2011-4362

CVE-2011-4362 affects lighttpd: a signedness error in the base64_decode routine used by HTTP authentication (http_auth.c) can trigger an out-of-bounds read with a negative index, allowing a remote attacker to cause a denial of service (segmentation fault). Impacted versions are lighttpd 1.4 befor...

lighttpd -- remote DoS in HTTP authentication

US-CERT/NIST reports: Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that...

Discuz! X2远程SQL注入漏洞

Discuz! X2在处理请求数据时存在SQL注入漏洞，远程攻击者可利用此漏洞非授权操作数据库。 漏洞存在于如下代码中： if!defined'INDISCUZ' exit'Access Denied'; define'NOROBOT', TRUE; @list$G'gpaid', $G'gpk', $G'gpt', $G'gpuid', $G'gptableid' = explode'|', base64decode$G'gpaid'; if!empty$G'gpfindpost' && $attach = DB::fetchfirst"SELECT pid, tid FROM...

Discuz! X2 SQL注射漏洞

简要描述： Discuz! X2 SQL注射漏洞，支持Union 详细说明： 文件：source\module\forum\forumattachment.php if!defined'INDISCUZ' exit'Access Denied'; define'NOROBOT', TRUE; @list$G'gpaid', $G'gpk', $G'gpt', $G'gpuid', $G'gptableid' = explode'|', base64decode$G'gpaid'; if!empty$G'gpfindpost' && $attach =...

MetInfo 3.0 PHP Code Injection Vulnerability

Exploit for php platform in category web applications ============================================ MetInfo 3.0 PHP Code Injection Vulnerability ============================================ Exploit Title£ºMetInfo 3.0 PHP Code Injection Vulnerability Date:2010-10-31 Author£ºlinux520.com...

RoSPORA 1.5.0 - Remote PHP Code Injection

RoSPORA 1.5.0 - Remote PHP Code Injection '; 671. $link=$SERVER'PHPSELF'."?f=".$flag."&s="; 672. 673. if !empty$plarray 674. 675. usort$plarray, createfunction'$a, $b', 'if $a'.$sort.' == $b'.$sort.' return 0; if $a'.$sort.' '.$sorttype.' $b'.$sort.' return -1; return 1;'; 676. Input parameter...