1084 matches found
CVE-2008-6064
Multiple SQL injection vulnerabilities in DomPHP 0.81 allow remote attackers to execute arbitrary SQL commands via the cat parameter to agenda/index.php, and unspecified other vectors...
PT-2009-2988 · Ninja · Ninja Blog
Name of the Vulnerable Software and Affected Versions: Ninja Blog version 4.8 Description: The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the entries/index.php file when magic quotes gpc is disabled. This is achieved by using a .. dot dot i...
CVE-2009-0299
SQL injection vulnerability in index.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter...
PT-2009-2950 · Flax · Flax Article Manager
Name of the Vulnerable Software and Affected Versions: Flax Article Manager version 1.1 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the cat id parameter in the category.php file. Recommendations: For Flax Article Manager version 1.1,...
Groone's GLink Organizer (index.php cat) SQL Injection Vulnerability
No description provided by source. Groone's GLink Organizer index.php SQL Injection Vulnerability Author: nuclear download: http://www.groonesworld.com/programs/glinks/glinks.zip vuln: http://localhost/path/index.php?cat=-1 union select 1,@@version,3 %23 greetz Mi4night, cAs, zYzTeM, THEMAN, Pepe...
Sql injection
SQL injection vulnerability in diaryviewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-5923
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter...
CVE-2008-5924
SQL injection vulnerability in diaryviewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
IntelliTamper (2.07/2.08) - Language Catalog Overflow (SEH)
!usr/bin/python IntelliTamper 2.07/2.08 Language Catalog SEH Overflow Exploit. we start off the exploitation with some fuzzing to determine how many bytes before overwriting the pointer to next SEH and pointer to SEH, we will try and overwrite each address with 41414141 "AAAA" Pointer to next SEH...
Linux/x86 - execve(/bin/cat, /etc/shadow, NULL) Shellcode (42 bytes)
Linux/x86 - execve/bin/cat, /etc/shadow, NULL Shellcode 42 bytes. Shellcode exploit for Linuxx86 platform / Title: linux/x86 execve/bin/cat, /etc/shadow, NULL - 42 bytes Type: Shellcode Author: antrhacks Platform: Linux X86 / / ASSembly 31 c0 xor %eax,%eax 50 push %eax 68 2f 63 61 74 push...
CVE-2008-5524
CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a .jpg...
Design/Logic Flaw
CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a .jpg...
CVE-2008-5524
The CVE-2008-5524 entry describes a bypass of malware detection in HTML documents caused by an MZ header placement and altered file extension/filename (no extension, .txt, or .jpg) when using Internet Explorer 6/7. Affected product in the initial entry is CAT-QuickHeal 10.00 (and possibly 9.50); ...
CVE-2008-5524
CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a .jpg...
solaris/x86 setuid0, execve/bin/cat, /etc/shadow, exit0 59 bytes
solaris/x86 setuid0, execve/bin/cat, /etc/shadow, exit0 59 bytes. Shellcode exploit for solarisx86 platform / ; sm4x 2008 ; /bin/cat /etc/shadow ; 59 bytes ; SunOS sol01 5.11 snv86 i86pc i386 i86pc Solaris ; port to SunOS to pwn a b0x - thank god for that default unix CRYPTDEFAULT!!!! ; this is...
solaris/x86 setuid(0) execve(/bin/cat /etc/shadow) exit(0) 59 bytes
No description provided by source. / ; sm4x 2008 ; /bin/cat /etc/shadow ; 59 bytes ; SunOS sol01 5.11 snv86 i86pc i386 i86pc Solaris ; port to SunOS to pwn a b0x - thank god for that default unix CRYPTDEFAULT!!!! ; this is what happens when ur work takes away root pirv on a SunOS box :-/ global...
solaris/x86 setuid(0), execve(/bin/cat, /etc/shadow), exit(0) 59 bytes
Exploit for solaris/x86 platform in category shellcode ====================================================================== solaris/x86 setuid0, execve/bin/cat, /etc/shadow, exit0 59 bytes ====================================================================== / ; sm4x 2008 ; /bin/cat /etc/shado...
Unfixed XSS vulnerability at www.amalgama.cat
Security researcher xylitol, has submitted on 11/07/2008 a cross-site-scripting XSS vulnerability affecting www.amalgama.cat, which at the time of submission ranked 8683932 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/07/2008. It is...
Sql injection
SQL injection vulnerability in prod.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2008-4880...
Maran PHP Shop (prod.php cat) SQL Injection Vulnerability
No description provided by source. Maran PHP Shop prod.php cat SQL Injection Vulnerability url: http://www.maran.pamil-visions.com/maranshop.php Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose...