Apache Struts Remote Command Execution

This module exploits a remote command execution vulnerability in Apache Struts versions 'Apache Struts Remote Command Execution', 'Description' = %q This module exploits a remote command execution vulnerability in Apache Struts versions...

Fixed XSS vulnerability at www.entegreharc.com.tr

Security researcher CMD, has submitted on 25/02/2012 a cross-site-scripting XSS vulnerability affecting www.entegreharc.com.tr, which at the time of submission ranked 7322738 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/03/2015. It is...

Fixed XSS vulnerability at www.abcgdd.com

Security researcher CMD, has submitted on 25/02/2012 a cross-site-scripting XSS vulnerability affecting www.abcgdd.com, which at the time of submission ranked 18195695 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/03/2015. It is currently...

vBSEO <= 3.6.0 "proc_deutf()" Remote PHP Code Injection Exploit

Exploit for php platform in category web applications require 'msf/core' class Metasploit3 'vBSEO %q This module exploits a vulnerability in the 'procdeutf' function defined in /includes/functionsvbseocpabstract.php. User input passed through 'charrepl' POST parameter isn't properly sanitized...

Plone and Zope Remote CMD Injection Exploit

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Plone and Zope...

DEBIAN-CVE-2011-4075

The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter aka sortby variable in a queryengine action to cmd.php, as exploited in the wild in October 2011...

VulnCheck KEV: CVE-2011-4075

The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter aka sortby variable in a queryengine action to cmd.php, as exploited in the wild in October 2011...

phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (Metasploit) (2)

$Id: phpldapadminqueryengine.rb 14060 2011-10-25 05:25:39Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

serv-u latest pass to kill all versions of 0day-vulnerability warning-the black bar safety net

serv-u latest pass to kill all versions provide the right code. 1 0. x can also mention that yesterday I success 1 1 version, Do not directly add the system account or to execute commands, with the Add FTP account in the CMD the following connection right. Or error-prone. EXP: style type="text/cs...

BisonFTP Server v3.5 (MKD) Remote BOF and Crash

Exploit for windows platform in category remote exploits 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0...

Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability

$Id: osbunamejlist.rb 13591 2011-08-19 18:35:29Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Symantec System Alert Management System (hndlrsvc.exe) Command Exec

Exploit for windows platform in category remote exploits $Id: amshndlrsvc.rb 13591 2011-08-19 18:35:29Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensi...

[Заметка] SSI Web shell

1. Введение В данной заметке я рассмотрю примеры использования SSI, для обхода ограничений php в частности. 2. Теория SSI Server Side Includes — включения на стороне сервера — несложный язык для динамической «сборки» веб-страниц на сервере из отдельных составных частей и выдачи клиенту...

CVE-2011-2750

NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD...

CVE-2011-2750

NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD...

Word List Builder Buffer Overflow Exploit (SEH)

No description provided by source. Exploit Title: Word List Builder Buffer Overflow ExploitSEH Software Link: http://download.cnet.com/Word-List-Builder/3000-185414-10398336.html Version: 1.0 triggering details : open .dic file Tested on: Win XP SP3 French Date: 31/03/2011 Author: h1ch4m Hicham...

SAP Player 0.9 Buffer Overflow

SAP Player 0.9 .m3u universal Diret ret version Author Abhishek Sahni - abhil00703atgmaildotcom, infoataslitsecuritydotcom Web - http://www.aslitsecurity.com/ Blog - http://www.aslitsecurity.blogspot.com/ Download Vulnerable application from http://www.sorinara.com/sap/sap09.exe Vulnerable versio...

Windows Executable Download and Evaluate VBS

Downloads a file from an HTTPS URL and executes it as a vbs script. Use it to stage a vbs encoded payload from a short command line. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize =...

Remote Procedure Call Service - MSF Buffer Overflow

Document Title: =============== Remote Procedure Call Service - MSF Buffer Overflow References: =========== Download: http://www.vulnerability-lab.com/resources/videos/24.wmv View: http://www.youtube.com/watch?v=VD9-mj6Y5BI Release Date: ============= 2011-06-10 Vulnerability Laboratory ID VL-ID:...

Nmap NSE net: domcon-cmd

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...