Official Debian and Python Wiki Servers Compromised

Administration from Debian and Python project official websites confirmed that their WIKI servers were compromised by some unknown hackers recently. Hackers was able to hack because of several vulnerabilities in "moin" package. According to Brian Curtin at Python Project, Hacker user some unknown...

Official Debian and Python Wiki Servers Compromised

Administration from Debian and Python project official websites confirmed that their WIKI servers were compromised by some unknown hackers recently. Hackers was able to hack because of several vulnerabilities in "moin" package. According to Brian Curtin at Python Project, Hacker user some unknown...

Oracle Database Authentication Protocol Security Bypass

Oracle Database is prone to a remote security-bypass vulnerability that affects the authentication protocol. An attacker can exploit this issue to bypass the authentication process and gain unauthorized access to the database. This vulnerability affects Oracle Database 11g Release 1 and 11g Relea...

Voy Forums Cross Site Scripting

Exploit Title: Voy Forums Cross Site Scripting Date: 29.01.2012 Author: Sony Software Link: http://www.voy.com Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/01/voy-forums-cross-site-scripting.html...

opera: Release 11.52 to fix memory corruption via SVG content (important)

This update of Opera fixes a memory flaw in the code that processes SVG content which could be exploited by attackers to execute arbitrary code through specially crafted websites...

WordPress Plugin SearchAutocomplete 1.0.8 - SQL Injection

Exploit Title: WordPress SearchAutocomplete plugin getresults"SELECT posttitle As name, ID as postid, guid AS url, 1 cnt FROM ".$wpdb-prefix."posts t WHERE poststatus='publish' and posttype='post' OR posttype='page' and postdate NOW and posttitle LIKE '%".$GET'term'."%' ORDER BY posttitle";...

N`CMS 1.1E Pre-Auth Local File Inclusion Remote Code Exploit

Exploit for php platform in category web applications !/usr/bin/python INFORMATION Exploit Title: NCMS 1.1E Pre-Auth Local File Inclusion Remote Code Exploit Date: 11/3/2011 Software link: http://bit.ly/eJAyw5 Tested on: Linux bt Version: 1.1E PHP.ini Settings: gpcmagicquotes = Off Note: The web...

N_CMS 1.1E - Local File Inclusion Remote Code

NCMS 1.1E - Local File Inclusion Remote Code !/usr/bin/python INFORMATION Exploit Title: NCMS 1.1E Pre-Auth Local File Inclusion Remote Code Exploit Date: 11/3/2011 Software link: http://bit.ly/eJAyw5 Tested on: Linux bt Version: 1.1E PHP.ini Settings: gpcmagicquotes = Off Note: The web applicati...

slickMsg 0.7-alpha Cross Site Scripting

www.eVuln.com advisory: Non-persistent XSS in slickMsg Summary: http://evuln.com/vulns/159/summary.html Details: http://evuln.com/vulns/159/description.html -----------Summary----------- eVuln ID: EV0159 Software: slickMsg Version: 0.7-alpha Critical Level: low Type: Cross Site Scripting Status:...

JDownloader Webinterface Source Code Disclosure Vulnerability

Exploit for php platform in category web applications ============================================================= JDownloader Webinterface Source Code Disclosure Vulnerability ============================================================= Exploit Title: JDownloader Webinterface Source Code...

PolyPager 1.0rc10 - FCKeditor Arbitrary File Upload

PolyPager 1.0rc10 - FCKeditor Arbitrary File Upload Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail : submitatinj3ct0r.com 1 0 0 1 1 0 I'm eidelweiss member from Inj3ct0r Team 1 1 0...

Joomla! 1.6.0 Alpha2 - Cross-Site Scripting

Joomla! 1.6.0 Alpha2 - Cross-Site Scripting Title:Joomla1.6.0-Alpha2 XSS Vulnerabilities Date: 2010-05-02 Author: mega-itec.com Software Link: http://joomlacode.org/gf/download/frsrelease/11322/45252/Joomla1.6.0-Alpha2-Full-Package.zip Version: 1.6.0-alpha2 Tested on: relevant os CVE : Code :...

Subversion svn Protocol String Parsing (CVE-2004-0413)

Subversion is a revision control system that handles svn protocol requests. A specially crafted svn request could cause svnserve, the daemon that handles svn protocol requests, to allocate insufficient heap memory and overflow the heap. It is possible for a malicious attacker to run arbitrary cod...

Knigman Shop Script Database Config Disclosure

Application Name : Knigman Shop Script Vulnerable Type : Arbitrary Database Config Disclosure Vulnerability Infection : SQL Info Get... Author : Septemb0x Script Down.& WebSite : http://knigman.net/buy.php?tovid=22764 & http://s2.dosya.tc/knigman.zip.html EXPLOIT : http://target/path/config.inc G...

Avax Vector 1.3 - avPreview.ocx ActiveX Control Buffer Overflow

Avax Vector 1.3 - avPreview.ocx ActiveX Control Buffer Overflow source: https://www.securityfocus.com/bid/35583/info Avax Vector is prone to a remote buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of an application that uses the Active...

cURL/libcURL HTTP Location:重新定向绕过安全限制漏洞

BUGTRAQ ID: 33962 CVECAN ID: CVE-2009-0037 cURL是命令行传输文件工具，支持FTP、FTPS、HTTP、HTTPS、GOPHER、TELNET、DICT、FILE和LDAP。 跟随HTTP Location:的cURL会重新定向到scp:或file:// URL，因此如果用户点击了特制的重新定向URL的话（例如libcurl客户端读取RSS源），恶意的HTTP服务器就可以覆盖或泄露任意本地文件系统的内容，或执行任意命令。 Daniel Stenberg curl 5.11 - 7.19.3 厂商补丁： Daniel Stenberg...

lastRSS autoposting bot MOD 0.1.3 - 'phpbb_root_path' Remote File Inclusion

source: https://www.securityfocus.com/bid/33843/info lastRSS autoposting bot MOD is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP co...

minigal-disclose.txt

...

X10media Mp3 Search Engine 1.6 - Remote File Disclosure

THUNDER X10media Mp3 Search Engine v1.5.5 - 1.6 Remote File Disclosure Vulnerability Founded by : THUNDER Dork: "This search engine is in no way intended for illegal downloads. " File : Download.php =========================================================================================== to rea...

evisioncms-lfi.txt

starting; $exploit-isvulnerable$domain; $exploit-exploiting$domain,$mymode;...