WebAPP v0.9.9.2.1 Remote Command Execution Exploit (2nd updated)

No description provided by source. ?php WebAPP v0.9.9.2.1 Remote Command Execution Exploit Code by Nikyt0x [email protected] Advisory: www.defacers.com.mx/advisories/3.txt Saludos: Soulblack Staff, Status-x, NeosecurityTeam, KingMetal, Trespasser... sbwebapp.php www.host.com /dirto/apage.cgi...

AWStats 5.7 < 6.2 - Multiple Remote s

/ Awstats exploit "shell" code by omin0us omin0us208 at gmail dot com dtors security group .: http://dtors.ath.cx :. Vulnerability reported by iDEFENSE pluginmode bug has been found by GHC team. The awstats exploit that was discovered allows a user to execute arbitrary commands on the remote serv...

phpBB <= 2.0.10 Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl use IO::Socket; @@@@@@@ @@@ @@@ @@@@@@ @@@ @@@ @@! @@@ @@! @@@ !@@ @@! @@@ @!@!!@! @!@ !@! !@@!! @!@!@!@! !!: :!! !!: !!! !:! !!: !!! : : : :.:: : ::.: : : : : phpBB = 2.0.10 remote commands exec exploit based on...

CVE-2003-0023

The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu...

AWStats 5.0 6.3 - logfile File Inclusion Command Execution

AWStats 5.0 6.3 - logfile File Inclusion Command Execution Example: http://target/awstats.pl?filterrawlog=&rawlogmaxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&log file=/etc/passwd...

Microsoft Internet Explorer - Remote Application.Shell

function InjectedDuringRedirection showModalDialog'md.htm',window,"dialogTop:-10000;dialogLeft:-10000;dialogHeight:1; dialogWidth:1;".location="vbscript:"""; setTimeout"myiframe.execScriptInjectedDuringRedirection.toString",100; setTimeout"myiframe.execScript'InjectedDuringRedirection' ",101;...

PHPX 3.x - images.php Cross-Site Request Forgery Arbitrary Command Execution

PHPX 3.x - images.php Cross-Site Request Forgery Arbitrary Command Execution source: https://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properl...

WU-FTPD 2.6.2 - Remote Command Execution

WU-FTPD 2.6.2 - Remote Command Execution / wu-ftpd v2.6.2 off-by-one remote 0day exploit. exploit by "you dong-hun"Xpl017Elz, . Update: v0.0.2 August 2, I added wu-ftpd-2.6.2, 2.6.0, 2.6.1 finally. v0.0.3 August 3, Brute-Force function addition. v0.0.4 August 4, Added FreeBSD, OpenBSD version...

WU-FTPD 2.6.2 - Off-by-One Remote Command Execution

/ wu-ftpd v2.6.2 off-by-one remote 0day exploit. exploit by "you dong-hun"Xpl017Elz Brute-Force function added. / define VERSION "v0.0.3" include include include include include include define DEBUGNG undef DEBUGNG define NRL 0 define SCS 1 define FAD -1 define MAXBF 16 define BFLSZ 0x100 / 256 /...

SDFingerD 1.1 - Failure To Drop Privileges Privilege Escalation

source: https://www.securityfocus.com/bid/7977/info sdfingerd has been reported prone to a local privilege escalation vulnerability. The issue presents itself because the sdfingerd daemon fails to sufficiently drop group privileges before executing commands that are contained in a users .plan fil...

PHPOutsourcing Zorum 3.x - Remote File Inclusion Command Execution

PHPOutsourcing Zorum 3.x - Remote File Inclusion Command Execution source: https://www.securityfocus.com/bid/6669/info It has been reported that Zorum may allow remote users to influence to location of PHP includes. Because of this, it is possible for a remote user to include an external arbitrar...

Multiple vulnerabilities in Tiny HTTPd

======================================== INetCop Security Advisory 2002-0x82-001 ======================================== Title: Multiple vulnerabilities in Tiny HTTPd. 0x01. Description Tiny HTTP daemon is web server that do simple very. Vulnerability and executable vulnerability that this web...

rsync fails to properly handle negative values specified for signed integers thereby allowing remote command execution

Overview There exist several signed-integer vulnerabilities in rsync. If rsync is run as a daemon, a remote-root compromise may be possible. Description Included in most distributions of Linux, rsync is a popular tool for synchronizing files across multiple hosts. Though not enabled in the defaul...

WebBBS 5.0 (andlater versions) vulnerable: allow commands execution via "followup" bug

--== Nerf gr0up: adv 7 ==-- WebBBS remote command execution Vulnerable: WebBBS by Darryl Burgdorf http://awsd.com/scripts/webbbs/. All versions are vulnerable. WebBBS is a Web-based bulletin board. WebBBS stores messages as simple text files. Description: WebBBS script allows command execution on...

Microburst uDirectory 2.0 - Remote Command Execution

source: https://www.securityfocus.com/bid/2884/info uDirectory is an online directory and listing management system. An input validation error exists in uDirectory that may allow remote users to execute arbitrary commands on a host running the software. !/usr/bin/perl -w management, e-commerce...

Insecure input validation in ad.cgi

Hi, ad.cgi from "Scripts by Tammie's HUSBAND" contains an insecure input validation vulnerability. Information on ad.cgi is available at: http://www.conservatives.net/atheist/scripts/index.html?ads ----code snippet---- $filename = "$FORM'file'"; $datafile = "$basedir" . "$filename"; ... open INFO...

CVSWeb Developer CVSWeb 1.80 - Insecure Perl 'open' Code Execution

source: https://www.securityfocus.com/bid/1469/info Cvsweb 1.80 makes an insecure call to the perl OPEN function, providing attackers with write access to a cvs repository the ability to execute arbitrary commands on the host machine. The code that is being exploited here is the following: open$f...

SGI IRIX 6.2 - SpaceWare

SGI IRIX 6.2 - SpaceWare source: https://www.securityfocus.com/bid/471/info The SpaceBall game, shipped with Irix 6.2 from Silicon Graphics contains a security hole which could result in the compromise of the root account. By blindly taking the contents of the $HOSTNAME variable, and not placing...

suid_perl 5.001 - Command Execution

suidperl 5.001 - Command Execution !/usr/bin/suidperl -U $ENVPATH="/bin:/usr/bin"; $=0;$=0; exec"/bin/bash"; milw0rm.com 1996-06-01...