MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String (PoC)

MySQL tested: Version 5.0.45 on CentOS Linux Format String Vulnerability MySQL General Available GA Release is vulnerable. Latest MySQL Version is not vulnerable since the bug if ifdef'ed off. from mysql-5.0.75 source mysql-5.0.75.tar.gz in the file libmysqld/sqlparse.cc this source code is also...

Integer overflow

Integer overflow in the wxImage::Create function in src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted JPEG file, which triggers a heap-based buffer overflow. NOTE: the provenance of this information is...

CVE-2009-2369

Integer overflow in the wxImage::Create function in src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted JPEG file, which triggers a heap-based buffer overflow. NOTE: the provenance of this information is...

MaxCMS 2.0 (m_username) Arbitrary Create Admin Exploit

No description provided by source. ?php printr' +---------------------------------------------------------------------------+ maxcms2.0 creat new admin exploit by Securitylab.ir +---------------------------------------------------------------------------+ '; if $argc 3 printr'...

MaxCMS 2.0 Create New Admin

?php printr' +---------------------------------------------------------------------------+ maxcms2.0 creat new admin exploit by Securitylab.ir +---------------------------------------------------------------------------+ '; if $argc 3 printr'...

MaxCMS 2.0 - m_username Arbitrary Create Admin

MaxCMS 2.0 - musername Arbitrary Create Admin ?php printr' +---------------------------------------------------------------------------+ maxcms2.0 creat new admin exploit by Securitylab.ir +---------------------------------------------------------------------------+ '; if $argc 3 printr'...

maxcms2.0 creat new admin exploit

?php printr' +---------------------------------------------------------------------------+ maxcms2.0 creat new admin exploit by Securitylab.ir +---------------------------------------------------------------------------+ '; if $argc 3 printr'...

MaxCMS 2.0 (m_username) Arbitrary Create Admin Exploit

Exploit for unknown platform in category web applications ====================================================== MaxCMS 2.0 musername Arbitrary Create Admin Exploit ====================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 ...

MaxCMS 2.0 - 'm_username' Arbitrary Create Admin

?php printr' +---------------------------------------------------------------------------+ maxcms2.0 creat new admin exploit by Securitylab.ir +---------------------------------------------------------------------------+ '; if $argc 3 printr'...

Cross site scripting

Cross-site scripting XSS vulnerability in the Create New Page form in razorCMS 0.3 RC2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Page Title field...

Mandriva Linux Security Advisory : mysql (MDVSA-2008:150)

Multiple buffer overflows in yaSSL, which is used in MySQL, allowed remote attackers to execute arbitrary code CVE-2008-0226 or cause a denial of service via a special Hello packet CVE-2008-0227. Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths...

FreeBSD : mailman XSS in create script (429249d2-67a7-11d8-80e3-0020ed76ef5a)

From the 2.1.3 release notes : Closed a cross-site scripting exploit in the create cgi script. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and...

eLitius 1.0 Database Backup

Powered By eLitius 1.0 Remote Database Backup Backup MySQL Database Choose Operation: Backup data only Save to your PC Greets: Dos-Dz TeaM SnAkEs-TeaM H4ckF0rU TeaM Team Sobh4n ALLAH Dork: Powered By eLitius 1.0 Cod3d By ThE g0bL!N...

Dokeos LMS <= 1.8.5 (whoisonline.php) PHP Code Injection Exploit

Exploit for unknown platform in category web applications ================================================================ Dokeos LMS = 1.8.5 whoisonline.php PHP Code Injection Exploit ================================================================ ?php /...

eLitius 1.0 - Arbitrary Database Backup

Powered By eLitius 1.0 Remote Database Backup Backup MySQL Database Choose Operation: Backup data only Save to your PC Greets: Dos-Dz TeaM SnAkEs-TeaM H4ckF0rU TeaM Team Sobh4n ALLAH Dork: Powered By eLitius 1.0 Cod3d By ThE g0bL!N...

Mandriva Update for mysql MDVSA-2008:150 (mysql)

Check for the Version of mysql OpenVAS Vulnerability Test Mandriva Update for mysql MDVSA-2008:150 mysql Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Mandriva Update for mysql MDVSA-2008:150 (mysql)

Check for the Version of mysql OpenVAS Vulnerability Test Mandriva Update for mysql MDVSA-2008:150 mysql Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Multiple vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: "A21glossary Advanced Output" a21glossaryadvancedoutput, "ClickStream Analyzer output" alternetcsaout, "Directory Listing" dirlisting, "Store Locator" locator, "Userdata Create/Edit" sguserdata, "Versatile...

Family Connections 1.8.1 Multiple Remote Vulnerabilities

Salvatore "drosophila" Fresta + Application: Family Connection + Version: 1.8.1 + Website: http://www.familycms.com + Bugs: A Multiple SQL Injection B Create Admin User C Blind SQL Injection + Exploitation: Remote + Date: 25 Mar 2009 + Discovered by: Salvatore "drosophila" Fresta + Author:...

Family Connection 1.8.1 SQL Injection

Salvatore "drosophila" Fresta + Application: Family Connection + Version: 1.8.1 + Website: http://www.familycms.com + Bugs: A Multiple SQL Injection B Create Admin User C Blind SQL Injection + Exploitation: Remote + Date: 25 Mar 2009 + Discovered by: Salvatore "drosophila" Fresta + Author:...