CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5977 matches found

Exploit DB•added 2007/02/23 12:0 a.m.•31 views

Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow (Denial of Service) (PoC)

!/usr/bin/python Snort DCE/RPC Preprocessor Buffer Overflow DoS Author: Trirat Puttaraksa http://sf-freedom.blogspot.com For educational purpose only This exploit just crash Snort 2.6.1 on Fedora Core 4. However, Code Execution may be possible, but I have no time to make it : I will post the...

7.4AI score

Exploits0

NVD•added 2007/01/26 12:28 a.m.•14 views

CVE-2007-0507

SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles...

6CVSS8AI score0.01005EPSS

Exploits0References6

seebug.org•added 2007/01/24 12:0 a.m.•15 views

Oracle 10g SYS.KUPV$FT.ATTACH_JOB PL/SQL Injection Exploit

No description provided by source. / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret [email protected] Privileges needed: - EXECUTECATALOGROLE - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA...

7.1AI score

Exploits0

0day.today•added 2007/01/23 12:0 a.m.•20 views

Oracle 10g SYS.KUPV$FT.ATTACH_JOB PL/SQL Injection Exploit

Exploit for multiple platform in category local exploits ========================================================== Oracle 10g SYS.KUPV$FT.ATTACHJOB PL/SQL Injection Exploit ========================================================== / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean...

6.9AI score

Exploits0

exploitpack•added 2007/01/23 12:0 a.m.•13 views

Oracle 10g - SYS.KUPV$FT.ATTACH_JOB PL SQL Injection

Oracle 10g - SYS.KUPV$FT.ATTACHJOB PL SQL Injection / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret Privileges needed: - EXECUTECATALOGROLE - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA...

0.3AI score

Exploits0

exploitpack•added 2007/01/23 12:0 a.m.•14 views

Oracle 10g - SYS.KUPW$WORKER.MAIN PL SQL Injection

Oracle 10g - SYS.KUPW$WORKER.MAIN PL SQL Injection / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret Privileges needed: - CREATE SESSION - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA...

0.4AI score

Exploits0

Exploit DB•added 2007/01/23 12:0 a.m.•26 views

Oracle 10g - SYS.KUPV$FT.ATTACH_JOB PL / SQL Injection

/ Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret Privileges needed: - EXECUTECATALOGROLE - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA AUTONOMOUSTRANSACTION; BEGIN EXECUTE IMMEDIATE 'GRANT DBA TO TEST'...

7.4AI score

Exploits0

Exploit DB•added 2007/01/23 12:0 a.m.•28 views

Oracle 10g - SYS.DBMS_CDC_IMPDP.BUMP_SEQUENCE PL / SQL Injection

/ Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret Privileges needed: - CREATE SESSION Max. Length 97. Very, very cool / select from userroleprivs ; DECLARE SEQUENCEOWNER VARCHAR2200; SEQUENCENAME VARCHAR2200; vuserid number; vcommands VARCHAR232767; NEWVALUE NUMBER; BEGIN SELEC...

7.4AI score

Exploits0

0day.today•added 2007/01/23 12:0 a.m.•30 views

Oracle 10g SYS.KUPW$WORKER.MAIN PL/SQL Injection Exploit

Exploit for multiple platform in category local exploits ======================================================== Oracle 10g SYS.KUPW$WORKER.MAIN PL/SQL Injection Exploit ======================================================== / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret...

6.9AI score

Exploits0

OSV•added 2007/01/16 11:28 p.m.•1 views

DEBIAN-CVE-2007-0254

Format string vulnerability in the errorscreatewindow function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors...

10CVSS7.6AI score0.03486EPSS

Exploits0References1

Packet Storm•added 2007/01/13 12:0 a.m.•16 views

MOAB-09-01-2007.rb.txt

!/usr/bin/ruby c 2006 LMH . require 'fileutils' require 'zlib' hdiutil = "/usr/bin/hdiutil" dmgname = ARGV0 || "MOAB-09-01-2007.dmg" dmgsize = ARGV1 || "200k" filesys = ARGV2 || "UFS" volname = "" 255.times do volname i = Kernel.rand62; i += i 10 ? 48 : i 36 ? 55 : 61 .chr end FileUtils.rmfdmgnam...

7.4AI score

Exploits0

seebug.org•added 2007/01/04 12:0 a.m.•22 views

Cacti Copy_Cacti_User.PHP SQL注入漏洞

Cacti是一款基于PHP的WEB应用程序。 Cacti不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。问题是'CopyCactiUser.PHP'脚本对用户提交的WEB参数缺少过滤，提交恶意脚本代码作为参数数据，可导致获得敏感信息。 Cacti Cacti 0.8.6i 目前没有解决方案提供： http://cacti.net/ ?php printr' --------------------------------------------------------------------------- Cacti 0.8.6i...

7.1AI score

Exploits0

seebug.org•added 2006/12/31 12:0 a.m.•40 views

Cacti 0.8.6i (copy_cacti_user.php) SQL Injection Create Admin Exploit

No description provided by source. ?php printr' --------------------------------------------------------------------------- Cacti 0.8.6i "copycactiuser.php" sql injection create new admin exploit by rgod dork: intitle:"login to cacti" mail: retrog at alice dot it site:...

7.1AI score

Exploits0

0day.today•added 2006/12/30 12:0 a.m.•72 views

Cacti 0.8.6i (copy_cacti_user.php) SQL Injection Create Admin Exploit

Exploit for unknown platform in category web applications ===================================================================== Cacti 0.8.6i copycactiuser.php SQL Injection Create Admin Exploit ===================================================================== 126 $result.=" ."; else $result.=...

7.1AI score

Exploits0

Exploit DB•added 2006/12/30 12:0 a.m.•22 views

Cacti 0.8.6i - 'copy_cacti_user.php' SQL Injection Create Admin

126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex = '\b\d1,3.\d1,3.\d1,3.\d1,3:\d1,5\b...

7.4AI score

Exploits0

exploitpack•added 2006/12/19 12:0 a.m.•39 views

Oracle 9i10g - extproc LocalRemote Command Execution

Oracle 9i10g - extproc LocalRemote Command Execution -- -- $Id: raptororaextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororaextproc.sql - command exec via oracle extproc -- Copyright c 2006 Marco Ivaldi -- -- Directory traversal vulnerability in extproc in Oracle 9i and 10g -- allo...

8.5CVSS0.6AI score0.13782EPSS

Exploits9

NVD•added 2006/12/04 11:28 a.m.•14 views

CVE-2006-6259

Multiple directory traversal vulnerabilities in a class/functions.php and b class/mbro.php in AlternC 0.9.5 and earlier allow remote attackers to 1 create arbitrary files and directories via a .. dot dot in the "create name" field and 2 read arbitrary files via a .. dot dot in the "web root" fiel...

10CVSS6.9AI score0.03598EPSS

Exploits1References11

Cvelist•added 2006/12/04 11:0 a.m.•15 views

CVE-2006-6259

6.9AI score0.03598EPSS

Exploits1References11

Positive Technologies•added 2006/11/20 12:0 a.m.•4 views

PT-2006-6644

Name of the Vulnerable Software and Affected Versions DirectAdmin version 1.28.1 Description The issue allows remote authenticated users to inject arbitrary web script or HTML. This can be achieved through various parameters and commands, including the user parameter to CMD SHOW RESELLER or CMD...

6CVSS6.3AI score0.01759EPSS

Exploits1References19