Lucene search
K

6060 matches found

security_vulns
security_vulns
added 2007/07/03 12:0 a.m.76 views

Microsoft Windows Vista/2003/XP/2000 file management security issues

Title: Microsoft Windows Vista/2003/XP/2000 file management security issues Author: 3APA3A, http://securityvulns.com/ Vendor: Microsoft and potentially another vendors Products: Microsoft Windows Vista/2003/XP/2000, Microsoft resource kit for Windows 2000 and different utilities. Access Vector:...

6AI score0.0361EPSS
Exploits1
NVD
NVD
added 2007/06/29 6:30 p.m.11 views

CVE-2007-3494

Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to 1 read the entire database by accessing the database backup plugin via a devtools/templates/newdumpbackend.html argument in the templa...

6.8CVSS6.3AI score0.02052EPSS
Exploits0References7
Cvelist
Cvelist
added 2007/06/29 6:0 p.m.22 views

CVE-2006-7213

Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database...

6.3AI score0.00966EPSS
Exploits0References4
0day.today
0day.today
added 2007/05/29 12:0 a.m.18 views

Inout Search Engine (all version) Remote Code Execution Exploit

Exploit for unknown platform in category web applications =============================================================== Inout Search Engine all version Remote Code Execution Exploit =============================================================== !/usr/bin/php -q -d shortopentag=on this is not a...

7.1AI score
Exploits0
Prion
Prion
added 2007/05/21 11:30 p.m.13 views

Design/Logic Flaw

manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to create additional administrative accounts, and have other unspecified impact, via modified username, newpass, newpass2, status, super, and certain other parameters in an add action...

6.8CVSS7.3AI score0.0116EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2007/05/11 3:55 a.m.21 views

CVE-2007-2592

Multiple cross-site scripting XSS vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the 1 username...

5.9AI score0.02657EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2007/05/11 12:0 a.m.32 views

Mandrake Linux Security Advisory : php (MDKSA-2007:102)

A heap buffer overflow flaw was found in the xmlrpc extension for PHP. A script that implements an XML-RPC server using this extension could allow a remote attacker to execute arbitrary code as the apache user. This flaw does not, however, affect PHP applications using the pure-PHP XMLRPC class...

7.5CVSS6.3AI score0.02922EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2007/04/16 12:0 a.m.25 views

MyBlog 0.9.8 - 'Settings.php' Authentication Bypass

source: https://www.securityfocus.com/bid/23521/info MyBlog is prone to an authentication-bypass vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and then access or overwrite files with arbitrary PHP script code. Script code added to certain files are later...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/03/26 12:0 a.m.13 views

IceBB 1.0-rc5 - Remote Create Admin

IceBB 1.0-rc5 - Remote Create Admin !/usr/bin/perl IceBB 1.0-rc5 Remote Create Admin Exploit 1. register a user 2. run this exploit with this usage : $perl xpl.pl host&path uname pass 3. login with admin access : - magicquotesgpc = Off Coded & Discovered By Hessam-x / Hessamx-at-Hessamx.net use...

7.5AI score
Exploits0
Exploit DB
Exploit DB
added 2007/03/26 12:0 a.m.33 views

IceBB 1.0-rc5 - Remote Create Admin

!/usr/bin/perl IceBB 1.0-rc5 Remote Create Admin Exploit 1. register a user 2. run this exploit with this usage : $perl xpl.pl host&path uname pass 3. login with admin access : - magicquotesgpc = Off Coded & Discovered By Hessam-x / Hessamx-at-Hessamx.net use LWP::UserAgent; use HTTP::Cookies;...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/03/25 12:0 a.m.28 views

PBlang 4.66z - Remote Create Admin

PBlang 4.66z - Remote Create Admin !/usr/bin/perl PBlang 4.66z Create Admin Exploit this exploit register a user with admin access Coded & Discovered By Hessam-x / Hessamx-at-Hessamx.net use IO::Socket; use LWP::UserAgent; use HTTP::Cookies; $host = $ARGV0; $uname = $ARGV1; $passwd = $ARGV2; $url...

7.5AI score
Exploits0
0day.today
0day.today
added 2007/03/25 12:0 a.m.27 views

PBlang <= 4.66z Remote Create Admin Exploit

Exploit for unknown platform in category web applications =========================================== PBlang new or die; $cookiejar = HTTP::Cookies-new; $xpl-cookiejar $cookiejar ; register $reg = $xpl-post$url.'register.php?reg=2', Content = "user" = $uname, "pass" = $passwd, "pass2" = $passwd,...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2007/03/25 12:0 a.m.33 views

PBlang 4.66z - Remote Create Admin

!/usr/bin/perl PBlang 4.66z Create Admin Exploit this exploit register a user with admin access Coded & Discovered By Hessam-x / Hessamx-at-Hessamx.net use IO::Socket; use LWP::UserAgent; use HTTP::Cookies; $host = $ARGV0; $uname = $ARGV1; $passwd = $ARGV2; $url = "http://".$host; print q PBLANG...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2007/03/25 12:0 a.m.40 views

PBlang &lt;= 4.66z Remote Create Admin Exploit

No description provided by source. !/usr/bin/perl PBlang 4.66z Create Admin Exploit this exploit register a user with admin access Coded & Discovered By Hessam-x / Hessamx-at-Hessamx.net use IO::Socket; use LWP::UserAgent; use HTTP::Cookies; $host = $ARGV0; $uname = $ARGV1; $passwd = $ARGV2; $url...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/03/21 12:0 a.m.25 views

FrontBase关系数据库服务器create procedure远程栈溢出漏洞

FrontBase是一款企业级的关系数据库服务器。 FrontBase在创建存储过程时存在栈溢出漏洞,允许攻击者获得NT AUTHORITY\SYSTEM或root用户权限。 如果攻击者通过“create procedure” SQL语句传送了超长参数的话,就可以触发这个溢出,导致内存破坏。例如,以下SQL语句: create procedure "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa...

7.1AI score
Exploits0
NVD
NVD
added 2007/03/20 10:19 a.m.16 views

CVE-2007-1511

Buffer overflow in FrontBase Relational Database Server 4.2.7 and earlier allows remote authenticated users, with privileges for creating a stored procedure, to execute arbitrary code via a CREATE PROCEDURE request with a long procedure name...

7.1CVSS7.5AI score0.05444EPSS
Exploits0References6
Cvelist
Cvelist
added 2007/03/20 10:0 a.m.21 views

CVE-2007-1511

Buffer overflow in FrontBase Relational Database Server 4.2.7 and earlier allows remote authenticated users, with privileges for creating a stored procedure, to execute arbitrary code via a CREATE PROCEDURE request with a long procedure name...

7.5AI score0.05444EPSS
Exploits0References6
myhack58
myhack58
added 2007/03/19 12:0 a.m.13 views

oracle 10g (PROCESS_DUP_HANDLE) Local Privilege Elevation (win32)-vulnerability warning-the black bar safety net

include windows. h include stdio. h BOOL InjectShellcodeDWORD oldEIP,CHAR oSID HMODULE hKernel; FARPROC pCreateProc; LPSTR sCommand="cmd.exe"; DWORD dwStrLen; CHAR buff1 0 0; dwStrLen=strlensCommand; hKernel=LoadLibrary"Kernel32.dll"; pCreateProc=GetProcAddresshKernel,"CreateProcessA"; strcpybuff...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2007/03/10 12:0 a.m.36 views

Microsoft Windows - DCE-RPC svcctl ChangeServiceConfig2A() Memory Corruption

!/usr/bin/python MS Windows DCE-RPC svcctl ChangeServiceConfig2A 0day Memory Corruption PoC Exploit Bug discovered by Krystian Kloskowski h07 Tested on Windows 2000 SP4 Polish all patches Requires.. - Impacket : http://oss.coresecurity.com/projects/impacket.html - PyCrypto :...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2007/03/07 12:0 a.m.6 views

PT-2007-1419 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server affected versions not specified Description: The issue allows remote authenticated users to read and modify arbitrary files via full filepaths to utl file functions such as utl file.put line and utl file.get line when u...

6CVSS6.7AI score0.05651EPSS
Exploits1References6
Rows per page
Query Builder