OpenDocMan 1.2.6.5 - Persistent XSS Vulnerability

No description provided by source. Exploit Title: OpenDocMan 1.2.6.5 Stored/Reflective XSS Date: 05/04/2013 Exploit Author: drone @dronesec More Exploit Information: Vendor Homepage: http://www.opendocman.com/ Software Link:...

Apache Struts Developer Mode OGNL Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...

Ultimate PHP Board <= 2.0 (header_simple.php) File Include Exploit

No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...

Wordpress Usernoise Plugin 3.7.8 - Persistent XSS Vulnerability

No description provided by source. Details ============================= Application: Usernoise http://usernoise.karevn.com/ Version: 3.7.8 probably earlier versions as well Type: Wordpress plugin Developer: Nikolay Karev http://karevn.com/ - http://profiles.wordpress.org/karevn/ Vulnerability:...

Wordpress Developer Formatter CSRF Vulnerability

No description provided by source. ==================================================================================================================== Exploit Title: Wordpress Developer Formatter CSRF Vulnerability Google Dork: inurl:devformatter/devformatter.php Date: 21/01/13 Author: Junaid...

Hosting Controller <= 0.6.1 Unauthenticated User Registeration (3rd)

No description provided by source. !-- Hi, I'm Soroush Dalili from GSG GrayHatz Security Group. Title: Hosting controller program have a security bug in UserProfile.asp that an authenticated user can change other's profiles. Why is it dangerous: a user can change other's email address and then us...

ZPanel <= 10.0.1 CSRF, XSS, SQLi, Password Reset

No description provided by source. Exploit Title: ZPanel = 10.0.1 CSRF, XSS, SQLi, Password Reset Date: 04/11/2012 Exploit Author: pcsjj Vendor Homepage: http://www.zpanelcp.com/ Version: 10.0.1 Software Link: http://sourceforge.net/projects/zpanelcp/files/latest/download Downloads: 90,382 CVE :...

WebMaster ConferenceRoom 1.8 Developer Edition DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2178/info WebMaster ConferenceRoom Developer Edition is a chat package which enables a large community of users to chat together. ConferenceRoom has a wide range of capabilities and a user friendly channel moderation...

Mac OS X <= 10.4.6 (launchd) Local Format String Exploit (ppc)

No description provided by source. !/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch-ppc.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom Much appreciation goes to John H for all kindsa random shit like exploiting Veritas and other random things in the past core... where the...

Joomla AJAX Shoutbox <= 1.6 - Remote SQL Injection Vulnerability

No description provided by source. Joomla AJAX Shoutbox remote SQL Injection vulnerability - Author: Ibrahim Raafat - Contact: https://twitter.com/RaafatSEC - Discovery date: 1 April 2010 4 years ago - Reported to vendor : 12 March 2014 - Response: Quick response from the developer, Patched and...

simple webserver 2.3-rc1 - Directory Traversal

No description provided by source. Exploit Title: Simple Webserver 2.3-rc1 Directory Traversal Date: 01/02/2013 Exploit Author: CwG GeNiuS Vendor Homepage: http://www.pmx.it Software Link: http://www.pmx.it/download/sws-2.3-rc1-i686.exe Version: 2.3-rc1 and earlier Tested on: Windows 7 Enterprise...

Hosting Controller <= 6.1 Hotfix 3.1 Privilege Escalation Vulnerability

No description provided by source. Title: An attacker can gain reseller privileges and after that can gain admin privileges Version: 6.1 Hotfix = 3.1 Developer url: www.Hostingcontroller.com Solution: Update to Hotfix 3.2 Discover date: 2005,Summer Report date to hc company: Sat Jun 10, 2006...

Apple WebObjects Developer NT4 IIS4.0 CGI-adapter 4.5 Developer Remote Overflow

No description provided by source. source: http://www.securityfocus.com/bid/1896/info A denial-of-service vulnerability exists in Apple's WebObjects 4.5 Developer, a popular platform for developing web-based applications. The vulnerable version is Windows NT 4.0 SP5, when run in conjunction with...

wordpress wp-topbar 4.02 - Multiple Vulnerabilities

No description provided by source. Exploit Title: WP-TopBar 4.02 CSRF Date: 2012-09-13 Author: Blake Entrekin Version: 4.02 Download Link: http://downloads.wordpress.org/plugin/wp-topbar.4.02.zip Vendor Link: http://wordpress.org/extend/plugins/wp-topbar/ ------------------- CSRF...

4Site CMS <= 2.6 - Multiple Remote SQL Injection Vulnerabilities

No description provided by source. WSEC-09-002 4Site CMS = 2.6 Multiple Remote SQL Injections Developer site: http://www.4site.ru/ Discovered by D.Mortalov // wsec.ru 1. Auth Bypass Login: 1'or'1 Password: 1'or’1 2. Multiple Remote SQL Injections in 4site CMS modules Pages module:...

[SECURITY] Fedora 19 Update: python-jinja2-2.6-7.fc19

Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with...

openSUSE Security Update : subversion (openSUSE-SU-2013:0687-1)

Subversion received minor version updates to fix remote triggerable vulnerabilities in moddavsvn which may result in denial of service. On openSUSE 12.1 : - update to 1.6.21 bnc813913, addressing remotely triggerable + CVE-2013-1845: moddavsvn excessive memory usage from property changes +...

openSUSE Security Update : subversion (openSUSE-SU-2013:1006-1)

This update of subversion includes several bug and security fixes. - update to 1.7.10 bnc821505 CVE-2013-1968 CVE-2013-2088 CVE-2013-2112 - Client-side bugfixes : - fix 'svn revert' 'no such table: revertlist' spurious error - fix 'svn diff' doesn't show some locally added files - fix changelist...

openSUSE Security Update : subversion (openSUSE-SU-2013:1836-1)

This update fixes the following issues with subversion CVE-2013-4505,CVE-2013-4558 : - bnc850747: update to 1.8.5 - CVE-2013-4505: moddontdothat does not restrict requests from serf clients. - CVE-2013-4558: moddavsvn assertion triggered by autoversioning commits. + Client-side bugfixes : - fix...

(RHSA-2014:0575) Low: Red Hat Enterprise Developer Toolset Version 1 One-month Retirement Notice

In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 1 offering will be retired as of June 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact...