DL PayCart <= 1.34 Admin Password Changing Exploit

No description provided by source. ?php / ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...

Wordpress Theme Infocus /dl-skin.php 任意文件下载漏洞

No description provided by source...

WordPress Infocus Local File Disclosure

Post Local File Disclosure in wordpress theme Infocus + Date: 07/06/2014 + CWE Number: CWE-98 + Risk: High + Author: Felipe Andrian Peixoto + Dork:inurl:"/wp-content/themes/infocus/" + Vendor Homepage: http://themeforest.net/item/infocus-powerful-professional-wordpress-theme/85486 + Contact:...

WordPress Elegance Local File Disclosure

Post Local File Disclosure in wordpress theme Elegance + Date: 07/06/2014 + CWE Number: CWE-98 + Risk: High + Author: Felipe Andrian Peixoto + Dork:inurl:"/wp-content/themes/elegance/" + Vendor Homepage: http://www.elegantthemes.com/ + Contact: [email protected] + Tested on: Windows 7 and...

CVE-2013-2065

1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...

CVE-2013-2065

CVE-2013-2065 is a taint-check bypass in Ruby's DL and Fiddle native extensions. The initial description notes that Ruby 1.9.x up to 1.9.3 patchlevel 426 and Ruby 2.0 up to patchlevel 195 do not taint-check native functions, allowing context-dependent attackers to bypass safe-level restrictions. ...

Low: ruby19

Issue Overview: 1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions. Affected Packages: ruby19 Issue Correction: Run...

FreeBSD : ruby -- Object taint bypassing in DL and Fiddle in Ruby (79789daa-8af8-4e21-a47f-e8a645752bdb)

Ruby Developers report : There is a vulnerability in DL and Fiddle in Ruby where tainted strings can be used by system calls regardless of the $SAFE level set in Ruby. Native functions exposed to Ruby with DL or Fiddle do not check the taint values set on the objects passed in. This can result in...

ruby -- Object taint bypassing in DL and Fiddle in Ruby

Ruby Developers report: There is a vulnerability in DL and Fiddle in Ruby where tainted strings can be used by system calls regardless of the $SAFE level set in Ruby. Native functions exposed to Ruby with DL or Fiddle do not check the taint values set on the objects passed in. This can result in...

CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle

1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...

CVE-2013-1469

Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. dot dot in the dl parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 link, 2 title, or 3 dl parameter...

Stack overflow

Stack-based buffer overflow in SR10 FTP server SR10.exe 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled, allows remote attackers to execute arbitrary code via a long USER FTP command...

Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) - FTP USER Command Buffer Overflow (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Ricoh DC DL-10 SR...

Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

Ricoh DC Software DL-10 FTP Server <= 1.1.0.6 Remote Buffer Overflow

Exploit for windows platform in category dos / poc !/usr/bin/python Exploit Title: Ricoh DC Software DL-10 FTP Server SR10.exe = 1.1.0.6 Remote Buffer Overflow Vulnerability Version: = 1.1.0.6 Date: 2012-02-05 Author: Julien Ahrens Homepage: www.inshell.net Software Link: http://www.ricohpmmc.com...

Unfixed XSS vulnerability at dl-millennium.postech.ac.kr

Security researcher Droid, has submitted on 04/08/2011 a cross-site-scripting XSS vulnerability affecting dl-millennium.postech.ac.kr, which at the time of submission ranked 106484 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/12/2011. It ...

CVE-2010-0963

Cross-site scripting XSS vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invalid ticket ID. NOTE: some of these details are obtained from third party information...

CVE-2010-0963

The CVE-2010-0963 entry documents a Cross-site Scripting (XSS) vulnerability in the index.php of the dl Download Ticket Service prior to version 0.7, where an attacker can inject arbitrary web script or HTML via the t parameter (linked to an invalid ticket ID). Affected: dl Download Ticket Service

ProfitCode Shopping Cart Local File Inclusion / Remote File Inclusion

Exploit Title: ProfitCode Shopping Cart Multi Vulnerability LFI/RFI Date: 2010-01-09 Author: Zer0 Thunder Site : http://www.profitcode.net/ - http://profbiz-cart.sourceforge.net/ Software Link: http://sourceforge.net/project/platformdownload.php?groupid=258424 Tested on: Windows XP sp2 WampServer...