CVE-2016-1247

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access...

UBUNTU-CVE-2016-1247

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access...

CVE-2016-6393

The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service device reload via a failed SSH connection attempt that is mishandled during generation of an error-log message, aka Bug ID CSCuy87667...

Code injection

The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service device reload via a failed SSH connection attempt that is mishandled during generation of an error-log message, aka Bug ID CSCuy87667...

冰峰VPN /log/system.log 敏感信息泄漏漏洞

由于“ICEFLOW VPN Router”设备产品存在各种日志文件未授权访问可导致系统敏感信息泄漏。（包括登录成功后的session值） 系统日志http://url/log/system.log VPN日志http://url/log/vpn.log 移动用户日志http://url/log/mobile.log 防火墙日志http://url/log/firewall.log 访问日志http://url/log/access.log 告警日志http://url/log/warn.log 错误日志http://url/log/error.log...

Froxlor 0.9.33.1 MySQL Login Disclosure Vulnerability

Froxlor server management panel versions 0.9.33.1 and below suffer from a MySQL login information disclosure vulnerability. ------------------------------------------------------------------------------------------ Exploit Title: Froxlor Server Management Panel - MySQL Login Information Disclosur...

Froxlor Server Management Panel 0.9.33.1 - MySQL Login Information Disclosure

Exploit for php platform in category web applications ------------------------------------------------------------------------------------------ Exploit Title: Froxlor Server Management Panel - MySQL Login Information Disclosure Date: Jul 30 2015 Exploit Author: Dustin Dörr Vendor Homepage:...

Froxlor 0.9.33.1 MySQL Login Disclosure

------------------------------------------------------------------------------------------ Exploit Title: Froxlor Server Management Panel - MySQL Login Information Disclosure Date: Jul 30 2015 Exploit Author: Dustin Dörr Vendor Homepage: https://www.froxlor.org/ Version:...

Froxlor Server Management Panel 0.9.33.1 - MySQL Login Information Disclosure

------------------------------------------------------------------------------------------ Exploit Title: Froxlor Server Management Panel - MySQL Login Information Disclosure Date: Jul 30 2015 Exploit Author: Dustin Dörr Vendor Homepage: https://www.froxlor.org/ Version:...

CVE-2015-1972

IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sensitive error-log information via a crafted POST request...

WordPress RokBox Plugin <= 2.13 - Multiple Vulnerabilities

This plugin is prone to multiple vulnerabilities: 1. Path Disclosure via thumb.php "src" parameter. 2. Cross site scripting in thumb.php "src" parameter. 3. Direct request path disclosure in rokbox.php. 4. Arbitrary file upload via thumb.php "src" parameter. 5. Direct request error log informatio...

Pimcore /misc/http-error-log _dc SQL Injection Vulnerability

Pimcore is a purely object-oriented system based on the Zend Framework, written in PHP 5. Pimcore /misc/http-error-log fails to properly handle the 'dc' GET parameter, allowing remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain databa...

CVE-2015-1562

Multiple cross-site scripting XSS vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to inject arbitrary web script or HTML via the 1 search parameter to admin/usermanagement.php, 2 datasearch parameter to /admin/profiledata.php, or 3 filter parameter to errorlog.php...

CVE-2015-1562

Multiple cross-site scripting XSS vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to inject arbitrary web script or HTML via the 1 search parameter to admin/usermanagement.php, 2 datasearch parameter to /admin/profiledata.php, or 3 filter parameter to errorlog.php...

CVE-2015-1562

Saurus CMS

PHP <= 4.4.3 / 5.1.4 (sscanf) Local Buffer Overflow Exploit

No description provided by source. ? / hoagiephpsscanf.php PHP = 4.4.3 / 5.1.4 local buffer overflow exploit howto get offsets: set $baseaddr to 0x41414141 ulimit -c 20000 /etc/init.d/apache restart execute script via web browser tail /var/log/apache/error.log ... Wed Aug 16 15:07:10 2006 notice...

WeBid 1.0.2 persistent XSS via SQL Injection

No description provided by source. Exploit Title: presistent XSS through SQLi WeBid 1.0.2 Google Dork: powered by WeBid Date: 15-06-2011 Author: Saif El-Sherei Software Link: http://sourceforge.net/projects/simpleauction/ Version: 1.0.2 Tested on: Firefox 4, XAMPP Info: Open source php/mysql full...

Graugon Forum 1 - (id) SQL Command Injection Exploit

No description provided by source. !/usr/bin/perl |--------------------------------------------------------------------------------------------------------------------------------------------| | INFORMATIONS |...

PHP-Nuke Module Addressbook 1.2 - Local File Inclusion Exploit

No description provided by source. !Perl PHP-Nuke Module Addressbook 1.2 Local File Inclusion Exploit Vendor: http://www.sb-websoft.com/index.php?name=CmodsDownload&file=index&req=getit&lid=14 Vulnerable Code: requireoncemodules/$modulename/include/func.inc.php; Coded by bd0rk || SOH-Crew Greetz:...

Bloginator 1a - SQL Command Injection via Cookie Bypass Exploit

No description provided by source. Author = FireShot , Jacopo Vuga. Thx to = Osirys for develop the Exploitation Code with me Mail = fireshotatautisticidotorg / osirysatautisticidotorg Vulnerability = SQL Command Injection mq = off Software = Bloginator V1A Download =...