minibbrss-rfi.txt

plugin Rss Remote File Inclusion Vulnerability Ghost Hacker, http://gh0st10.wordpress.com |, .-. .-. ,| | o/ \o | R-H team |/ /\ | Found by : Ghost Hacker HomePage : real-hack.net Email : [email protected] Name Script : plugin Rss Download Script :...

MS00-038:Microsoft Media Encoder 拒绝服务漏洞

Windows Media Encoder是Windows Media Services的一部分。它是用来将数字内容转化为 Windows多媒体格式，以便通过运行在Windows NT或者Windows 2000上的多媒体服务程序发 送。 如果发送一个错误格式的请求给Windows Media Encoder,它就会出错崩溃，不能再将格式 化好的多媒体数据传送给Windoes Media Server. - Microsoft Windows Media Encoder 4.0 - Microsoft Windows Media Encoder 4.1 + Microsoft Windo...

Microsoft Access Snapshot Viewer ActiveX Control Arbitrary File Download (CVE-2008-2463)

Microsoft Snapshot Viewer is an application that allows viewing of snapshots created with any version of Microsoft Access. A remote code execution vulnerability has been discovered in the Snapshot Viewer for Microsoft Access. The vulnerability is due to an error in the Snapshot Viewer ActiveX...

SOL8837 - OpenSSL DTLS off-by-one error - CVE-2007-4995

Description CVE-2007-4995 - Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. Information about this advisory is available at the following location:...

oxygen-sql.txt

Oxygen 2.0 SQL Injection Vulnerability Bug by: h0yt3r This Board Software suffers from a not correctly verified quote ID variable which is used in SQL Querys. An Attacker can easily get sensitive information from the database by injecting unexpected SQL Querys. We need a valid topic ID. Im not...

phpmycart-sql.txt

PHPMyCart Injection Vulnerability Bug by: h0yt3r Script suffers from a not correctly verified category id variable which is used in SQL Querys. An Attacker can easily get sensitive information from the database by injecting unexpected SQL Querys. We dont get any SQL Errors when the Injection Quer...

Oxygen 2.0 - repquote SQL Injection

Oxygen 2.0 - repquote SQL Injection Oxygen 2.0 SQL Injection Vulnerability Bug by: h0yt3r This Board Software suffers from a not correctly verified quote ID variable which is used in SQL Querys. An Attacker can easily get sensitive information from the database by injecting unexpected SQL Querys...

SNMPv3 HMAC validation error Remote Authentication Bypass Exploit

Exploit for multiple platform in category remote exploits ================================================================= SNMPv3 HMAC validation error Remote Authentication Bypass Exploit ================================================================= snmpv3exp.sh exploit the vulnerability...

SNMPv3 HMAC validation error Remote Authentication Bypass Exploit

No description provided by source. snmpv3exp.sh exploit the vulnerability described in CVE-2008-0960, the HMAC check problem on multiple vendor Copyright c 2008 @ Mediaservice.net Srl. All rights reserved Wrote by Maurizio Agazzini inodeatmediaservice.net http://lab.mediaservice.net/...

SSO credentials not used in IssueViewURLHandler

A customer has created a SSO plugin and are facing some specific issues in this context. When they click on the printable link of an issue i.e: http://jira/lodh/si/jira.issueviews:issue-html/ORGJIRA-13/ORGJIRA-13.html they get an error page indicating "the user myuser... doesn't exist..." They...

PHPFreeForum <= 1.0 RC2 Remote XSS Vulnerability

========================================================== PHPFreeForum = 1.0 RC2 Remote XSS Vulnerability ========================================================== AUTHOR : CWH Underground DATE : 21 May 2008 SITE : www.citec.us APPLICATION : PHPFreeForum VERSION : 1.0 RC2 VENDOR :...

lokicms-delete.txt

Name : LokiCMS 0.3.3 = Arbitrary File Delete Vulnerability Author : cOndemned Greetz : ZaBeaTy, GregStar, irk4z, doctor, Avantura ; Usage: http://target/lokiCMS/admin.php?delete=path/file PoC: http://target/lokiCMS/admin.php?delete=../includes/Config.php Deleting Config.php will casue situation...

W1L3D4 Philboard 1.0 (philboard_reply.asp) SQL Injection Vulnerability

No description provided by source. Philboard W1L3D4 v1.0 Multiple SQL njection Vulnerable Author : U238 mail : setuid.noexec0x1aqhotmaildotcom webpage: http://noexec.blogspot.com Script : http://www.aspindir.com/Goster/4703 Script2: http://rapidshare.de/files/39107179/philboardtrge.zip.html...

W1L3D4 philboard 1.0 - 'philboard_reply.asp' SQL Injection

Philboard W1L3D4 v1.0 Multiple SQL Ä°njection Vulnerable Author : U238 mail : setuid.noexec0x1aqhotmaildotcom webpage: http://noexec.blogspot.com Script : http://www.aspindir.com/Goster/4703 Script2: http://rapidshare.de/files/39107179/philboardtrge.zip.html...

dragoon-lfi.txt

Script Name :Dragoon CMS Download : http://sourceforge.net/project/showfiles.php?groupid=118780 Error : $cal'lng'=$GET'lng'; include'../lang/'.$cal'lng'.'.php'; Vul Code : http://site/path/forum/kietu/libs/calendrier.php?callng=LFI...

Dragoon 0.1 - 'lng' Local File Inclusion

Script Name :Dragoon CMS Download : http://sourceforge.net/project/showfiles.php?groupid=118780 Error : $cal'lng'=$GET'lng'; include'../lang/'.$cal'lng'.'.php'; Vul Code : http://site/path/forum/kietu/libs/calendrier.php?callng=LFI milw0rm.com 2008-04-04...

PhpBlock a8.4 (PATH_TO_CODE) Remote File Inclusion Vulnerability

No description provided by source. Script Name : PHP Block a8.4 Download : http://sourceforge.net/project/downloading.php?groupid=186381&usemirror=surfnet&filename=a8.4.zip&73507325 Error : includeonce $PATHTOCODE."/script/fonction.php"; Vul Code :...

PhpBlock a8.4 (PATH_TO_CODE) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================ PhpBlock a8.4 PATHTOCODE Remote File Inclusion Vulnerability ================================================================ Script Name : PHP Block a8.4 Error : includeonce...

PhpBlock a8.4 - PATH_TO_CODE Remote File Inclusion

PhpBlock a8.4 - PATHTOCODE Remote File Inclusion Script Name : PHP Block a8.4 Download : http://sourceforge.net/project/downloading.php?groupid=186381&usemirror=surfnet&filename=a8.4.zip&73507325 Error : includeonce $PATHTOCODE."/script/fonction.php"; Vul Code :...

DaZPHP 0.1 - prefixdir Local File Inclusion

DaZPHP 0.1 - prefixdir Local File Inclusion Script Name : DaZPHP Download : http://sourceforge.net/project/showfiles.php?groupid=132192 Vul CodeExample : http://site/Path/makepost.php?prefixdir=../../../../../../etc/passwd Error : include "./".$prefixdir."/DaZPHPNews-0.1-1/makepost.php"; Greetz :...