Gravy Media Photo Host 1.0.8 Local File Disclosure Vulnerability

No description provided by source. ================================================================== =========Gravy Media Photo Host 1.0.8 Local File Inclusion======== ================================================================== Vendor:http://www.gravy-media.com/ Download:register to...

Virtue Book Store (cid) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================== Virtue Book Store cid Remote SQL Injection Vulnerability ========================================================== CMS : Online Book Store WEB : http://www.virtuenetz.com/book/...

Supernews 2.6 - index.php?noticia SQL Injection

Supernews 2.6 - index.php?noticia SQL Injection Supernews 2.6 SQL Injection Vulnability Download: http://phpbrasil.com/script-download/vT0FaOCySSH/5817 Discovered by Observing and DD3str0y3r Collaps3 CREW - Made In Brazil Dork: Supernews 2.6 Example:...

Flash Image Gallery 1.1 Arbitrary Config File Disclosure Vulnerability

No description provided by source. 0x01 Informations: Script : Flash Image Gallery 1.1 and maybe last version Download : http://www.flashimagegallery.com/download/fig116admin110.zip Vulnerability : Sensitive Data Disclosure Author : DarkbiteX Greets: : |OverclockiX| , |0oZeuzo0|, |Status-X|, |Fat...

Directory traversal

Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal...

Nagios 3.0.6 - 'statuswml.cgi' Arbitrary Shell Command Injection

source: https://www.securityfocus.com/bid/35464/info Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running th...

pango: pango_glyph_string_set_size integer overflow

Integer overflow in the pangoglyphstringsetsize function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as...

Invision Power Board (IP.Board) 3.0 - Multiple HTML Injection Information Disclosure Vulnerabilities

Invision Power Board IP.Board 3.0 - Multiple HTML Injection Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/34725/info Invision Power Board is prone to an information-disclosure issue and multiple HTML-injection vulnerabilities because it fails to properly sanitiz...

Sun Java System Delegated Administrator 6.x - HTTP Response Splitting

Sun Java System Delegated Administrator 6.x - HTTP Response Splitting source: https://www.securityfocus.com/bid/34643/info Sun Java System Delegated Administrator is prone to an HTTP response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can...

ASP Product Catalog 1.0 - Cross-Site Scripting File Disclosure

ASP Product Catalog 1.0 - Cross-Site Scripting File Disclosure !/usr/bin/perl By AlpHaNiX NullArea.Net alphaathacker.bz Made in Tunisia script : ASP Product Catalog Multiple Remote Exploits download : http://sourceforge.net/project/showfiles.php?groupid=136315 script homepage :...

Banshee 1.4.2 DAAP Extension - '/apps/web/vs_diag.cgi' Cross-Site Scripting

source: https://www.securityfocus.com/bid/34507/info Banshee DAAP Extension is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in th...

Abee Chm eBook Creator 2.11 (FileName) Local Stack Overflow Exploit

No description provided by source. exploit.py Abee Chm eBook Creator 2.11 Stack overflow Exploit By:Encrypt3d.M!nd it's the same exploit i wrote for chm maker,everything is the same!! but there's a lil note that when importing 'DevilInside.chmprj' a message will pops up and tells that the project...

Hannon Hill Cascade Server Command Execution Vulnerability (post auth)

Exploit for cgi platform in category web applications ====================================================================== Hannon Hill Cascade Server Command Execution Vulnerability post auth ====================================================================== Emory University UTS Security...

phpCommunity 2.1.8 (SQL/DT/XSS) Multiple Vulnerabilities

No description provided by source. Salvatore "drosophila" Fresta + Application: phpCommunity 2 + Version: 2.1.8 + Website: http://sourceforge.net/projects/phpcommunity2/ + Bugs: A Multiple SQL Injection B Directory Traversal C Reflected XSS + Exploitation: Remote + Date: 07 Mar 2009 + Discovered...

Apache Tomcat crossite scripting

Crossite scriptign in example applications...

cURL/libcURL 7.19.3 - HTTP 'Location:' Redirect Security Bypass

source: https://www.securityfocus.com/bid/33962/info cURL/libcURL is prone to a security-bypass vulnerability. Remote attackers can exploit this issue to bypass certain security restrictions and carry out various attacks. This issue affects cURL/libcURL 5.11 through 7.19.3. Other versions may als...

Ewebeditor2. 8. 0 Ultimate Edition delete arbitrary file vulnerability-vulnerability warning-the black bar safety net

Author: oldjun This vulnerability can very tasteless, it can be fatal, the key to see how you use! This vulnerability is present in Example\NewsSystem directory delete. asp file, which is ewebeditor test page, without the login you can go directly to, to see these code: 'The band"|"the string...

Gaeste 1.6 File Disclosure

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + Gaeste 1.6 gastbuch.php Remote File Disclosure Vulnerability + + + + bd0rk || SOH-Crew + + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ = Vendor: http://www.php4scripte.de/ = Download:...

Ninja Blog 4.8 Remote Information Disclosure Vulnerability

No description provided by source. Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at http://www.push55.co.uk/index.php?s=ad&id=6 ---- Due to insufficient validation of client-side data, we can alt...

DMXReady BillboardManager <= 1.1 Contents Change Vulnerability

Exploit for unknown platform in category web applications ============================================================== DMXReady BillboardManager http://target/path//applications/BillboardManager/ Edit - http://www.demo.dmxready.com/admin/BillboardManager/addcategory.asp 0day.today 2018-02-09...