TotalECommerceSQL.txt

--Security Report-- Advisory: TotalECommerce index.asp id Remote SQL Injection Vulnerability. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 04/03/06 04:36 AM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: TotalECommerce...

Ipswitch WhatsUp Professional 2006 - Remote Denial of Service

source: https://www.securityfocus.com/bid/16771/info Ipswitch WhatsUp Professional 2006 is susceptible to a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle certain HTTP GET requests. This issue allows remote attackers to consume excessive...

Ipswitch WhatsUp Professional 2006 - Remote Denial of Service

Ipswitch WhatsUp Professional 2006 - Remote Denial of Service source: https://www.securityfocus.com/bid/16771/info Ipswitch WhatsUp Professional 2006 is susceptible to a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle certain HTTP GET...

V-Webmail 1.6.2 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/16706/info V-webmail is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an...

Power Daemon <= 2.0.2 (WHATIDO) Remote Format String Exploit

No description provided by source. / gexp-powerd.c Power Daemon v2.0.2 Remote Format String Exploit Copyright C 2005 Gotfault Security Bug found and developed by: barros and xgc Original Reference: http://gotfault.net/research/exploit/gexp-powerd.c / include getopt.h include sys/types.h include...

Nuked-klaN Cross-Site Scripting Vulnerability

NightWarriorKurdish Hacker nightwarrior771athotmail.com Nuked-klaN Cross-Site Scripting Vulnerability http://www.nuked-klan.org http://www.example.com/index.php?file=Members&letter=XSS Contact :nightwarrior771athotmail.com NightWarriorKurdihs Hacker...

win32 WinExec Command Parameter 104+ bytes

win32 WinExec Command Parameter 104+ bytes. Shellcode exploit for win32 platform ; ; relocateable dynamic runtime assembly code example using hash lookup ; ; WinExec with ExitThread ; 104 bytes ; ; for testing: ; ; ml /c /coff /Cp wexec2.asm ; link /subsystem:windows /section:.text,w wexec2.obj ;...

linux/x86 normal exit w/ random (so to speak) return value 5 bytes

Exploit for linux/x86 platform in category shellcode ================================================================== linux/x86 normal exit w/ random so to speak return value 5 bytes ================================================================== / linux/x86 normal exit w/ random so to speak...

MiniNuke <= 1.8.2 Multiple SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ======================================================== MiniNuke http://site/news.asp?Action=Print&hid=SQLQuery http://www.miniex.net/news.asp?Action=Print&hid=66%20union+select+0,sifre,0,0,0,0,0,0,0,0+from+members+where+uyeid=52 Columns ...

MiniNuke 1.8.2 - Multiple SQL Injections

MiniNuke 1.8.2 - Multiple SQL Injections Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: MiniNuke www.miniex.net Version: 1.8.2 and prior versions must be affected. About:Via this method remote attacker can inject SQL query to the news.asp --- How&Example:...

DEBIAN-CVE-2006-0147

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PhpOpenChat, possibly 7 MAXdev MD-Pro, and 8 Simplog, allows remote attackers to execute arbitrary PHP...

PT-2005-5499 · Apache · Jakarta Tomcat +1

Name of the Vulnerable Software and Affected Versions: Jakarta Tomcat versions 5.5.6 and earlier Description: The issue concerns multiple cross-site scripting XSS vulnerabilities in the example web applications for Jakarta Tomcat. These vulnerabilities allow remote attackers to inject arbitrary w...

EncapsGallery 1.0 - &#039;gallery.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/15836/info EncapsGallery is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...

Blog System v1.2 SQL inj. vuln.

Blog System v1.2 SQL inj. vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/blog-system-v12-sql-inj-vuln.html vendor:http://www.netartmedia.net/blogsystem/ affected version:v1.2 and prior Product Description: Blog System allows you to launch and...

PHPYellowTM 5.33 - search_result.php?haystack SQL Injection

PHPYellowTM 5.33 - searchresult.php?haystack SQL Injection source: https://www.securityfocus.com/bid/15700/info phpYellowTM is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL...

athena.txt

Language: PHP Script: Athena Version: 0.1a Official website: http://sourceforge.net/projects/athena Problem: Remote file inclusion Discovered by: beford & GB Description: =========== A simple website management system written in oo php that uses a mysql database to store user and group rights and...

netbsd/x86 setreuid0, 0; execve"/bin//sh", ..., NULL; 29 bytes

netbsd/x86 setreuid0, 0; execve"/bin//sh", ..., NULL; 29 bytes. Shellcode exploit for netbsdx86 platform / minervini at neuralnoise dot com c 2005 NetBSD/i386 2.0, setreuid0, 0; execve"/bin//sh", ..., NULL; note: unsafe shellcode, but 29 bytes long; doesn't work if eax & 0x40000000 != 0; / includ...

Unalz 0.x - Archive Filename Buffer Overflow

Unalz 0.x - Archive Filename Buffer Overflow source: https://www.securityfocus.com/bid/15577/info The 'unalz' utility is prone to a buffer-overflow vulnerability. This issue is exposed when the application extracts an ALZ archive that contains a file with a long name. An attacker could exploit th...

Remote file include in Q-News

Language: PHP Script: Q-News Version: 2.0 Official website: http://sourceforge.net/projects/q-news/ Problem: Remote file inclusion Discovered by: GB Description: =========== Q-News is a Quick News generator written in PHP that generates small text files that can be included a site, it has a lot o...

eQuickSQLXSS.txt

------------------------------------------------------ Nightmare TeAmZ Advisory 016 ------------------------------------------------------ Date - 11/2005 e-Quick Cart Sql & Xss AFFECTED PRODUCTS ================= e-Quick Cart http://www.cdmweb.com Xss Poof: ========...