MD Webmarketing Cross Site Scripting / SQL Injection

Exploit Title : MD-WEBMARKETING - SQL Injection/Cross Site Scripting Vulnerabilities Date : 06-11-2012 Author : Caleb Bucker Independent Security Researcher Contact : https://twitter.com/CalebDrugs Website : www.calebbucker.blogspot.com Vendor : MD Webmarketing URL Vendor :...

[SECURITY] Fedora 17 Update: phpMyAdmin-3.5.3-1.fc17

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Estudio447 SQL Injection / Cross Site Scripting

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x Official Website: http://www.1337day.com 0 1 x...

Flexap Control Panel 5.1 Blind SQL Injection Vulnerability

Exploit for php platform in category web applications ===================================================== Vulnerable software: Control Panel version 5.1 Vendor: http://www.flexap.am/ Vuln type: Blind SQL Injection Software License: Commercial Software: Control Panel version 5.1 Discovered and...

Flexap.am Control Panel 5.1 Blind SQL Injection

===================================================== Vulnerable software: Control Panel version 5.1 Vendor: http://www.flexap.am/ Vuln type: Blind SQL Injection Software License: Commercial Software: Control Panel version 5.1 Discovered and Exploited in Wild...

Pululart CMS SQL Injection

Exploit Title: Pululart CMS Sql Injection Vulnerability Google Dork:intext:"Powered by Pululart" Date: 08/24/2012 Author: Crim3R Vendor Home : http://www.pululart.com/ Tested on: all $ $ ----Author will be not responsible for any damage---- $ ========================================...

ptunnel 0.72 - Remote Denial of Service

ptunnel 0.72 - Remote Denial of Service !/usr/bin/env python =============================================================================== Exploit Title: ptunnel ' % sys.argv0 target remotehost = sys.argv1 ptunnel.h typedef struct uint32t magic, // magic number, used to identify ptunnel packets...

http-phpself-xss NSE Script

Crawls a web server and attempts to find PHP files vulnerable to reflected cross site scripting via the variable $SERVER"PHPSELF". This script crawls the webserver to create a list of PHP files and then sends an attack vector/probe to identify PHPSELF cross site scripting vulnerabilities. PHPSELF...

Contemplation - Sql injection Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x...

Toko Flamboyan Local File Inclusion

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x Official Website: http://www.1337day.com 0 1 x...

Western Digital TV (WD-TV) Live Remote Code Execution

Exploit for windows platform in category remote exploits Introduction ============ The WD TV Live Streaming Media Player is a consumer device to play various audio and video formats. Additionally it allows access to multiple video streaming services like Netflix, Hulu or Youtube.1 The device allo...

AyMSite v.3.0.2 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: AyMSite V 3.0.2 sqli Vendor: http://www.aymsoft.com/ Date: 08/06/2012 Author: xDarkSton3x Dork: inurl:aymindex.php?option= E-mail : email protected Category: webapps Example Sites :...

PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities

PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/53598/info PHP Address Book is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

ajp-headers NSE Script

Performs a HEAD or GET request against either the root directory or any optional directory of an Apache JServ Protocol server and returns the server response headers. Script Arguments ajp-headers.path The path to request, such as /index.php. Default /. slaxml.debug See the documentation for the...

[SECURITY] Fedora 16 Update: phpMyAdmin-3.5.0-1.fc16

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

DEBIAN-CVE-2012-0216

The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when modphp or modrivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting XSS...

CVE-2012-0216

The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when modphp or modrivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting XSS...

Mushoq CMS SQL injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Mushoq CMS SQL injection Vulnerability Vendor: http://www.mushoq.com/ Author: xDarkSton3x E-mail : email protected Twitter: @xdarkston3x Category: webapps Google dork: intext:desarrollo Web mushoq inurl:index.php?idSeccion=...

DSA-2452-1 apache2 - insecure default configuration

Bulletin has no description...

hostmap-robtex NSE Script

Discovers hostnames that resolve to the target's IP address by querying the online Robtex service at . TEMPORARILY DISABLED due to changes in Robtex's API. See Script Arguments slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size, http.max-cache-size,...