1634 matches found
Local File Inclusion Vulnerability in Exponent CMS
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Exponent CMS which could be exploited to include and execute arbitrary local files on the target system. 1 Local file inclusion in Exponent CMS Input passed to the "module" parameter in podcast.php and rss.php is not proper...
WebRCSdiff 0.9 - 'viewver.php' Remote File Inclusion
======================================================== = Author: Fl0riX - Bug Researchers = Application Name : WebRCSdiff 0.9 = Vulnerable Type: Remote File Inclusion = Download: http://sourceforge.net/projects/webrcsdiff/files/webrcsdiff/0.9%20Release/webrcsdiff-0.9.tar.zip/download = Risk :...
Joomla Dcnews Local File Inclusion
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: Joomla Component comdcnews LFI Vulnerability Date: 6-11-2010 Author: Th3 RDX Software Link: n/a Version: n/a Tested on: online Sites category: webapp/Joomla Code : n/a...
Cross-site Scripting (XSS) Vulnerability in NinkoBB
High-Tech Bridge SA Security Research Lab has discovered vulnerability in NinkoBB which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in NinkoBB: CVE-2010-4874 The vulnerability exists due to input sanitation error in parameters...
Cross-site Request Forgery (CSRF) Vulnerabilities in BlogBird
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in BlogBird which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in BlogBird 1.1 The vulnerability exists due to insufficient validation of the request origin in...
Authentication Bypass Vulnerability in phpLiterAdmin
High-Tech Bridge SA Security Research Lab has discovered vulnerability in phpLiterAdmin which could be exploited to bypass authentication mechanism and gain unauthorized access to the application. 1 Authentication Bypass Vulnerability in phpLiterAdmin The vulnerability exists due to a design erro...
SQL Injection Vulnerability in DeluxeBB
High-Tech Bridge SA Security Research Lab has discovered vulnerability in DeluxeBB which could be exploited to execute arbitrary SQL commands in applications database. 1 SQL injection vulnerability in DeluxeBB: CVE-2010-4151 An input validation error exists in the "xthedateformat" parameter in...
resolveall NSE Script
NOTE: This script has been replaced by the --resolve-all command-line option in Nmap 7.70 Resolves hostnames and adds every address IPv4 or IPv6, depending on Nmap mode to Nmap's target list. This differs from Nmap's normal host resolution process, which only scans the first address A or AAAA...
Opencart 1.4.9.1 Shell Upload
========================================== Opencart remote file Upload Vulnerability ========================================== Exploit Title: Opencart remote file uploade Author: Net.Edit0r Email: [email protected] [email protected] Google dork: inurl:Powered By OpenCart Software Link:...
Opencart 1.4.9.1 - Arbitrary File Upload
Opencart 1.4.9.1 - Arbitrary File Upload ========================================== Opencart remote file Upload Vulnerability ========================================== Exploit Title: Opencart remote file uploade Author: Net.Edit0r Email: [email protected] [email protected] Google dork:...
Joomla Freestyle FAQ 1.5.6 SQL Injection
Exploit Title:Joomla Freestyle FAQ 1.5.6 faqid SQL Injection Date: 16/9/2010 Author: Nc-HaCker Version:1.5.6 Download :http://freestyle-joomla.com/fssdownloads/viewcategory/2 Emial : [email protected] Tested on: XP / Linux ExploiT Example :...
Cross-site Scripting (XSS) Vulnerability in Pluck
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Pluck which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Pluck The vulnerability exists due to input sanitation error in the "cont1" parameter in...
PHP Classifieds ADS (sid) Blind SQL Injection Vulnerability
Exploit for php platform in category web applications =========================================================== PHP Classifieds ADS sid Blind SQL Injection Vulnerability =========================================================== Title: PHP CLASSIFIEDS ADS Price: $49 Link :...
Prometeo v1.0.65 SQL Injection Vulnerability
Exploit for php platform in category web applications ============================================ Prometeo v1.0.65 SQL Injection Vulnerability ============================================ Prometeo vers. 1.0.65 -SQLi Vulnerability- ================================= -Vulnerability ID: LD3-Product:...
Script Insertion Vulnerabilities in ArtGK CMS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ArtGK CMS which could be exploited to perform script insertion attacks. 1 Script insertion vulnerabilities in ArtGK CMS 1.1 Input passed to the "content" parameter in cms/classes/CForm.php is not properly sanitiz...
libvirt: improperly mapped source privileged ports may allow for obtaining privileged resources on the host
Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree...
Multiple vulnerabilities in TCMS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Target CMS TCMS, which could be exploited to perform cross-site scripting and SQL Injection attacks, read arbitrary files and compromise vulnerable system. 1 Cross-site scripting XSS vulnerabilities in TCMS 1.1 A...
Digistore Ecommerce 4.0 File Disclosure / Backup Disclosure
==================================================== Digistore Ecommerce V4.0 File Disclosure Vulnerabilities Digistore Ecommerce V4.0 by Pass / Creat and Download Backup Vulnerability ====================================================...
tomcat: missing fix for CVE-2009-0781
Cross-site scripting XSS vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter,...
Multiple Cross-site Scripting (XSS) Vulnerabilities in allinta CMS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in allinta CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in allinta CMS 1.1 The vulnerability exists due to input sanitation error in the "langURL"...