1634 matches found
Rubrique SQL Injection
================================================= Discovered By: CrAzY CrAcKeR Email: CrAzYCrAcKeRathotmaildotcom ================================================ example:- http://www.example.info/rubrique.php?id=-1+union+select+1,2,uslogin,uspassword,5,6,7,8,9,10,11,12,13,14+from+ausersf...
Perl$hop E-Commerce Input Injection
A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS Cross Site Scripting, Directory Traversal, Code Execution, and more! Wow, that sure is a lot of vulnerabilities for one product. It would seem as if the...
Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection
Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS Cross Site Scripting, Directory Traversal, Code Execution, and more! Wow, that sure is a l...
Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection
A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS Cross Site Scripting, Directory Traversal, Code Execution, and more! Wow, that sure is a lot of vulnerabilities for one product. It would seem as if the...
tomcat: XSS in Apache Tomcat calendar application
Cross-site scripting XSS vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, relat...
openSUSE Security Update : apache2 (apache2-330)
This updated fixes a problem in modproxyhttp that was introduced by previous security update. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update apache2-330. The text description of this plugin i...
Ger Versluis 2000 SQL Injection
-------------------------------------------------------------------------- Ger Versluis 2000 version 5.5 24 SITEfiche.php SQL Injection Vulnerability -------------------------------------------------------------------------- + Author : DeCo017 + Email : 5s5atlivedotfr + Vulnerability : SQL...
Ger Versluis 2000 5.5 24 - SITE_fiche.php SQL Injection
Ger Versluis 2000 5.5 24 - SITEfiche.php SQL Injection -------------------------------------------------------------------------- Ger Versluis 2000 version 5.5 24 SITEfiche.php SQL Injection Vulnerability -------------------------------------------------------------------------- + Author : DeCo01...
Tausch Ticket Script 3 - 'suchauftraege_user.php?userid' SQL Injection
source: https://www.securityfocus.com/bid/43710/info Tausch Ticket Script is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit...
BBSGood. Speed Version 4.0 injection vulnerability-vulnerability warning-the black bar safety net
| Version: BBSGood. Speed Version 4.0 Vulnerability file: The UserInfo. asp Vulnerability description: Variable Blogurl unfiltered into an sql statement, leading toSql injectionvulnerability --- Code example: Line 1 7 2 9-1 8 5 3. | case 1 4 if Request. QueryString"save"=1 then if trimRequest...
linux/x86 execve shellcode generator null byte free
Exploit for generator platform in category shellcode =================================================== linux/x86 execve shellcode generator null byte free =================================================== / \ Shellcode Generator null byte free. Author: certaindeath This program generates a...
Joomla Component com_pinboard Remote File Upload Vulnerability
Exploit for unknown platform in category web applications ============================================================== Joomla Component compinboard Remote File Upload Vulnerability ============================================================== | | Joomla Component compinboard Remote File Upload...
Gravy Media Photo Host 1.0.8 Local File Disclosure Vulnerability
No description provided by source. ================================================================== =========Gravy Media Photo Host 1.0.8 Local File Inclusion======== ================================================================== Vendor:http://www.gravy-media.com/ Download:register to...
Virtue Book Store (cid) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ========================================================== Virtue Book Store cid Remote SQL Injection Vulnerability ========================================================== CMS : Online Book Store WEB : http://www.virtuenetz.com/book/...
Supernews 2.6 - index.php?noticia SQL Injection
Supernews 2.6 - index.php?noticia SQL Injection Supernews 2.6 SQL Injection Vulnability Download: http://phpbrasil.com/script-download/vT0FaOCySSH/5817 Discovered by Observing and DD3str0y3r Collaps3 CREW - Made In Brazil Dork: Supernews 2.6 Example:...
Flash Image Gallery 1.1 Arbitrary Config File Disclosure Vulnerability
No description provided by source. 0x01 Informations: Script : Flash Image Gallery 1.1 and maybe last version Download : http://www.flashimagegallery.com/download/fig116admin110.zip Vulnerability : Sensitive Data Disclosure Author : DarkbiteX Greets: : |OverclockiX| , |0oZeuzo0|, |Status-X|, |Fat...
Directory traversal
Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal...
Nagios 3.0.6 - 'statuswml.cgi' Arbitrary Shell Command Injection
source: https://www.securityfocus.com/bid/35464/info Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running th...
pango: pango_glyph_string_set_size integer overflow
Integer overflow in the pangoglyphstringsetsize function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as...
Invision Power Board (IP.Board) 3.0 - Multiple HTML Injection Information Disclosure Vulnerabilities
Invision Power Board IP.Board 3.0 - Multiple HTML Injection Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/34725/info Invision Power Board is prone to an information-disclosure issue and multiple HTML-injection vulnerabilities because it fails to properly sanitiz...