MiniNuke <= 1.8.2 Multiple SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ======================================================== MiniNuke http://site/news.asp?Action=Print&hid=SQLQuery http://www.miniex.net/news.asp?Action=Print&hid=66%20union+select+0,sifre,0,0,0,0,0,0,0,0+from+members+where+uyeid=52 Columns ...

MiniNuke 1.8.2 - Multiple SQL Injections

MiniNuke 1.8.2 - Multiple SQL Injections Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: MiniNuke www.miniex.net Version: 1.8.2 and prior versions must be affected. About:Via this method remote attacker can inject SQL query to the news.asp --- How&Example:...

DEBIAN-CVE-2006-0147

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PhpOpenChat, possibly 7 MAXdev MD-Pro, and 8 Simplog, allows remote attackers to execute arbitrary PHP...

PT-2005-5499 · Apache · Jakarta Tomcat +1

Name of the Vulnerable Software and Affected Versions: Jakarta Tomcat versions 5.5.6 and earlier Description: The issue concerns multiple cross-site scripting XSS vulnerabilities in the example web applications for Jakarta Tomcat. These vulnerabilities allow remote attackers to inject arbitrary w...

EncapsGallery 1.0 - &#039;gallery.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/15836/info EncapsGallery is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...

Blog System v1.2 SQL inj. vuln.

Blog System v1.2 SQL inj. vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/blog-system-v12-sql-inj-vuln.html vendor:http://www.netartmedia.net/blogsystem/ affected version:v1.2 and prior Product Description: Blog System allows you to launch and...

PHPYellowTM 5.33 - search_result.php?haystack SQL Injection

PHPYellowTM 5.33 - searchresult.php?haystack SQL Injection source: https://www.securityfocus.com/bid/15700/info phpYellowTM is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL...

athena.txt

Language: PHP Script: Athena Version: 0.1a Official website: http://sourceforge.net/projects/athena Problem: Remote file inclusion Discovered by: beford & GB Description: =========== A simple website management system written in oo php that uses a mysql database to store user and group rights and...

netbsd/x86 setreuid0, 0; execve"/bin//sh", ..., NULL; 29 bytes

netbsd/x86 setreuid0, 0; execve"/bin//sh", ..., NULL; 29 bytes. Shellcode exploit for netbsdx86 platform / minervini at neuralnoise dot com c 2005 NetBSD/i386 2.0, setreuid0, 0; execve"/bin//sh", ..., NULL; note: unsafe shellcode, but 29 bytes long; doesn't work if eax & 0x40000000 != 0; / includ...

Unalz 0.x - Archive Filename Buffer Overflow

Unalz 0.x - Archive Filename Buffer Overflow source: https://www.securityfocus.com/bid/15577/info The 'unalz' utility is prone to a buffer-overflow vulnerability. This issue is exposed when the application extracts an ALZ archive that contains a file with a long name. An attacker could exploit th...

Remote file include in Q-News

Language: PHP Script: Q-News Version: 2.0 Official website: http://sourceforge.net/projects/q-news/ Problem: Remote file inclusion Discovered by: GB Description: =========== Q-News is a Quick News generator written in PHP that generates small text files that can be included a site, it has a lot o...

eQuickSQLXSS.txt

------------------------------------------------------ Nightmare TeAmZ Advisory 016 ------------------------------------------------------ Date - 11/2005 e-Quick Cart Sql & Xss AFFECTED PRODUCTS ================= e-Quick Cart http://www.cdmweb.com Xss Poof: ========...

PHPWebThings <= 1.4 (forum) SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================= PHPWebThings / && print "+ MD5 hash of password is: $1\n"; print "- Unable to retrieve hash of password\n" if!$1; 0day.today 2018-04-08...

Talking about after the invasion of the hardware destruction method-vulnerability warning-the black bar safety net

| Internetthe field of security, one foot magic ridge, and then strong fortress also has his deadly colony, hackersarttoday, was born many kinds of means of attack, and in front of the defense method is endless, but whether it is anti-both, all overlooked an important aspect-that is, hardware...

CVE-2005-3080

contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to read arbitrary files via the language field without a source field set...

CVE-2002-2006

CVE-2002-2006 affects Apache Tomcat 4.0–4.1 and 3.0–3.3.1. The vulnerability is an information disclosure: the default Tomcat distribution exposes installation path and other sensitive info via the Sno o pServlet and TroubleShooter example servlets. The issue is explicitly described as informatio...

kaiseki.txt

PNGƒJƒEƒ“ƒ^+—pƒƒO‰ðÍƒXƒNƒŠƒvƒg remote commands execution vulnerability Vendor URL : http://www.aurora.dti.ne.jp/zom/Counter/ Vulnerability : Remote Command Execution Risk : High ================================================================== An attacker may exploit this vulnerability to...

XOOPS 2.0.11 - xmlrpc.php SQL Injection

XOOPS 2.0.11 - xmlrpc.php SQL Injection !/usr/bin/perl Xoops 0 print qq\b\b DONE --------------------------------------------------------------- USER NAME : $name USER HASH : $allchar --------------------------------------------------------------- ; else print "\b\b FAILED "; exit; else...

ASPNuke 0.80 - forgot_password.asp?email Cross-Site Scripting

ASPNuke 0.80 - forgotpassword.asp?email Cross-Site Scripting source: https://www.securityfocus.com/bid/14062/info ASPNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...

AIX 5.2 - &#039;netpmon&#039; Local Privilege Escalation

/ IBM AIX netpmon elevated privileges exploit I just wanted to play with PowerPC Tested on 5.2 intropy intropy caughq.org / include include include include define DEBUG 1 define BUFFERSIZE 2048 define EGGSIZE 2048 define NOP 0x60 define ADDRESS 0x2ff22fff-BUFFERSIZE/2 char shellcodebinsh =...