CF Shopkart 5.3x (itemid) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================ CF Shopkart 5.3x itemid Remote SQL Injection Vulnerability ============================================================ CF ShopKart SQL vulnerability By learn3r hacker from Nepal...

Spiceworks 3.6.31847 XSS / XSRF

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-009 - Spiceworks Multiple Vulnerabilities XSS & CSRF Application: Spiceworks 3.6.31847 Vendor: Spiceworks Vendor website: http://www.spiceworks.com Author: Adam Baldwin [email protected] Class: XSS, CSRF I...

[NGENUITY] - Spiceworks Multiple Vulnerabilities (XSS & CSRF)

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-009 - Spiceworks Multiple Vulnerabilities XSS & CSRF Application: Spiceworks 3.6.31847 Vendor: Spiceworks Vendor website: http://www.spiceworks.com Author: Adam Baldwin [email protected] Class: XSS, CSRF I...

RHEL 5 : tomcat (RHSA-2009:1164)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2009:1164 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. It was discovered that the Red Hat Security...

Flyspeck CMS 6.8 Local File Inclusion

=-=-remote change add admin xpl/lfi-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-= script::Flyspeck CMS 6.8 ------------------------------------------------- Author: ahmadbady my site :Coming Soon =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= download...

TinyButStrong 3.4.0 - script Local File Disclosure

TinyButStrong 3.4.0 - script Local File Disclosure ' -. ,'-. ,' ' .--.===.--. ' .%%. .. -'=' /%%/ \ |%%/ local | |%%| ||.,-. %%| file |/ %\ // ' %\ include // , -'-. ,-. %\ /' ' |/' -=--=' ' -=-=- .' ||/ |||/ o o -=-=-=-==-=-=-=-=-=-=-=+-oooO---------+-=-=-=-=-=-=- | | | |...

php file system attacks the wizard-vulnerability warning-the black bar safety net

A. php file system path normalization attack In the path use the/and/. Will make the/etc/passwd/or/etc/passwd/. As a file is opened. II. php file system path truncation attack PHP has a path truncation issuea very evil means of snprintfallowing only the use of MAXPATH is as open file or directory...

phpCommunity 2.1.8 (SQL/DT/XSS) Multiple Vulnerabilities

No description provided by source. Salvatore "drosophila" Fresta + Application: phpCommunity 2 + Version: 2.1.8 + Website: http://sourceforge.net/projects/phpcommunity2/ + Bugs: A Multiple SQL Injection B Directory Traversal C Reflected XSS + Exploitation: Remote + Date: 07 Mar 2009 + Discovered...

[SECURITY] CVE-2009-0781 XSS in Apache Tomcat examples web application

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-0781: Apache Tomcat cross-site scripting vulnerability Severity: low Vendor: The Apache Software Foundation Versions Affected: Tomcat 6.0.0 to 6.0.18 Tomcat 5.5.0 to 5.5.27 Tomcat 4.1.0 to 4.1.39 Description: The calendar application in the...

Apache Tomcat Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-0781: Apache Tomcat cross-site scripting vulnerability Severity: low Vendor: The Apache Software Foundation Versions Affected: Tomcat 6.0.0 to 6.0.18 Tomcat 5.5.0 to 5.5.27 Tomcat 4.1.0 to 4.1.39 Description: The calendar application in the...

Mailist 3.0 Insecure Backup / LFI

Mailist 3.0 Insecure Backup/Local File Inclusion + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + www.hellzone.info + www.anti-intruders.org + Homepage : http://ninjadesigns.co.uk/ + Download : http://ninjadesigns.co.uk/enter/mailist.zip + Insecure Backup - Vulnerable code in...

Code injection

gpsdrive aka gpsdrive-scripts 2.10pre4 allows local users to overwrite arbitrary files via a symlink attack on the a /tmp/.smswatch or b /tmp/gpsdrivepos temporary file, related to 1 examples/gpssmswatch and 2 src/splash.c, different vectors than CVE-2008-4959 and CVE-2008-5380...

2532|Gigs 1.2.2 Stable Remote Login Bypass Vulnerability

No description provided by source. / ------------------------------------------------------------------------------------------------ 2532|Gigs 1.2.2 Stable Remote Login Bypass Vulnerability ------------------------------------------------------------------------------------------------ by athos ...

TWiki 4.x - 'URLPARAM' Cross-Site Scripting

source: https://www.securityfocus.com/bid/32669/info TWiki is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...

AJ Auction Authentication Bypass Vulnerability

No description provided by source. ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || || ==============================================================================...

Maran PHP Shop (prodshow.php) SQL Injection Vulnerability

No description provided by source. ------------------------------------------------------------------------------------------------------------- Maran PHP Shop prodshow.php SQL Injection Vulnerability http://www.maran.pamil-visions.com/maranshop.php...

indexscript30-sql.txt

------------------------------------------------------------------------------------------------------------- IndexScript v 3.0 sugcat.php?parentid - SQL injection Vulnerability http://www.indexscript.com/download.php IndexScript is a feature-rich and yet easy-to-use directory script that you can...

Fastpublish CMS 1.9999 (LFI/SQL) Multiple Remote Vulnerabilities

No description provided by source. Author: !DoktOR! Date found: 30.09.08 Product: fastpublish CMS Version: 1.9.9.9.9.d URL: www.fastpublish.de Download: http://www.fastpublish.de/richfiles/attachments/downloads/fastpublish19999dtrial.zip Vulnerability Class: SQL Injection SQL Injection Exploit 1:...

dynamicmp3-xss.txt

Author : Xylitol Contact : n/a Vendor : benjamin kuz www.ben.ursux.com Version: 2.0.1 D0rks : dynamic MP3 lister 2.0.1 by benjamin kuz :: netscape users click here Public release vulnz: 10/09/08 Impact: low Stop lammer Dynamic MP3 Lister 2.0.1 1. Description: Dynamic MP3 Lister is a quick, easy w...

epshop-sql.txt

Name : EPShop 3.0 pid Remote SQL Injection Vulnerability + Author : mikeX - http://www.cyber-underground.net / m$n: mikeXatfuckoffdotcom + Dorks: ?action=proshow and ?action=disppro + Greetz : Ciaran McG, -Witch-Doct0r, Kn, MegaByte, Squibs, cIpheR, mmmbud, RoMeo Information; You can't download a...