CVE-2012-2128

Cross-site request forgery CSRF vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129...

businesswiki 2.5rc3 - Persistent Cross-Site Scripting / Arbitrary file upload

!/usr/bin/python ''' Exploit Title: Stored XSS & Arbitrary File Upload Vulnerabilities in BusinessWiki. Date: 23/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://onbusinesswiki.com/ Software Link: http://sourceforge.net/projects/businesswiki/files/ Version: 2.5RC3 Gr33Tz:...

Cisco IOS Software Music on Hold Information Disclosure Vulnerability

Cisco IOS software contains a vulnerability that could allow an unauthenticated, remote attacker to access and disclose sensitive information. The vulnerability is due to insecure handling of multicast network traffic. An unauthenticated, remote attacker could exploit the vulnerability by...

Cisco IP Communicator Certificate Trust List Man-in-the-Middle Attack Vulnerability

Cisco IP Communicator contains a vulnerability that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks on a targeted system. The vulnerability is due insufficient validation of signing certificates in the Certificate Trust List which have been accepted by end...

Kamads Classifieds 2.0 - Admin Hash Disclosure

\n"; print "\nex...........: php $argv0 http://www.target.com/V2AXHTML/admin/admin.php\n"; die; else $ch = curlinit; curlsetopt$ch,CURLOPTURL,"$argv1"; $op1 = curlsetopt$ch,CURLOPTRETURNTRANSFER,true; curlsetopt$ch,CURLOPTUSERAGENT,"Mozilla/4.0 compatible; MSIE 5.01; Windows NT 5.0";...

phpcms V9 latest any read file vulnerability-vulnerability warning-the black bar safety net

Exploit code: /index. php? m=search&c=index&a=publicgetsuggestkeyword&url=asdf&q=../../phpssoserver/caches/configs/database.php !...

MSXML Exploit Surfaces in Black Hole Kit

Attackers really like exploit kits because they offer users the ease of point-and-click exploitation, lots of potential targets and don’t require a huge amount of technical knowledge to use. Attackers also enjoy Microsoft vulnerabilities, especially unpatched ones, because of the massive installe...

Real Networks RealPlayer - '.avi' File Divide-by-Zero Denial of Service

source: https://www.securityfocus.com/bid/54220/info Real Networks RealPlayer is prone to a remote denial-of-service vulnerability. Successful exploits may allow attackers to crash the affected application, resulting in denial-of-service conditions. RealPlayer 10 Gold is vulnerable; other version...

Kingview Touchview 6.53 - EIP Overwrite

Exploit Title: Kingview Touchview EIP direct control Date: June 24 2012 Exploit Author: Carlos Mario Penagos Hollmann Vendor Homepage: www.kingview.com Version: 6.53 Tested on: Windows SP 1 CVE : Open kingivew click on Make choose network configuration---network parameter , then go to the node ty...

Attackers Targeting MSXML Flaw With Malicious Flash Files

The unpatched vulnerability in Internet Explorer’s MSXML component that Microsoft warned users about earlier this month is being used in attacks that employ malicious Flash files. Researchers say that the attacks are taking the form of drive-by downloads launched from compromised legitimate sites...

Cisco AnyConnect Secure Mobility Client and Secure Desktop WebLaunch Software Downgrade Vulnerability

Cisco AnyConnect Secure Mobility Client and Secure Desktop contain a vulnerability that could allow an unauthenticated, remote attacker to replace software components on a targeted system. The vulnerability exists because the affected software performs insufficient validation of user-supplied...

Wordpress Plugins (wp-easy-gallery v1.8) Arbitrary Shell Upload

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Novell Client 4.91 SP3/4 Privilege Escalation

Novell Client 4.91 SP3/4 Privilege escalation exploit Download link: http://download.novell.com/Download?buildid=SyZ1G2ti7wU SecurityFocus: http://www.securityfocus.com/bid/27209/info CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5762 Patch:...

BeyondCHM 1.1 - Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= ============================================================================= BeyondCHM 1.1 Buffer Overflow price 32.56 EUR Url: http://www.beyondchm.com/ Author: shinnai...

LibreOffice 3.5.2.2 Memory Corruption

Exploit for multiple platform in category dos / poc -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ?php ------------------------------------------------------------------------------ LibreOffice 3.5.2.2 - soffice.exe\soffice.bin memory corruption author: shinnai mail: shinnaiatautisticidotorg site...

DocuWiki 2012/01/25 Cross Site Request Forgery / Cross Site Scripting

DokuWiki Ver.2012/01/25 Latest Version CSRF Add User Exploit Discovered by : Khashayar Fereidani Team Website : HTTP://IRCRASH.COM IRCRASH Security Community Facebook : http://facebook.com/fereidani Twitter : https://twitter.com/!/IRCRASH Facebook Page :...

Radius Manager V3.0.0=>4.0 CSRF Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

idev-WebsiteBuilder 1.0 CSRF Vulnerability

Exploit for php platform in category web applications Application Name : idev-WebsiteBuilder 1.0 Vulnerable Type : CSRF Demo : http://idevspot.com/demos/idev-websitebuilder/admin Author : Jonturk75 Greetz: Inj3ct0r Exploit DataBase 1337day.com 0day.today 2018-04-09...

Wolf CMS 0.75 Persistent Cross Site Scripting

+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Wolfcms al...

Exploit For Ms12-020 RDP Bug Moves to Metasploit

As the inquiry into who leaked the proof-of-concept exploit code for the MS12-020 RDP flaw continues, organizations that have not patched their machines yet have a new motivation to do so: A Metasploit module for the vulnerability is now available. It’s been a week now since Microsoft released a...