210 matches found
Micronetsoft RV Dealer Website - SQL Injection
Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title: Micronetsoft RV Dealer Website SQLi Vulnerability Vendor url:http://www.micronetsoft.com Version:1 Price:199$ Published: 2010-09-06 GThanx to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic Bluehat, M4n0j,NoCare,...
chillyCMS 1.1.3 Cross Site Request Forgery
input type="hidden...
PHP-Nuke 8.0 Remote Blind SQL Injection
PHP-Nuke new; my $average = 0; print "+ Calculating average load time it may take a while ...\n"; for my $i = 0; $i get$hosto; my $time = time; $average += int$time-$bef; return $average/5; sub Nuke::Usage print "+ Usage: perl nuke.pl \n"; print "+ the host must be the complete path to...
Joomla! Component com_annonces - Arbitrary File Upload
Title:Joomla Component comannonces Upload Vulnerability Author: Sid3^effects Published: 2010-06-06 email:[email protected] vendor url : http://joomla.clubnautiquemarine.fr/ google dork : inurl:comannonces ooooo .oooooo. oooooo oooooo oooo 888' d8P' Y8b 888. 888. .8' 888 888 888. .8888. .8' 888 8...
Joomla! Component com_djClassifieds 0.9.1 - Arbitrary File Upload
Dork:inurl:comdjclassifieds ooooo .oooooo. oooooo oooooo oooo 888' d8P' Y8b 888. 888. .8' 888 888 888. .8888. .8' 888 888 888 .8'888. .8' 888 888 888.8' 888.8' 888 88b ooo 888' 888' o888o Y8bood8P' 8' 8' --------------------------------------------------------------------------------------...
Huron CMS SQL Injection
\|/// \ - - // @ @ ----oOOo---oOOo-------------------------------------------------- Huron CMS 8 11 2007 Auth Bypass SQL Injection Vulnerability Script: http://huroncms.googlecode.com/files/Huron28112007.zip Author: mat Mail: [email protected]...
iPhone / iPod - Udisk FTP Basic Edition Remote 0day DoS Exploit
Exploit for unknown platform in category dos / poc =================================================================== Apple iPhone/iPod - Udisk FTP Basic Edition Remote 0day DoS Exploit ===================================================================...
Joomla! Component com_schools - SQL Injection
Joomla! Component comschools - SQL Injection Joomla Component comschools SQL injection author:Mr.tro0oqy email:[email protected] exp: http://server/path/index.php?option=comschools&Itemid=89&schoolid=-53+union+select+1,groupconcatusername,0x3a,password,3,4,5,6,7,8,9,10,11+from+josusers-- demo :...
Add An Ad Script Remote File Upload
Exploit for unknown platform in category web applications =================================== Add An Ad Script Remote File Upload =================================== | | Add An Ad Script Remote PHP File Upload | | it works with Add An Ad Cart script and Add An Event script | | Site :...
Zabbix Server Multiple remote vulnerabilities
No description provided by source. Zabbix Server : Multiple remote vulnerabilities From: Nicob nicob nicob net Date: Sun, 13 Dec 2009 16:28:35 +0100 From Wikipedia : "Zabbix is a network management system application ... designed to monitor and track the status of various network services, server...
OS Commerce Bypass / Command Execution
OS Commerce authentication bypass Description: Accessing administration pages should give a login screen to unauthenticated users, however instead, data is displayed, and administrative commands can be executed. Apparently any page in the admin directory can be accessed in this way including file...
2WIRE Router 5.29.52 - Remote Denial of Service
""" ======================================== 2WIRE REMOTE DENIAL OF SERVICE ======================================== Device: 2wire Gateway Router/Modem Vulnerable Software: 5.29.52 Vulnerable Models: 1700HG 1701HG 1800HW 2071 2700HG 2701HG-T Release Date: 2009-09-00 Last Update: 2009-09-00...
Check Point Connectra R62 - LoginLogin Arbitrary Script Injection
Check Point Connectra R62 - LoginLogin Arbitrary Script Injection source: https://www.securityfocus.com/bid/36466/info Check Point Connectra is prone to an arbitrary-script-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to...
phpDirectorySource 1.0 - Cross-Site Scripting SQL Injection
phpDirectorySource 1.0 - Cross-Site Scripting SQL Injection ============================================================================== » ! Coder - Developer HTML / CSS / PHP / Vb6 . ! ============================================================================== » Web Business Directory 1.0...
LinkLogger 2.4.10.15 - syslog Denial of Service
LinkLogger 2.4.10.15 - syslog Denial of Service !/usr/bin/perl LinkLogger 2.4.10.15 syslog DoS Tested against 2.4.10.15 Coded by Mike Cyr, aka h00die mcyr2 at csc dotcom Notes: 1. Based on code from http://www.pythonprasanna.com/Papers%20and%20Articles/Sockets/udpspoofpl.txt 2. The exact amount o...
Job2C 4.2 Local File Inclusion
Job2C version 4.2 adtype MulTiple LFi Script: http://www.w2b.ru/download/Job2C.zip ---------------------------------------------------------- Discovered By: ZoRLu Date: 15.04.2009 Home: yildirimordulari.com / dafgamers.com / z0rlu.blogspot.com contact: [email protected] N0T: Herkes Hecker Olmu...
Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow
No description provided by source. - Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow - Description The Check Point Firewall-1 PKI Web Service, running by default on TCP port 18264, is vulnerable to a remote overflow in the handling of very long HTTP headers. This was discovered...
RavenNuke avartarlist.php模块PHP代码注入漏洞
BUGTRAQ ID: 33787 RavenNuke是基于PHP和MySQL的自动新闻发布和内容管理系统。 RavenNuke的avatarlist.php模块没有正确地验证对pregreplace调用所传送的patterns和replacements参数,远程攻击者可以通过向服务器提交恶意请求导致注入并执行任意PHP代码。以下是有漏洞的代码段: $patterns0 = '/.gif/'; $patterns1 = '/.png/'; ... $replacements1 = ''; $replacements0 = ''; ... $entryname =...
Nokia Phoenix Service Software ActiveX控件多个缓冲区溢出漏洞
BUGTRAQ ID: 33726 Nokia Phoenix Service Software是用于刷机诺基亚手机的软件。 Nokia Phoenix Service...
EPOLL SYSTEM 3.1 - 'Password.dat' Disclosure
!/usr/bin/python Portal Name: EPOLL SYSTEM Version : All version 'Google Dork : Powered by Egorix Exploit Coded by: PouyaServer Exploit Discovered by: PouyaServer Contact Me : [email protected] Epoll system login page = www.site.com/Path/admin.php import urllib import sys import parser...