vcart 3.3.2 Multiple Remote File Inclusion Vulnerabilities

No description provided by source. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Scripts : vcart version 3.3.2 Discovered By : k1n9k0ng Scripts site : http://www.visionburst.com/ Thanks To : sekuritionline, semprol, bajingan, mimid, r.i.p, x-code,...

adult-access.txt

Adult Script Unauthorized Administrative Access Exploit bodymargin:0px;font-style:normal;font-size:10px;color:FFFFFF;font-family:Verdana,Arial;background-color:3a3a3a;scrollbar-face-color: 303030;scrollbar-highlight-color: 5d5d5d;scrollbar-shadow-color: 121212;scrollbar-3dlight-color:...

Microsoft .NET Framework JIT编译器远程溢出漏洞（MS07-040）

BUGTRAQ ID: 24811 CVECAN ID: CVE-2007-0043 Microsoft .NET Framework是一个流行的软件开发工具包。 .NET Framework JIT编译器处理包含恶意数据的网页时存在漏洞，远程攻击者可能利用此漏洞控制用户系统。 .NET Framework...

Symantec Product Security: Norton Personal Firewall 2004 ActiveX Control vulnerability

SYM07-007 May 16, 2007 Symantec Norton Personal Firewall 2004 ActiveX Control Buffer Overflow Risk Impact Medium Affected Products Norton Internet Security 2004 Norton Personal Firewall 2004 Details CERT notified Symantec that a buffer overflow exists in an ActiveX Control used by Norton Personal...

SimpleBlog <= 2.0 (comments.asp) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ============================================================= SimpleBlog use IO::Socket; if@ARGV != 3 usage; else exploit; sub header print " SimpleBlog 2.0 SQL Injection Exploit \r\n"; print " www.asianeagle.org \r\n"; sub usage header;...

DeluxeBB 1.07 - Remote Create Admin

DeluxeBB 1.07 - Remote Create Admin !/usr/bin/perl DeluxeBB new or die; $cookiejar = HTTP::Cookies-new; $xpl-cookiejar $cookiejar ; $res = $xpl-post$url.'misc.php', Content = "sub" = "login", "name" = "$uname", "password" = "$passwd", "submit" = "Log-in", "redirect" = "", "expiry" = "990090909", ...

The link tooltip and the statusbar can be misleading

It is possible to make a form input that looks like an image link.If the form input has a "title" attribute, the status bar will showthe "title". A "title" which looks like a URL can mislead the user,since the title can say http://nice.familiar.com/, while the formaction can be something...

Solaris Runtime Linker - Exploit Detection

This is a demonstration of exploit detection using the Solaris implementation of C2 Auditing BSM to detect the system has been compromised. Of course , it helps to be logging locally as well to a secure central log server or protected media. This was tested on an unpatched Solaris 10 Sparc system...

Sun JavaMail 1.3.2 - MimeBodyPart.getFileName Directory Traversal

Sun JavaMail 1.3.2 - MimeBodyPart.getFileName Directory Traversal source: https://www.securityfocus.com/bid/13141/info Sun JavaMail is prone to a directory traversal vulnerability. This arises because the API fails to properly validate filenames in email attachments received by the applet. This...

tmp-advisory.txt

L0pht Security Tool and miniAdvisory Advisory released Jan 8 1999 Application: A tool designed to monitor directory activity, copy transient files based upon regular expression matching, syslog upon seeing links created, etc. etc. Severity: Just about every OS out there is replete with programs...