FineCMS 最新版sql注入一枚(无防御)

简要描述： FineCMS 最新版sql注入一枚 厂商不会又说6月份已经修复吧,我说了这只是一个开始.............................................................................................. 详细说明： 直接看代码： member/controllers/pm.php:lines：27-37： public function index if ISPOST if $this-input-post'action' == 'read' $this-pmmodel-setread$this-uid...

68kb Knowledge Base 1.0.0rc3 - Admin CSRF

No description provided by source. Exploit Title: 68kb Knowledge Base v1.0.0rc3 create administrator account CSRF Date: 2010-04-02 Author: Jelmer de Hen Software Link: http://68kb.googlecode.com/files/68kb-v1.0.0rc3.zip Version: v1.0.0rc3 html body onload=document.formsedit.submit form name=creat...

Nero Express 7.9.6.4 - Local Heap PoC

No description provided by source. !/user/bin/perl Exploit Title: Nero Express7 Local Heap Poc Date: 2010/01/01 Author: D3V!L FUCKER Version: Nero Express7 Ver.7.9.6.4 Tested on: windows vista sp0 After Setup Open Nero StartSmart Essentials = Favorites = Open Projects = explit.nir Code : $headr=...

Ultimate Auction 3.67 ItemList.PL Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16254/info Ultimate Auction is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitra...

SaralBlog 1.0 - Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/16306/info saralblog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities...

NoticeWare Email Server 4.6 NG LOGIN Messages Denial Of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30605/info NoticeWare Email Server NG is prone to a denial-of-service vulnerability because it fails to handle user-supplied input. Remote attackers can exploit this issue to deny service to legitimate users. NoticeWare...

iOS Serversman 3.1.5 - HTTP Remote DoS Exploit

No description provided by source. !/usr/bin/python Apple Iphone/Ipod - Serversman 3.1.5 HTTP Remote DoS exploit Found by: Steven Seeley mrme seeleymagic at hotmail dot com Homepage: http://serversman.com/indexen.jsp Download: From the app store Free - use your Itunes account Tested on: Iphone 3G...

Yellow Swordfish Simple Forum 1.10/1.11'topic' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27823/info Simple Forum is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...

PoPToP PPTP <= 1.1.4-b3 Remote Root Exploit (poptop-sane.c)

No description provided by source. / Fixed Exploit against PoPToP in Linux poptop-sane.c ./r4nc0rwh0r3 of blightninjas [email protected] blightninjas: bringing pain, suffering, and humiliation to the security world Expect more great release like helloworld-annotated.c and cd explained...

BlackBerry Enterprise Server 4.0/4.1 MDS Connection Service Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34573/info BlackBerry Enterprise Server MDS Connection Service is prone to a cross-site scripting vulnerability because it fails to adequately sanitize user-supplied input. An attacker may leverage this issue to execute...

i-pos Storefront 1.3 - 'index.asp' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29471/info i-pos Storefront is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

Zanfi CMS lite 1.2 - Multiple Local File Inclusion Vulnerabilities

No description provided by source. +Zanfi CMS lite / Jaw Portal free index.php page Multiple Local File Inclusion +Discovered by SirGod +MorTal TeaM +Greetz E.M.I.N.EM,Ras,Puscasmarin,ToxicBlood,HrN,Kemrayz,007m + Dork : Powered by: Zanfi Solutions + Local File Inclusion PoC :...

AdaptCMS 2.0.4 - config.php?question SQL Injection

AdaptCMS 2.0.4 - config.php?question SQL Injection Exploit Title: AdaptCMS = 2.0.4 SQL Injection vulnerability Date: 26/10/2012 Exploit Author: Kallimero Vendor Homepage: http://www.adaptcms.com/ Software Link: http://www.insanevisions.com/page/3/Downloads/ Version: 2.0.4 Tested on: Debian...

VitalogyWeb Cross Site Scripting

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x Official Website: http://www.1337day.com 0 1 x...

JPM Article Script 6 - page2 SQL Injection

JPM Article Script 6 - page2 SQL Injection source: https://www.securityfocus.com/bid/52528/info JPM Article Script 6 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker ...

Barracuda CSRF (change e-mail address)

Exploit for php platform in category web applications Exploit Title: Barracuda CSRF change e-mail address Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/barracuda/19576/ Category:: webapps Demo : http://demo.boonex.com/administration/ Greetz: Inj3ct0r Exploit DataBas...

Joomla! Component com_discussions - SQL Injection

Title : Joomla Discussions Component comdiscussions SQL Injection Vulnerability Author : Red Security TEAM Date : 17/01/2012 Risk : High Software : http://extensions.joomla.org/extensions/communication/forum/13560 Tested On : CentOS Contact : Info 4t RedSecurity d0t COM Home :...

Posse Softball Director CMS - &#039;team.php&#039; Blind SQL Injection

.-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-=--=-=--=-. Posse Softball Director CMS Blind SQL Injection Vulnerability team.php .-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-=--=-=--=-. + Autor: easy laster + Vulnerabilities Blind SQL Injection + Page:...

Netvolution 2.5.8 - &#039;referer&#039; Header SQL Injection

source: https://www.securityfocus.com/bid/49918/info Netvolution is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

Aspgwy Access 1.0.0 Cross Site Scripting

=========================================================== aspgwyaccess1.0.0 XSS Vulnerability ----------------------------------------------------------- foun by :kurd-team group : kurdish hackers team contact : [email protected] site : kurdteam.org...