EAFlashUpload Remote File Upload Vulnerability

Exploit for php platform in category web applications -------------------------------------------------------------------+ Exploit Title : EAFlashUpload Remote File Upload Date : 27-5-2012 Author : Dr.SiLnT HilL Version : 2.6 Dork : inurl:"EAFlashUpload" Download :...

Cpanel 11.X Multiple CSRF Vulnerability

Exploit for php platform in category web applications Cpanel 11.X Multiple CSRF Vulnerability ==================================================================== .:. Author : AtT4CKxT3rR0r1ST email protected .:. Script : http://www.cpanel.net/ .:. Gr34T$ T0 aboud-el === Exploit === Add File...

IPhone TreasonSMS - HTML Inject & File Include Vulnerability

Title: ====== IPhone TreasonSMS - HTML Inject & File Include Vulnerability Date: ===== 2012-04-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=154 VL-ID: ===== 154 Introduction: ============= treasonSMS allows you to send SMS from your desktop computer. It turns your...

VMSA-2012-0007 VMware hosted products and ESX patches address privilege escalation

The remote ESXi is missing one or more security related Updates from VMSA-2012-0007. Summary VMware hosted products and ESXi/ESX patches address privilege escalation. Relevant releases Workstation 8.0.1 and earlier Player 4.0.1 and earlier Fusion 4.1.1 and earlier ESXi 5.0 without patch...

VMware ESXi/ESX patches address privilege escalation (VMSA-2012-0007)

The remote ESXi is missing one or more security related Updates from VMSA-2012-0007. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FCKeditor create a folder, Upload a file when“.” Change“_”to break-vulnerability warning-the black bar safety net

Some of the tips, and sometimes quite useful, to collect, data collection in the Internet...... FCKeditor file uploads“.” Change“”underscores the bypass method: This is published online: A lot of times the uploaded file for example: shell.php.rar or shell.php;. jpg becomes shellphp;. jpg this is...

Vulnerability in Fujitsu Interstage List Works Where Permissions Cannot Be Denied

Overview Fujitsu Interstage List Works has a vulnerability where, when Everyone or a group is granted permissions to access the archive folder and data through the management tool or command line, denying permissions for a specific user who belongs to these groups fails and is not reflected on th...

KedaiScript Shell Upload

Exploit Title: KedaiScript Remote Upload Shell Vulnerability DDate: 10-02-2012 Author: Netrondoank Software Link: www.kedaiscript.com Version: mlm10v21,mmgbinary,portal Tested on: windows 7 Contact: [email protected] E X P L O I T 1. Login As Demo...

SimogeoFilemanager Upload File Vulnerability

Exploit for php platform in category web applications RoxTeam Italian Hackers And Security Team 2012 Exploit Title: SimogeoFilemanager Upload File Vulnerability Date: 09/02/2012 Author: hack Author Email: RoxSecurityTeamatcomdothotmail.it Category: webapps Risk: Higt Vendor or Software Link:...

Elevating Privileges Via Windows Installers

There’s an odd bit of behavior that some Windows systems will exhibit when certain kinds of installers are launched, automatically elevating the privileges of the installer process to system-level privileges. In theory, the issue shouldn’t be exploitable because at one point in the process the...

XAMPP WebDAV PHP Upload Vulnerability

This host is running XAMPP and prone to PHP upload vulnerability. OpenVAS Vulnerability Test $Id: gbxamppwebdavphpuploadvuln.nasl 5841 2017-04-03 12:46:41Z cfi $ XAMPP WebDAV PHP Upload Vulnerability Authors: Sooraj KS Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net...

How to Move the VBRCatalog Folder

Purpose This article documents the procedure for moving the VBRCatalog folder. Solution VBRCatalog Location Requirements The VBRCatalog folder must be on the root of a given drive letter. Example: C:\VBRCatalog\ or D:\VBRCatalog\ The VBRCatalog cannot be redirected to a CIFS share or mapped netwo...

Secunia Research: DVR Remote ActiveX Control DVRobot Library Loading Vulnerability

====================================================================== Secunia Research 17/11/2011 - DVR Remote ActiveX Control DVRobot Library Loading Vulnerability - ====================================================================== Table of Contents Affected...

WordPress Plugin Zingiri 2.2.3 - ajax_save_name.php Remote Code Execution

WordPress Plugin Zingiri 2.2.3 - ajaxsavename.php Remote Code Execution get; 41. ifremoveTrailingSlash$sessionAction-getFolder == getParentPath$POST'id' && sizeof$selectedDocuments 42. 43. if$key = arraysearchbasename$POST'id', $selectedDocuments !== false 44. 45...

CVE-2010-4963

SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the orderby parameter...

PT-2011-1866 · Php Fusion · Php-Fusion

Name of the Vulnerable Software and Affected Versions: PHP-Fusion affected versions not specified Description: A directory traversal issue in maincore.php allows remote attackers to include and execute arbitrary local files via a .. dot dot in the folder level parameter. This issue has been...

WordPress Plugin Relocate Upload 0.14 - Remote File Inclusion

Exploit Title: Relocate Upload Wordpress plugin RFI Google Dork: inurl:wp-content/plugins/relocate-upload Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing Software Link: http://wordpress.org/extend/plugins/relocate-upload/download/ Version: 0.14 tested --- P...

Input validation

Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as...

PT-2011-3531 · Microsoft · Display Panning Cpl Extension +11

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2 through R2 SP1 Microsoft Windows 7 versions Gold through SP1 Description: T...

Adobe Shockwave Player Detection (Mac OS X SSH Login)

Detects the installed version of Adobe Shockwave Player on Mac OS X. The script logs in via ssh, and searches for adobe products SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...