8132 matches found
Beetel 450TC2 Router Admin Password CSRF Vulnerability
No description provided by source. ??!-- Exploit Title: Beetel 450TC2 Router Admin Password Cross Site Request Forgery Vulnerability Date: 30/04/2014 Exploit Author: shyamkumar somana Vendor Homepage: www.beetel.in Version: 450TC2 - Firmware version : TX6-0Q-005retail Tested on: Windows 8 Beetel...
WordPress MM Forms Community plugin <= 1.2.3 - SQL Injection Vulnerability
No description provided by source. Exploit Title: WordPress MM Forms Community plugin = 1.2.3 SQL Injection Vulnerability Date: 2011-08-26 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/mm-forms-community.zip Version: 1.2.3 test...
Oracle Forms 10g/ 6i/9i/4.5.10/5.0/6.0.8 Services Unauthorized Form Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14319/info Oracle Forms Services is susceptible to an unauthorized form execution vulnerability. Attackers may exploit this vulnerability to execute arbitrary commands with the privileges of the Oracle account under which...
Wordpress Easy Contact Forms Export Plugin 1.1.0 Information Disclosure Vulnerability
No description provided by source. Description : Wordpress Plugins - Easy Contact Forms Export Information Disclosure Vulnerability Version : 1.1.0 Link : http://wordpress.org/extend/easy-contact-forms-exporter/ Plugins : http://downloads.wordpress.org/plugin/easy-contact-forms-exporter.zip Date ...
Jenkins 1.523 - Inject Persistent HTML Code
No description provided by source. 01. Advisory Information Title: Default markup formatter permits offsite-bound forms Date published : 2013-12-16 Date of last update: 2013-12-16 Vendors contacted : Jenkins CI v 1.523 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Information...
Joomla Component n-forms 1.01 - Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print \n; print \n; print Mambot Component n-forms Blind SQL Injection Exploit \n; print Author:The Moorish :D \n; print Greetz:Team-dz,His0k4,x.CJP.x,Kader11000,c02,piRAte DIgitAL\n; print...
XAMPP <= 1.7.3 multiple vulnerabilites
No description provided by source. / / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / , / / // / / / / / //// //|///||/,/ / /// Live by the byte |// Members: Pr0T3cT10n -=M.o.B.=- TheLeader Sro Debug Contact: [email protected] -----------------------------------...
CGIScript.NET csMailto Hidden Form Field Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4579/info CGIScript.NET csMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script. Reportedly, configuration values used by the script are...
Oracle Forms Servlet TLS Listener Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15039/info Oracle Forms is susceptible to a vulnerability that allows remote attackers to stop the TNS Listener service, denying further database service to legitimate users. By issuing a specific HTTP request, remote...
Microsoft IE4 Clipboard Paste Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/215/info The Windows clipboard contains data that has been cut or copied from various windows applications. This data can be accessed and posted to malicious web forms at web sites without the knowledge of the visiting...
SourceBans 1.4.7 XSS Vulnerability
No description provided by source. Exploit Title: SourceBans Version 1.4.7 XSS Google Dork: inurl:sourcebans/index.php?p=submit Date: Feb. 9th 2011 Author: Sw1tCh Software Link: http://www.sourcebans.net/ Version: 1.4.7 Info: SourceBans is an application for managing publicly the banned users for...
IBM OmniFind CSRF Vulnerability
No description provided by source. The forms in the administrator interface are not protected against XSRF. The attacker can do any action in the context of the victim. An example attack scenario could be: The attacker creates a malicious website with a prepared form to add a new user, which will...
Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/26414/info Microsoft Forms 2.0 ActiveX Control is prone to multiple memory-access violation denial-of-service vulnerabilities. Attackers can exploit these issues to crash Internet Explorer and deny service to legitimate...
IBM Forms Viewer - Unicode Buffer Overflow
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit3 Msf::Exploit::Remote Rank = NormalRanking include REXML include...
Public Media Manager
No description provided by source. Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg Public Media Manager = 1.3 formsdir Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/pmm-cms/files/ Dork : dieLamers attempt; :D Vuln : ./pmm-cms-1.3/comcal/calmenu.php line 4 ?p...
SpagoBI 4.0 - Persistent HTML Script Insertion
No description provided by source. 01. Advisory Information Title: Persistent HTML Script Insertion permits offsite-bound forms Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: Medium 02. Vulnerability...
WordPress Business Directory Plugin <= 1.0.2 - Multiple XSS
Because of these vulnerabilities in forms/search.php, the attackers can inject arbitrary web script or HTML via the few parameters: "edit", "pagelinks", searchterm, "page" or "pageid". Solution Update the plugin...
CVE-2014-4155
Cross-site request forgery CSRF vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0aZRDLK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/toolsadmin1...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0aZRDLK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/toolsadmin1...
CVE-2014-4155
Cross-site request forgery CSRF vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0aZRDLK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/toolsadmin1...