15 matches found
CVE-2026-23920
Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...
Exploit for Path Traversal in Microsoft
This repository is an exploit module for CVE-2021-40444, a remote code execution vulnerability in Microsoft Office Word. The repository contains a Python script exploit.py that generates a malicious docx document, a Windows DLL calc.dll that pops a calc.exe when executed, and a server script...
DEBIAN-CVE-2020-11934
It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...
UBUNTU-CVE-2020-11934
It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...
WeBBoA Host Script 1.1 - Remote SQL Injection Vulnerability
No description provided by source. There is Sql injection WeBBoA Host Script v1.1 Risk=High Exploit: http://SITE/?islem=hostsatinal&id=-1%20%20union%20select%200,1,2,kuladi,4,5,6,7,sifre%20from%20members+where+uyeid=1 Credit: EntriKa milw0rm.com 2006-06-19...
CVE-2013-5588
Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the step parameter to install/index.php or 2 the id parameter to cacti/host.php...
stuxnet-detect NSE Script
Detects whether a host is infected with the Stuxnet worm . An executable version of the Stuxnet infection will be downloaded if a format for the filename is given on the command line. See also: smb-vuln-ms10-061.nse Script Arguments stuxnet-detect.save Path to save Stuxnet executable under, with ...
resolveall NSE Script
NOTE: This script has been replaced by the --resolve-all command-line option in Nmap 7.70 Resolves hostnames and adds every address IPv4 or IPv6, depending on Nmap mode to Nmap's target list. This differs from Nmap's normal host resolution process, which only scans the first address A or AAAA...
targets-traceroute NSE Script
Inserts traceroute hops into the Nmap scanning queue. It only functions if Nmap's --traceroute option is used and the newtargets script argument is given. Script Arguments newtargets If specified, adds traceroute hops onto Nmap scanning queue. max-newtargets See the documentation for the target...
PHP Krazy Image Host Script 1.01 - 'id' SQL Injection
0x01 Informations: Name : PHP Krazy Image Host Script 1.01 Download : http://www.hotscripts.com/listings/jump/download/66961/ Vulnerability : Sql Injection Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/viewer.php Code $id = $GET'id';...
nbstat NSE Script
Attempts to retrieve the target's NetBIOS names and MAC address. By default, the script displays the name of the computer and the logged-in user; if the verbosity is turned up, it displays all names the system thinks it owns. Example Usage sudo nmap -sU --script nbstat.nse -p137 Script Output Hos...
CVE-2006-5140
SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script phpkimagehost 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter...
WeBBoA Host Script 1.1 - SQL Injection
WeBBoA Host Script 1.1 - SQL Injection There is Sql injection WeBBoA Host Script v1.1 Risk=High Exploit: http://SITE/?islem=hostsatinal&id=-1%20%20union%20select%200,1,2,kuladi,4,5,6,7,sifre%20from%20members+where+uyeid=1 Credit: EntriKa milw0rm.com 2006-06-19...
WeBBoA Host Script 1.1 Remote SQL Injection Vulnerability
No description provided by source. There is Sql injection WeBBoA Host Script v1.1 Risk=High Exploit: http://SITE/?islem=hostsatinal&id=-1%20%20union%20select%200,1,2,kuladi,4,5,6,7,sifre%20from%20members+where+uyeid=1 Credit: EntriKa milw0rm.com 2006-06-19...
WeBBoA Host Script 1.1 - SQL Injection
There is Sql injection WeBBoA Host Script v1.1 Risk=High Exploit: http://SITE/?islem=hostsatinal&id=-1%20%20union%20select%200,1,2,kuladi,4,5,6,7,sifre%20from%20members+where+uyeid=1 Credit: EntriKa milw0rm.com 2006-06-19...