Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection

A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS Cross Site Scripting, Directory Traversal, Code Execution, and more! Wow, that sure is a lot of vulnerabilities for one product. It would seem as if the...

Perl$hop e-commerce Script Trust Boundary Input Parameter Injection

No description provided by source. A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS Cross Site Scripting, Directory Traversal, Code Execution, and more! Wow, that sure is a lot of vulnerabilities for one...

Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection

Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS Cross Site Scripting, Directory Traversal, Code Execution, and more! Wow, that sure is a l...

Perl$hop e-commerce Script Trust Boundary Input Parameter Injection

Exploit for cgi platform in category web applications =================================================================== Perl$hop e-commerce Script Trust Boundary Input Parameter Injection =================================================================== A while back I was playing around with...

VLC媒体播放器Web界面input参数远程栈溢出漏洞

BUGTRAQ ID: 34126 VLC Media Player是一款免费的媒体播放器。 VLC媒体播放器的Web界面没有正确地验证用户所提交的input参数。如果远程攻击者提交了恶意的HTTP请求的话，就可以触发栈溢出，导致拒绝服务或执行任意代码。 VideoLAN VLC Media Player 0.9.8a 厂商补丁： VideoLAN -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.videolan.org/ http://www.sebug.net/exploit/5980/...

Simple Machines Forum (SMF) 1.1.5 (Windows x86) - Admin Reset Password

?php echo "---------------------------------------------------------------\n"; echo "SMF = 1.1.5 Admin Reset Password Exploit win32-based servers\n"; echo "coded by Raz0r http://Raz0r.name/\n"; echo "---------------------------------------------------------------\n"; if $argc3 echo "USAGE:\n"; ec...

Buffer overflow

Buffer overflow in the sqlitedecodebinary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite...

[SA18472] Widexl Download Tracker "ID" Parameter Cross-Site Scripting

TITLE: Widexl Download Tracker "ID" Parameter Cross-Site Scripting SECUNIA ADVISORY ID: SA18472 VERIFY ADVISORY: http://secunia.com/advisories/18472/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Widexl Download Tracker 1.x http://secunia.com/product/6830/...

[SA17771] Q-News "id" File Inclusion Vulnerability

TITLE: Q-News "id" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA17771 VERIFY ADVISORY: http://secunia.com/advisories/17771/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Q-News 2.x http://secunia.com/product/6232/ DESCRIPTION: GB has discovered a vulnerabilit...

CactuShop XSS and SQL injection flaws

The remote host runs CactuShop, an e-commerce web application written in ASP. The remote version of this software is vulnerable to cross-site scripting due to a lack of sanitization of user-supplied data in the script 'popuplargeimage.asp'. Successful exploitation of this issue may allow an...

phpMyAdmin -- cross-site scripting vulnerabilities

Multiple cross-site scripting vulnerabilities, caused by improper input parameter sanitizing, were detected in phpMyAdmin, which may enable an attacker to do cross-site scripting attacks...

CVE-2003-0116

CVE-2003-0116 affects Microsoft Internet Explorer 5.01, 5.5 and 6.0. The vulnerability arises from IE not properly validating the Cascading Style Sheet input parameter used by Modal dialogs, enabling remote code execution where an attacker can run script in a dialog and read local files via a cra...

Microsoft SQL Server 7.0/2000 / Data Engine 1.0/2000 - xp_displayparamstmt Buffer Overflow

// source: https://www.securityfocus.com/bid/2030/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow vulnerability which may cause the application to fail or arbitrary code to be executed o...