ImperialBB <= 2.3.5 - Remote File Upload Exploit

No description provided by source. Title : ImperialBB = 2.3.5 Remote File Upload Vulnerability Date : 5th July 2008 Found by : PHPLizardo - http://phplizardo.2gb.fr Greetz : Gu1ll4um3r0m41n Howto : 1. Go to your User Control Panel 2. Upload any file you want 3. Tamper the request and change the...

Oracle Database Multiple Vulnerabilities (July 2008 CPU)

The remote Oracle database server is missing the July 2008 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Advanced Queuing - Advanced Replication - Authentication - Core RDBMS - Data Pump - Database Scheduler - Instance Managemen...

Cross-Site Scripting vulnerability in eCaptcha

Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in eCaptcha plugin for E107. I found this hole in July 2008 and disclosed it at 25.09.2008. XSS: POST query at page http://site/path/ecaptcha/?key=b7c9bf99e763252105f047a5ca5681d0 scriptalertdocument.cookie/script in field...

Team SHATTER Security Advisory: SQL Injection in Oracle Application Server &#40;WWEXP_API_ENGINE&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory SQL Injection in Oracle Application Server WWEXPAPIENGINE Audust 4, 2008 Risk Level: High Affected versions: Oracle Application Server 9.0.4.3, 10.1.2.2 and 10.1.4.1 Remote exploitable: Yes No authentication required...

powerdvd_bof.pl.txt

!/usr/bin/perl CyberLink PowerDVD ./evillist.m3u"; or .pls print m3u "$buffer"; print "\n-- Evil Playlist created... Have fun!\n"; July, 2008...

oracleidir-dos.txt

!/usr/bin/python """ Oracle Internet Directory 10.1.4 preauthentication Denial Of Service NOTES: Under 32 bits platforms it crashes immediately. Under 64 bits it may take even hours. Sometimes you need 2 shoots to crash OID completely. The server "commonly" tolerates one shoot, but even when you...

Oracle Internet Directory 10.1.4 - Remote Denial of Service

!/usr/bin/python """ Oracle Internet Directory 10.1.4 preauthentication Denial Of Service NOTES: Under 32 bits platforms it crashes immediately. Under 64 bits it may take even hours. Sometimes you need 2 shoots to crash OID completely. The server "commonly" tolerates one shoot, but even when you...

Oracle Portal XSS fixed by CPU July 2008

Class: Input Validation Error Risk: Low Remote: Yes Oracle has just released CPU July 2008 critical patch that fixes a flaw which allows code injection by malicious web users into the web pages viewed by other users. The security issue was found on POPUPNAME parameter OF PORTAL.WWPOBHOMEPAGE web...

[ECHO_ADV_100$2008] Comdev Web Blogger &lt;= 4.1.3 &#40;arcmonth&#41; Sql Injection Vulnerability

.OR.ID ECHOADV100$2008 ----------------------------------------------------------------------------------------- ECHOADV100$2008 Comdev Web Blogger = 4.1.3 arcmonth Sql Injection Vulnerability ----------------------------------------------------------------------------------------- Author :...

CVE-2008-1666

Technical details are not publicly available in the provided documents. Monitor for updates.

Path traversal

Unspecified vulnerability in the Database Scheduler component in Oracle Database 10.2.0.4 and 11.1.0.6 has unknown impact and local attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is an...

avlc-sql.txt

==================================================================== Avlc Forum vlcforum.php id Remote SQL Injection Vulnerability ==================================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Te...

MFORUM 0.1a Arbitrary Add-Admin Vulnerability

No description provided by source. ================================================= MFORUM 0.1a Arbitrary Add-Admin Vulnerability ================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...

Design/Logic Flaw

Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc...

VulnCheck KEV: CVE-2008-2244

Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc...

Mole Group Hotel Script 1.0 Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================== Mole Group Hotel Script 1.0 Remote SQL Injection Vulnerability ==============================================================...

Mole Group Last Minute Script <= 4.0 Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================================= Mole Group Last Minute Script = 4.0 Remote SQL Injection Vulnerability ======================================================================= Discovered By: t0pP8uZz...

WebXell Editor 0.1.3 Arbitrary File Upload Vulnerability

No description provided by source. =========================================================================== WebXell Editor uploadpictures.php Arbitrary File Upload Vulnerability =========================================================================== ,--^----------,--------,-----,-------^--...

ImperialBB 2.3.5 - Arbitrary File Upload

Title : ImperialBB :\r\n\n"; $code = trimfgetsSTDIN; $socket = @fsockopen$argv1, 80, $eno, $estr, 30;...