MyServer 0.9.8 - Post.MSCGI Cross-Site Scripting

MyServer 0.9.8 - Post.MSCGI Cross-Site Scripting source: https://www.securityfocus.com/bid/24583/info MyServer is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script...

eNdonesia 8.4 (mod.php/friend.php/admin.php) Multiple Vulnerabilities

No description provided by source. bugs for Endonesia8.4 FInd:z1ckXru mail:[email protected] 1 http://localhost/en/mod.php?mod=XSS&op=viewlink&cid=5 2 http://localhost/en/friend.php your Friend:XSS 3 http://localhost/en/admin.php Main Text: XSS 4...

PHP-Nuke News Module Index.PHP SQL注入漏洞

PHP-Nuke News是一款基于PHP-Nuke的一个新闻模块。 PHP-Nuke News不充分过滤用户提交的URI输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是'Index.PHP'脚本对用户提交的'sid'参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息。 PHP-Nuke PHP-Nuke 7.9 PHP-Nuke PHP-Nuke 7.8 PHP-Nuke PHP-Nuke 7.7 PHP-Nuke PHP-Nuke 7.6 PHP-Nuke PHP-Nuke 7.5 PHP-Nuke PHP-Nuke 7.4...

spg-xss.txt

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + ;;ii,,:: + + :::: :: ;;tt;;:: + + ;;:: ..,,:: ;;ii,,:: + + ,,,, ii;;,, ii;;:: ;;ii,,:: + + ii:: tt;;,, ..tt;;,,.. ;;ii;;:: + + ii,,:: ttii,, ..ff;;;;::...

Cross site scripting & fullpath disclosure

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + ;;ii,,:: + :::: :: ;;tt;;:: + ;;:: ..,,:: ;;ii,,:: + ,,,, ii;;,, ii;;:: ;;ii,,:: + ii:: tt;;,, ..tt;;,,.. ;;ii;;:: + ii,,:: ttii,, ..ff;;;;:: ;;ii;;:: +...

Cahier de texte 2.0 (Database Backup/Source Disclosure) Remote Exploit

Exploit for unknown platform in category web applications ====================================================================== Cahier de texte 2.0 Database Backup/Source Disclosure Remote Exploit ====================================================================== !/usr/bin/perl INFORMATIONS...

ae2 (standart.inc.php) Remote File Include Vulnerability

No description provided by source. ae2 standart.inc.php Remote File Inclusion Download Source : http://ae.utbm.fr/equipeinfo/siteae-utbm-latest.tar.gz Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; standart.inc.php bugs ; requireonce$topdir...

PHP-Nuke 7.9 - 'Encyclopedia' SQL Injection

? / Neo Security Team - Exploit made by Paisterist on 2006-10-22 http://www.neosecurityteam.net / $host="localhost"; $path="/phpnuke/"; $prefix="nuke"; $port="80"; $fp = fsockopen$host, $port, $errno, $errstr, 30; $data="query=fooaa&eid=foo'//UNION SELECT pwd as title FROM $prefixauthors WHERE...

phpMyConferences-8.0.2.txt

phpMyConferences = 8.0.2 Remote File Inclusion Download Source : http://sedre.loria.fr/phpMyConference/phpMyConferences8.0.2.zip Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; menus.inc.php bugs ; include$lvcincludedir.'/menus-'.$view.'.inc.php';...

Jinzora-2.1.txt

Jinzora = 2.1 Remote File Inclusion Download Source : http://www.jinzora.com/downloads/j2.1.tar.gz Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; media.php bugs ; // include classes for extending. requireonce$includepath. 'backend/classes.php'; exmple and...

PHPMyConferences 8.0.2 - 'menu.inc.php' File Inclusion

phpMyConferences = 8.0.2 Remote File Inclusion Download Source : http://sedre.loria.fr/phpMyConference/phpMyConferences8.0.2.zip Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; menus.inc.php bugs ; include$lvcincludedir.'/menus-'.$view.'.inc.php';...

tagit2b -- Remote File Inclusion

tagit2b -- Remote File Inclusion Download Source : http://codewalkers.com/codefiles/453tagit2b.zip Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; delTagUser.php bugs ; include"$configpath/errmsg.inc.php"; exmple and methode exploit ;...

e-Vision CMS 2.0 (all_users.php) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? / / e-Vision CMS Remote sql injection exploit / By : HACKERS PAL / WwW.SoQoR.NeT / printr' // / e-Vision CMS Remote sql injection exploit / / by HACKERS PAL [email protected] / / site: http://www.soqor.net /'; if $argc2...

ToendaCMS 1.0.0 - 'FCKeditor' Arbitrary File Upload

!/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex =...

ipb216.txt

//Product :Invision Power Board //Version :2.1.6 and prior versions must be affected. //XSS= http://localhost/forum/admin.php?phpinfo=alert //You can steal only admins cookie. //www.spymastersnake.org //[email protected]...

EUVD-2002-2149

Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request...

Slackware 10.0 / 10.1 / 10.2 / current : X.Org pixmap overflow (SSA:2005-269-02)

New X.Org server packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security issue. An integer overflow in the pixmap handling code may allow the execution of arbitrary code through a specially crafted pixmap. Slackware 10.2 was patched against this vulnerability before...

Free SMTP Server open relay

Restriction to localhost relaying only doesn't work in default configuration...

CVE-2005-2729

The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services...

Adobe Version Cue 1.0/1.0.1 (OSX) - '-lib' Local Privilege Escalation

/ Adobe Version Cue VCNativeOSX: local root exploit. dyld by: vade79/v9 [email protected] fakehalo/realhalo Adobe Version Cue's VCNative program allows un-privileged local users to load arbitrary libraries"bundles" while running setuid root. this is done via the "-lib" command-line option. note:...