PT-2008-1001 · Zyxel +1 · Zywall Usg 300 +3

Name of the Vulnerable Software and Affected Versions: ZyXEL ZyWALL 1050 affected versions not specified ZyXEL ZyWALL USG 300 affected versions not specified Description: The issue is related to a hard-coded password for the Quagga and Zebra processes in the ZyXEL ZyWALL firewall/router operating...

gwextranet-include.txt

GWextranet Multiple Vulnerabilites Vendor: Messaging Architects http://www.gwtools.com/en/gwextranet/eval/ http://www.example/gwextranet/scp.dll/sendto?user=calendar+of+events&mid=474020FA.GWEMAILDEPOT.SDEPO.100.167656B.1.1B00.1&template=.././../../boot.ini%00...

E-vanced Solutions Multiple Vulnerabilites

E-vanced Solutions Multiple Vulnerabilites http://www.e-vancedsolutions.com First off, script code can be injected into all fields when you register for some event. This presents a possibility for cookie theft from logged in users. Next off, theres there exists an SQL injection point from the...

PT-2007-4905 · Mozilla · Firefox

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox version 2.0.0.4 Description: The issue allows remote attackers to cause a denial of service by opening multiple tabs in a popup window. However, this issue has been disputed by third-party researchers, who claim that they cann...

PT-2007-3644 · Bloofox · Bloofoxcms

Name of the Vulnerable Software and Affected Versions: BlooFoxCMS version 0.2.2 Description: The issue concerns a PHP remote file inclusion vulnerability in the install/index.php file of BlooFoxCMS. This vulnerability potentially allows remote attackers to execute arbitrary PHP code via a URL in...

devcode2.txt

/ version 0.5 Copyright c 2007 devcode ^^ D E V C O D E ^^ Windows .ANI LoadAniIcon Stack Overflow For Hardware DEP XP SP2 CVE-2007-1765 Description: A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers to take complete control of an affected...

AIOCP SQL Injection Vulnerability

i Product Name: AIOCP - All In One Control Panel i Vulnerable Versions: = 1.3.009 i Bug found by: Coloss i Contact: [email protected] i Date: 9.1.2007 i Spec: Parameter 'did' is not checked before it's used in a SQL Query so you are able to inject some evil SQL code Example shows how to retrieve...

[Full-disclosure] Layered Defense Advisory: Novell Client 4.91 Format String Vulnerability

================================================== Layered Defense Advisory 1 December 2006 ================================================== 1 Affected Software Novell Client 4.91 SP2 Novell Client 4.91 SP2 Patch Kit Novell Client 4.91 SP3 Earlier versions may also be vulnerable...

PT-2006-6587 · Exporia · Exporia

Name of the Vulnerable Software and Affected Versions: Exporia version 0.3.0 Description: A remote file inclusion issue in common.php allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. However, it's noted that further analysis by SecurityFocus disputes this issu...

[KAPDA::#61] - PacPoll <= 4.0 Multiple Vulnerabilities

KAPDA New advisory Vulnerable product : PacPoll = 4.0 Vendor: http://www.pacosdrivers.com/asp/poll/poll.asp Vulnerability: Admin Logon bypass , SQLInjection Date : -------------------- Found : 2006/10/10 Vendor Contacted : N/A Release Date : 2006/10/25 Vulnerabilities: -------------------- Admin...

phpBB Insert User Mod 0.1.2 - Remote File Inclusion

phpBB Insert User Mod 0.1.2 - Remote File Inclusion !/usr/bin/perl PHPBB insert user 0.1.2 Class: Remote File Include Vulnerability Patch: unavailable Date: 2006/10/12 Remote: Yes Type: high Site: http://www.grahameames.co.uk/phpbb/downloads/insertuser0.1.2.zip use IO::Socket; use LWP::Simple;...

simpleboard110.txt

World Defacers Team ====================================== --------------------Summary---------------- eVuln ID: WD23 Vendor: SimpleBoard Mambo Component 1.1.0 Vendor's Web Site: mamboxchange.com/projects/simpleboard Class: Remote PoC/Exploit: Available Solution: Not Available Discovered by:...

cutenews13.txt

Welcome people In World Defacers Team World Defacers Team ====================================== --------------------Summary---------------- eVuln ID: WD22 Vendor: CuteNews 1.3. Vendor's Web Site: http://cutephp.com/ Software: Live Customer Support Solution :- http://www.pansionat.net/novost/...

PHP Live! 3.2.1 - help.php Remote File Inclusion

PHP Live! 3.2.1 - help.php Remote File Inclusion Advisory: PHPLive 3.2 Remote Injection Vulnerability Release Date: 2006/07/23 Author: magnific Discovered: aneurysm.inc security reserach Risk: High Vendor Status: not contacted | no patch available Vendor Site: www.osicodes.com Contact:...

[KAPDA::#44] - NewsCMSLite Login ByPass by Cookie

KAPDA::44 - NewsCMSLite Login ByPass by Cookie Vulnerability KAPDA New advisory Vulnerable product : NewsCMSLite Vendor: http://www.katywhitton.com Vulnerability: Authentication Flaw in 'newsadmin.asp' Lets Remote User Gain Administrative Access . Date : -------------------- Found : 2006/05/21...

Mozilla Firefox <= 1.5.0.2 (js320.dll/xpcom_core.dll) Denial of Service PoC

No description provided by source. !-- --------------------------------------------------- Software: Firefox Web Browser Tested: Linux, Windows clients' version 1.5.0.2 Result: Firefox Remote Code Execution and Denial of Service - Vendor contacted, no patch yet. Problem: A handling issue exists i...

Mozilla Firefox <= 1.5.0.2 (js320.dll/xpcom_core.dll) Denial of Service PoC

Exploit for multiple platform in category dos / poc =========================================================================== Mozilla Firefox var textarea = document.getElementsByName"xOtherInfo"; textarea=textarea.item0; var htmlarea = document.createElement"div"; htmlarea.className =...

[eVuln] MWGuest XSS Vulnerability

New eVuln Advisory: MWGuest XSS Vulnerability http://evuln.com/vulns/122/summary.html --------------------Summary---------------- eVuln ID: EV0122 Vendor: Manic Web Software: MWGuest Sowtware's Web Site: http://www.manicweb.co.uk/ Versions: 2.1.0 Critical Level: Harmless Type: Cross-Site Scriptin...

[eVuln] CzarNews XSS and Multiple SQL Injection Vulnerabilities

New eVuln Advisory: CzarNews XSS and Multiple SQL Injection Vulnerabilities http://evuln.com/vulns/118/summary.html --------------------Summary---------------- eVuln ID: EV0118 CVE: CVE-2006-1640 CVE-2006-1641 Software: CzarNews Sowtware's Web Site: http://www.czaries.net/scripts/ Versions: 1.14...

CanfTool v1.1 Cross Site Scripting Attack

Cross Site Scripting Attack CanfTool v1.1 ========================================= Description : Conftool is a Web-based online system that was developed to supports many administrative tasks of conferences, workshops and seminars. It can help to make the management of events easier and much mor...