mybbXSS.txt

XSS VULN IN ALL MYBB VERSIONS INCLUDING PR2 Vendor: given SEVEN days notice, no patch released! Just to say, I am apalled with the fact that I contacted MyBB on the 30 August, and was originally not planning to go public. However, because they have failed to release a patch I have decided to aler...

woltlab233.txt

Woltlab Burning Board = 2.2.2/2.3.3 modcp.php SQL injection Discovered by R Vendor: WoltLab URL: http://www.woltlab.de/ Version: = 2.3.3 Type: SQL-injection Description: -------------------------------- The WoltLab Burning Board is a high customisable board software for every kind of use. SQL...

phpBBkbmod.txt

phpBB - Knowledge Base MOD SQL-Injection vulnerability and Full Path Disclosure Discovered by R and deluxe89 Discussion: The phpbb - Knowledge Base MOD has a relatively hard to exploit SQL-Injection vulnerability. However, an attacker can exploit this bug and receive informations from the databas...

PT-2005-2672 · Postnuke · Postnuke

Name of the Vulnerable Software and Affected Versions: PostNuke versions 0.750 through 0.760RC3 Description: The issue allows remote attackers to obtain sensitive information via a direct request to "simple smarty.php", which reveals the path in an error message. Recommendations: For PostNuke...

Darryl Burgdorf Webhints Remote Command Execution Vulnerability

Description Darryl Burgdorf Webhints is prone to a remote command execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Technologies Affected Colored Scripts Easy Message Board Darryl Burgdorf Webhints 1.3.0 Recommendations Block...

Golden FTP Server Pro 2.52 Remote Buffer Overflow Exploit (2nd)

No description provided by source. / Golden FTP Server Pro remote stack BOF exploit author : c0d3r "kaveh razavi" [email protected] [email protected] risk : highly critical vender status : no patch released , all targets are vuln package : golden-ftp-server-pro 2.5.0.0 and prior advisory :...

Golden FTP Server Pro 2.52 - Remote Buffer Overflow (2)

Golden FTP Server Pro 2.52 - Remote Buffer Overflow 2 / Golden FTP Server Pro remote stack BOF exploit author : c0d3r "kaveh razavi" [email protected] [email protected] risk : highly critical vender status : no patch released , all targets are vuln package : golden-ftp-server-pro 2.5.0.0 and...

Golden FTP Server Pro 2.52 - Remote Buffer Overflow (2)

/ Golden FTP Server Pro remote stack BOF exploit author : c0d3r "kaveh razavi" [email protected] [email protected] risk : highly critical vender status : no patch released , all targets are vuln package : golden-ftp-server-pro 2.5.0.0 and prior advisory : http://secunia.com/advisories/15156/...

ADV: NetTerm's NetFtpd 4.2.2 Buffer Overflow + PoC Exploit

Vendor: InterSoft International Inc. Product: NetTerm Version: 5.1.1, probably lower versions too Vulnerability Type: Buffer Overflow Download Link: http://www.securenetterm.com/pub/nt32511i.exe Credits: Discovered by Sergio 'shadown' Alvarez, while dictating a 'Vuln-Dev on Win32 and Exploits...

[Full-disclosure] Shoutbox SCRIPT <= 3.0.2 Administrative MD5 Username and Password Retrieval

-=--------------------ADVISORY-------------------=- -= =- -= Shoutbox SCRIPT = 3.0.2 =- -= =- -= Author: CorryL www.x0n3-h4ck.org =- -= =- -=----------------------------------------------------=- -=+ Application: Shoutbox SCRIPT -=+ Version: 3.0.2 and prior -=+ Vendor's URL:...

ERNW Security Advisory 01/2005

ERNW Security Advisory 01-2005 Buffer Overflow in PMSoftware's Simple Web Server Author: Michael Thumann mthumannaternw.de 1. Summary: Simple Web Server doesn't do proper bounds checking handling normal GET requests. Sending an overlong page or script name, it causes an buffer overflow and an...

ss11012005.txt

/ / / \ / / / / / \ \ \ \ / / / / / \ / / // / / / / / / / / / // // / / / // / / / / // , / // / /// // //// // ,/ // / // \ / / / // / / // / /// , / // Ref: SS11012005 SYSTEMSECURE.ORG - Advisory/Exploit PUBLIC ADVISORY Software: MPM Guestbook Pro 1.05 maybe all versions Link:...

Winamp <= 5.04 Skin File (.wsz) Remote Code Execution Exploit

Exploit for unknown platform in category remote exploits ============================================================= Winamp Do not use Winamp ! back: http://inj3ct0r.com/sploits/186.rar index.html ----------- Load.php --------- foo.wsz foo.zip ----------------- /frame/ /maki/ /shade/ /html/...

Winamp &lt;= 5.04 Skin File (.wsz) Remote Code Execution Exploit

No description provided by source. This 0day exploit is known to be circulating in the wild There is no patch for this vulnerability - Do not use Winamp ! http://www.milw0rm.com/sploits/skinhead.rar 171 Ko index.html ----------- html head /head frameset rows=",1" framespacing="0" border="0"...

Winamp 5.04 - &#039;.wsz&#039; Skin File Remote Code Execution

This 0day exploit is known to be circulating in the wild There is no patch for this vulnerability - Do not use Winamp ! https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/418.rar skinhead.rar - 171 Ko index.html ----------- Load.php --------- foo.wsz foo.zip...

dosMac.txt

Advisory Name Local Denial Of Service Attack Against The SecurityServer Daemon In MacOS X, MacOS X Server, And Darwin. Release Date 12-30-03 Effected Platforms Apple MacOS X, MacOS X Server, and Darwin. Author Matt Burnett [email protected] Vendor Status No patch has been released as o...

Invision Power Top Site List &lt; 2.0 Alpha 3 - SQL Injection (PoC)

Invision Power Top Site List SQL Injection Vendor: Invision Power Services Product: Invision Power Top Site List Version: = 2.0 Alpha 3 Website: http://www.invisionpower.com/ BID: 9229 Description: Invision Power Top Site List is a flexible site ranking script written in PHP, the popular...

[CommerceSQL] Remote File Read Vulnerability

CommerceSQL shopping cart http://commercesql.com allows remote file reading. It only needs to specially prepared page variable in index.cgi to allow reading remote files like /etc/passwd By using prepared GET page variable it allows user to read remote files Example: With...

Thread-ITSQL XSS Vulnerability

Thread-ITSQL XSS Vulnerability Published: 24 September 2003 Released: 24 September 2003 Affected Systems: Thread-ITSQL Vendor: http://www.ymonda.co.uk Issue: Remote attackers can inject XSS script. Description: ============ "Thread-ITSQL message board product is designed specifically for SQL Serv...

myserver-0.4.1.txt

Topic: MyServer 0.4.1 DOS Product: Myserver 0.4.1 http://myserverweb.sourceforge.net Note: yep, I'm on the dole, anyone wanna give me a job : Vendor Notification: Woooops, sorry i forgot ; Background: from homepage MyServer is a free and easy to configure web server. MyServer is licensed under th...