Windows NT NNTP Component Buffer Overflow

The Network News Transfer Protocol NNTP component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an...

Windows NT NNTP Component Buffer Overflow

The Network News Transfer Protocol NNTP component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an...

krb5 security and bug fix update

1.6.1-36.el55.3 - add upstream patch to fix a few use-after-free bugs, including one in kadmind CVE-2010-0629, 578185 1.6.1-36.el55.2 - pull changes to libkrb5 to properly handle and chase off-path referrals back from 1.7 574387...

PHPWind 6.0 Cross Site Scripting

I found the PHPWind v6.0 just filter the xss code when the visitors login in, but it doesnt do it when login off. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This flaw makes its all the parameters...

BigForum 4.5 SQL Injection

Exploit Title: BigForum 4.5 SQL INJECTION EXPLOIT Date: 07.03.2010 Author: Ctacok Software Link: http://sourceforge.net/projects/npage-bigforum/ Version: 4.5 Tested on: Ubuntu 9.10 !/usr/bin/perl use LWP::Simple; print "\n"; print "\n"; print " BigForum Version: 4.5 SQL INJECTION \n"; print "...

BigForum 4.5 - SQL Injection

BigForum 4.5 - SQL Injection !/usr/bin/perl use LWP::Simple; print "\n"; print "\n"; print " BigForum Version: 4.5 SQL INJECTION \n"; print " Author: Ctacok Russian \n"; print " Blog : www.Ctacok.ru \n"; print " Special for Antichat forum.antichat.ru and xakep.ru \n"; print " Require : Magicquote...

BigForum Version 4.5 SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================ BigForum Version 4.5 SQL Injection Vulnerability ================================================ !/usr/bin/perl use LWP::Simple; print "\n"; print "\n"; print " BigForum Version: 4.5 SQL...

ONECMS 2.5 SQL Injection

Exploit Title: ONECMS v2.5 SQL INJECTION Date: 05.03.2010 Author: Ctacok and .:melkiy:. Software Link: http://sourceforge.net/projects/onecms/ Version: 2.5 Tested on: Ubuntu 9.10 Apache2+PHP5 !/usr/bin/perl use LWP::Simple; print "\n"; print "\n"; print " ONECMS v2.5 SQL INJECTION \n"; print " Bu...

RCA DCM425 Cable Modem - micro_httpd Denial of Service (PoC)

RCA DCM425 Cable Modem - microhttpd Denial of Service PoC !/usr/bin/python Title: RCA DCM425 Cable Modem microhttpd DoS/PoC Date: 02/27/10 Author: ad0nis [email protected] Info: This script causes a Denial of Service on a DCM425 cable modem. Sending 1040 bytes causes a reboot of the device...

Gravity Board X 2.0 Beta (Public Release 3) - SQL Injection

!/usr/bin/perl Exploit Title: Gravity Board X 2.0 BETA Public Release 3 SQL INJECTION Date: 26.02.2010 Author: Ctacok Software Link: http://www.gravityboardx.com/ Version: 2.0 BETA Public Release 3 Tested on: Windows SP 3 Code : exploit code use LWP::Simple; print "\n"; print "\n"; print " Gravit...

Gravity Board X 2.0 Beta (Public Release 3) - SQL Injection

Gravity Board X 2.0 Beta Public Release 3 - SQL Injection !/usr/bin/perl Exploit Title: Gravity Board X 2.0 BETA Public Release 3 SQL INJECTION Date: 26.02.2010 Author: Ctacok Software Link: http://www.gravityboardx.com/ Version: 2.0 BETA Public Release 3 Tested on: Windows SP 3 Code : exploit co...

Debian DSA-1907-1 : kvm - several vulnerabilities

Several vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-5714 Chris Webb discovered an off-by-one bug limiting KVM's VNC passwords to 7 characters. This flaw might make it...

Debian DSA-1902-1 : elinks - buffer overflow

Jakub Wilk discovered an off-by-one buffer overflow in the charset handling of elinks, a feature-rich text-mode WWW browser, which might lead to the execution of arbitrary code if the user is tricked into opening a malformed HTML page. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

FFmpeg Multiple Vulnerabilities - Linux

FFmpeg is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Aflam Online (Auth Bypass) SQL Injection

Exploit for unknown platform in category web applications ======================================== Aflam Online Auth Bypass SQL Injection ======================================== :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Exploit Title : Aflam Online Auth...

al3jeb script - Remote Authentication Bypass

al3jeb script - Remote Authentication Bypass '/ -.- --------------------oOO------OOo------------------- | al3jeb script Remote Login Bypass Exploit | | works only with magicquotesgpc = off | ------------------------------------------------------ ! Discovered: cr4wl3r ! Date: 19.01.2010 ! Remote:...

PHP-RESIDENCE 0.7.2 - Multiple Local File Inclusions

'/ -.- --------------------oOO------OOo------------------- | PHP-RESIDENCE ! Download: http://www.digitaldruid.net/download/php-residence0.7.2.zip ! Date: 30.12.2009 ! Remote: yes ! Code : include"./includes/templates/$templatedatadir/phrases.php"; ! PoC:...

PHP-RESIDENCE <= 0.7.2 Multiple LFI Vulnerability

Exploit for unknown platform in category web applications ================================================= PHP-RESIDENCE = 0.7.2 Multiple LFI Vulnerability ================================================= '/ -.- --------------------oOO------OOo------------------- | PHP-RESIDENCE = 0.7.2 Multipl...

MoME CMS 0.8.5 - Remote Authentication Bypass

'/ -.- --------------------oOO------OOo------------------- | MoME CMS ! Download: http://sourceforge.net/projects/mome/files/ ! Date: 16.01.2010 ! Remote: yes ! Code : //controllo user e passwd da login ifisset$POST'postedusername' && isset$POST'postedpassword' $query="SELECT FROM users WHERE...

DasForum Local File Inclusion

'/ -.- --------------------oOO------OOo------------------- | DasForum layout Local File Inclusion Exploit | | works only with magicquotesgpc = off | ------------------------------------------------------ ! Discovered: cr4wl3r ! Download: http://mirror.vocabbuilder.net/savannah/dasforum/ ! Date:...