EUVD-2007-1379

Malware in sbrugna...

CVE-2005-0596

PHP 4 PHP4 allows attackers to cause a denial of service daemon crash by using the readfile function on a file whose size is a multiple of the page size...

Western Digital My Book World II NAS 1.02.12 Hardcoded Credential

Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Date: 19th Sep, 2019 Exploit Author: Noman Riffat, National Security Services Group NSSG Vendor Homepage: https://wd.com/ Software Link:...

Western Digital My Book World II NAS 1.02.12 - Authentication Bypass / Command Execution

Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Date: 19th Sep, 2019 Exploit Author: Noman Riffat, National Security Services Group NSSG Vendor Homepage: https://wd.com/ Software Link:...

Grimbb 1.3 Hash Disclosure Vulnerability

Exploit for php platform in category web applications Grimbb V1.3 User and Password Hash Disclosure ============================================== Discovered by NA, NAattutanota.com ======================================= Description ============ A PHP 4 Open Source Flat File Based Bulletin Board...

Grimbb 1.3 Hash Disclosure

Grimbb V1.3 User and Password Hash Disclosure ============================================== Discovered by NA, NAattutanota.com ======================================= Description ============ A PHP 4 Open Source Flat File Based Bulletin Board System - GrimBB uses text files to store the data for...

CVE-2007-1777

Integer overflow in the zipreadentry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow...

CVE-2007-1884

Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via 1 certain negative argument numbers that arise in the phpformattedprint function because of 64 to 32 bit...

PHP unserialize() Use-After-Free

Use After Free Vulnerability in unserialize Taoguang Chen - Write Date: 2015.2.3 - Release Date: 2015.3.20 A use-after-free vulnerability was discovered in unserialize with a specially defined object's wakeup magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary...

PHP 4/5 addslashes() NULL Byte Bypass

No description provided by source. source: http://www.securityfocus.com/bid/11981/info PHP4 and PHP5 are reported prone to multiple remotely exploitable vulnerabilities. These issue result from insufficient sanitization of user-supplied data. A remote attacker may carry out directory traversal...

PHPNuke 6.x Category Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9630/info It has been reported that PHPNuke may prone to a SQL injection vulnerability, due to insufficient sanitization user-supplied input. The problem is reported to exist in the $category variable contained within the...

Verlihub Control Panel <= 1.7.x Local File Inclusion Vulnerability

No description provided by source. Verlihub Control Panel v 1.7 PHP 4.x Local File Inclusion http://vhcp.verlihub- project.org/ Bug Found By Methodman From TEAMELITE - dchub.nemesis.te-home.net:4120 Bug: Line: 27 - inisetmagicquotesgpc,1; ............................ Line: 71 - $pagename =...

Netjuke 1.0 RC1 - SQL Injection Vulnerabilities

Title: ====== Netjuke 1.0 RC1 - SQL Injection Vulnerabilities Date: ===== 2012-04-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=506 VL-ID: ===== 506 Introduction: ============= The Netjuke is a Web-Based Audio Streaming Jukebox powered by PHP 4, a database and all...

SMF 2.0.1 SQL Injection / Privilege Escalation

!/usr/bin/python -- coding: iso-8859-15 -- Exploit Title: Smf = 2.0.1 Sql injection Vulnerability Author: The:Paradox Disclosure date: 06/12/2011 Software Link: http://download.simplemachines.org/ , http://www.php.net/releases/ Smf = 2.0.1 Sql injection Vulnerability - Priviledge escalation explo...

Froxlor v 0.9.15 Remote File Inclusion Vulnerbility

Exploit for php platform in category web applications Exploit Title: Froxlor v 0.9.15 Remote file include vulnerbility Google Dork: © 2009-2010 by the Froxlor Team Date: 26/1/2011 Author: DIES3L Software Link: http://www.froxlor.org Version: v 0.9.15 Tested on: ubuntu + win7 Email :...

Froxlor 0.9.15 - Remote File Inclusion

Exploit Title: Froxlor v 0.9.15 Remote file include vulnerbility Google Dork: © 2009-2010 by the Froxlor Team Date: 26/1/2011 Author: DIES3L Software Link: http://www.froxlor.org Version: v 0.9.15 Tested on: ubuntu + win7 Email : [email protected] Fichier : customerftp.php...

Froxlor 0.9.15 Remote File Inclusion

Exploit Title: Froxlor v 0.9.15 Remote file include vulnerbility Google Dork: © 2009-2010 by the Froxlor Team Date: 26/1/2011 Author: DIES3L Software Link: http://www.froxlor.org Version: v 0.9.15 Tested on: ubuntu + win7 Email : [email protected] Fichier : customerftp.php...

Froxlor 0.9.15 - Remote File Inclusion

Froxlor 0.9.15 - Remote File Inclusion Exploit Title: Froxlor v 0.9.15 Remote file include vulnerbility Google Dork: © 2009-2010 by the Froxlor Team Date: 26/1/2011 Author: DIES3L Software Link: http://www.froxlor.org Version: v 0.9.15 Tested on: ubuntu + win7 Email : [email protected] Fichier :...

ZeeMatri 3.x - Arbitrary File Upload

ZeeMatri 3.x - Arbitrary File Upload 1 1 0 I'm SONiC member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : ZeeMatri v3x- Arbitrary file upload Vulnerability Date : july 23,2010 Critical Level :VERY HIGH vendor URL :?? http://www.zeeways.co...

Mandriva Linux Security Advisory : php (MDVSA-2009:247)

Multiple vulnerabilities was discovered and corrected in php : The dbareplace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service file truncation via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the...