1408 matches found
cPanel Cross Site Request Forgery
Exploit Title: cPanel " Afterwards simply check for ninjashell.php in the directory. III. Counter-measures All cPanel versions starting from 11.25 and above have two in-built security features to prevent such attacks - security tokens and referrer security check. This means that if you are a cpan...
cPanel < 11.25 - Cross-Site Request Forgery (Add User PHP Script)
Exploit Title: cPanel " Afterwards simply check for ninjashell.php in the directory. III. Counter-measures All cPanel versions starting from 11.25 and above have two in-built security features to prevent such attacks - security tokens and referrer security check. This means that if you are a cpan...
AWStats Totals 1.14 Remote Command Execution
$Id: awstatstotalsmultisort.rb 12715 2011-05-25 10:45:36Z patrickw $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
AWStats Totals multisort Remote Command Execution
This module exploits an arbitrary command execution vulnerability in the AWStats Totals PHP script. AWStats Totals version v1.0 - v1.14 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
AWStats Totals =< v1.14 multisort Remote Command Execution
Exploit for php platform in category web applications $Id: awstatstotalsmultisort.rb 12715 2011-05-25 10:45:36Z patrickw $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more...
AWStats Totals 1.14 multisort - Remote Command Execution (Metasploit)
$Id: awstatstotalsmultisort.rb 12715 2011-05-25 10:45:36Z patrickw $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
IceWarp install/index.html lang Parameter XSS
The remote web server hosts a PHP script that is susceptible to a cross-site scripting attack. The script 'install/index.html' does not properly sanitize input data to the 'lang' parameter before including it in HTML generated dynamically. As a result of this vulnerability, it is possible for a...
Symphony token Parameter SQL Injection
The version of Symphony hosted on the remote web server fails to sanitize input to the 'token' parameter when 'action' is set to 'resetpass' before using it in the 'content.login.php' script to construct a database query. An unauthenticated, remote attacker can exploit this issue to manipulate...
Design/Logic Flaw
IBM Rational Build Forge 7.1.0 uses the HTTP GET method during redirection from the authentication servlet to a PHP script, which makes it easier for context-dependent attackers to discover session IDs by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser history...
Football Website Manager 1.1 Cross Site Scripting / SQL Injection
========================================================================= Football Website Manager PHP Script BSQL-i / Persistent XSS Vulnerability ==========================================================================...
EyeOS file Parameter Directory Traversal
The version of EyeOS hosted on the remote host includes a PHP script, devtools/qooxdoo-sdk/framework/source/resource/qx/test/part/delay.php, that fails to sanitize input to the 'file' parameter before using it to return the contents of a file from the remote host. An unauthenticated, remote...
iCloudCenter JobSite PHP Script SQL Injection
========================================================================= ICloudCenter JobSite PHP Script SQL-i Vulnerability ========================================================================== +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=+=+= +=+=+=...
Honey Soft SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit title: Honey Soft sqli Date: 25 march 2011 Author: Hell hax0r Vendor: Honey Soft, http://www.honeysoft.net/ Version: 1.0 category: Webapps Google dork: "Powered by Honey Soft" Tested on: Windows xp service pack 2 All sites belonging to...
Online store PHP script - Multiple Cross-Site Scripting SQL Injections
Online store PHP script - Multiple Cross-Site Scripting SQL Injections source: https://www.securityfocus.com/bid/46960/info Online store php script is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting...
Online store PHP script - Multiple Cross-Site Scripting / SQL Injections
source: https://www.securityfocus.com/bid/46960/info Online store php script is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authenticati...
Online Store PHP Script By Goran Cross Site Scripting
f0und by: kurdish hackers team group: kurd-team c0ntact: [email protected] site: www.kurdteam.org ================================= ==============script=============== ================================= script: Online Store d0rk:Copyrights © 2009 - Online Store. All rights reserved. Powered by:...
Automne 4.1.0 Race Condition
// ------------------------------------------------------------------------ // Software................Automne 4.1.0 // Vulnerability...........Race Condition // Threat Level............Very Critical 5/5 // Download................http://en.automne-cms.org/ // Release Date............3/2/2011 //...
Raja Natarajan Guestbook 1.0 - Local File Inclusion
Raja Natarajan GUestbook 1.0 Local File Inclusion Exploit App: http://sourceforge.net/projects/phpscript/files/phpscript/Raja%20Guestbook/guestbook1.0.zip/download Author: h0rd Vuln: http://127.0.0.1/guestbook/add.php?lang=../../../../../../../../../../../../../../../etc/passwd%00 Thx: cr4wl3r,...
NetLink Shell Upload
====================================== NetLink Remote Arbitrary File Upload Vulnerability Download: http://sourceforge.net/projects/kp-netlink/ by lumut-- Homepage: lumutcherenza.biz ====================================== upload.php "; echo ""; echo "Filename: ".$filename; echo "File Type:...
NetLink - Arbitrary File Upload
====================================== NetLink Remote Arbitrary File Upload Vulnerability Download: http://sourceforge.net/projects/kp-netlink/ by lumut-- Homepage: lumutcherenza.biz ====================================== upload.php "; echo ""; echo "Filename: ".$filename; echo "File Type:...