1414 matches found
Abledesign Dynamic Picture Frame XSS
Vendor Site: http://abledesign.com/ Version affected: ??? Demo: http://abledesign.com/demo/pframe.php Class: Input Validation Error Overview: Dynamic Picture Frame is a PHP script which allows you to add a variety of picture frames of any size to images on your website. Dynamic Picture Frame fail...
AutoIndex PHP Script 2.2.2 - PHP_SELF index.php Cross-Site Scripting
AutoIndex PHP Script 2.2.2 - PHPSELF index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/26411/info AutoIndex PHP Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to...
XAMPP for Windows 1.6.3a - Local Privilege Escalation
XAMPP for Windows 1.6.3a - Local Privilege Escalation . //27.08.2007 16:36 .. //14.08.2007 14:21 108 .asadminpass //14.08.2007 14:21 772 .asadmintruststore //14.08.2007 18:31 .exe4j4 //26.08.2007 03:13 427 .glade2 //21.08.2007 16:35 .msf3 //10.08.2007 04:41 Contacts //27.08.2007 01:44 129...
AutoIndex PHP Script 2.2.1 - index.php Cross-Site Scripting
AutoIndex PHP Script 2.2.1 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/25448/info AutoIndex PHP Script is prone a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute...
XAMPP for Windows 1.6.3a - Local Privilege Escalation
. //27.08.2007 16:36 .. //14.08.2007 14:21 108 .asadminpass //14.08.2007 14:21 772 .asadmintruststore //14.08.2007 18:31 .exe4j4 //26.08.2007 03:13 427 .glade2 //21.08.2007 16:35 .msf3 //10.08.2007 04:41 Contacts //27.08.2007 01:44 129 default.pls //27.08.2007 17:57 Desktop //23.08.2007 21:12 $qQ...
AutoIndex PHP Script 2.2.1 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/25448/info AutoIndex PHP Script is prone a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user i...
AutoIndex PHP Script 2.2.2 - 'PHP_SELF index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/26411/info AutoIndex PHP Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting use...
autoindexXSS.txt
Title : AutoIndex PHP Script searchmode Cross-Site Scripting Vulnerability Description : AutoIndex PHP Script is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. Software : http://autoindex.sourceforge.net/ Vuln. Version : = 2.2...
Mapos Bilder Galerie Version 1.0 Remote Command Execution Vulnerability
Mapos Bilder Galerie Version 1.0 Remote Command Execution Vulnerability ----------------------------------------------------------------------- Script : Mapos Bilder Galerie Version : 1.0 Site : http://www.mapos-scripts.de Founder : Rizgar Contact : [email protected] and irc.gigachat.net...
Unfixed XSS vulnerability at www.mikejordan.com
Security researcher KaBuS, has submitted on 08/03/2007 a cross-site-scripting XSS vulnerability affecting www.mikejordan.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/03/2007. It is currently...
paFileDB includes/search.php categories Parameter SQL Injection
The version of paFileDB installed on the remote host fails to sanitize user-supplied input to the 'categories' parameter before using it in the 'includes/search.php' script to make database queries. An unauthenticated attacker can exploit this issue to manipulate database queries, which could lea...
Unfixed XSS vulnerability at www.ethelrosenfeld.org.br
Security researcher KaBuS, has submitted on 07/03/2007 a cross-site-scripting XSS vulnerability affecting www.ethelrosenfeld.org.br, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/03/2007. It is...
Solar Empire <= 2.9.1.1 Blind SQL Injection / Hash Retrieve Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo " ------------------------------------------------------------------------ Solar Empire = 2.9.1.1 Blind SQL Injection / Hash Retrieve Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks t...
Re: DGNews version 2.1 SQL Injection Vulnerability
hi there there's also another sql injection on this script: news.php?go=fullnews&newsid=-9+union+select+1,2,loadfilechar47,101,116,99,47,112,97,115,115,119,100,4,5,6,720from20newscomment/ //result: "This news has 1 comments. Please read, or post one by click here. 5 by:...
Inout Meta Searh engine Remote Code Execution
!/usr/bin/php -q -d shortopentag=on ? echo " Inout Search Engine all version Remote Code Execution Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love "; if $argc3 echo "Usage: php ".$argv0." Host Path cmd Host: targe...
GForge CVSWeb CGI cvsweb.php PATH_INFO Parameter Arbitrary Command Execution
The remote host is running GForge, a web-based project for collaborative software development. The version of GForge installed on the remote host fails to sanitize user-supplied input to the 'plugins/scmcvs/cvsweb.php' script before using it to execute a shell command. An unauthenticated attacker...
sriweb-xss.txt
XSS found by fl0 fl0w in sri.ro Description: The Romanian Secret Service web site suffers from cross site scripting vulnerability. Author: fl0 fl0w Homepage: http://popesculescu.lx.ro File Size: 5,13 KB site 'search' variable XSS Cross Site Scripting in URI Desciption : This XSS variant usually...
tsp-exec.txt
!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$strin...
Snaps! Gallery 1.4.4 Remote User Pass Change Exploit
Exploit for unknown platform in category web applications ==================================================== Snaps! Gallery 1.4.4 Remote User Pass Change Exploit ==================================================== ?php / \|/// \ - - // @ @...
miniwebshop2-xss.txt
-=--------------------ADVISORY-------------------=- Mini Web Shop V.2 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Mini Web Shop -=+ Version: 2 -=+ Vendor's URL: http://obiewebsite.sourceforge.net/o.php?MiniWebShop -=+ Platform:...