1410 matches found
AutoIndex PHP Script 2.2.2 - 'PHP_SELF index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/26411/info AutoIndex PHP Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting use...
XAMPP for Windows 1.6.3a - Local Privilege Escalation
. //27.08.2007 16:36 .. //14.08.2007 14:21 108 .asadminpass //14.08.2007 14:21 772 .asadmintruststore //14.08.2007 18:31 .exe4j4 //26.08.2007 03:13 427 .glade2 //21.08.2007 16:35 .msf3 //10.08.2007 04:41 Contacts //27.08.2007 01:44 129 default.pls //27.08.2007 17:57 Desktop //23.08.2007 21:12 $qQ...
AutoIndex PHP Script 2.2.1 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/25448/info AutoIndex PHP Script is prone a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user i...
autoindexXSS.txt
Title : AutoIndex PHP Script searchmode Cross-Site Scripting Vulnerability Description : AutoIndex PHP Script is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. Software : http://autoindex.sourceforge.net/ Vuln. Version : = 2.2...
Mapos Bilder Galerie Version 1.0 Remote Command Execution Vulnerability
Mapos Bilder Galerie Version 1.0 Remote Command Execution Vulnerability ----------------------------------------------------------------------- Script : Mapos Bilder Galerie Version : 1.0 Site : http://www.mapos-scripts.de Founder : Rizgar Contact : [email protected] and irc.gigachat.net...
Unfixed XSS vulnerability at www.mikejordan.com
Security researcher KaBuS, has submitted on 08/03/2007 a cross-site-scripting XSS vulnerability affecting www.mikejordan.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/03/2007. It is currently...
paFileDB includes/search.php categories Parameter SQL Injection
The version of paFileDB installed on the remote host fails to sanitize user-supplied input to the 'categories' parameter before using it in the 'includes/search.php' script to make database queries. An unauthenticated attacker can exploit this issue to manipulate database queries, which could lea...
Unfixed XSS vulnerability at www.ethelrosenfeld.org.br
Security researcher KaBuS, has submitted on 07/03/2007 a cross-site-scripting XSS vulnerability affecting www.ethelrosenfeld.org.br, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/03/2007. It is...
Solar Empire <= 2.9.1.1 Blind SQL Injection / Hash Retrieve Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo " ------------------------------------------------------------------------ Solar Empire = 2.9.1.1 Blind SQL Injection / Hash Retrieve Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks t...
Re: DGNews version 2.1 SQL Injection Vulnerability
hi there there's also another sql injection on this script: news.php?go=fullnews&newsid=-9+union+select+1,2,loadfilechar47,101,116,99,47,112,97,115,115,119,100,4,5,6,720from20newscomment/ //result: "This news has 1 comments. Please read, or post one by click here. 5 by:...
Inout Meta Searh engine Remote Code Execution
!/usr/bin/php -q -d shortopentag=on ? echo " Inout Search Engine all version Remote Code Execution Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love "; if $argc3 echo "Usage: php ".$argv0." Host Path cmd Host: targe...
GForge CVSWeb CGI cvsweb.php PATH_INFO Parameter Arbitrary Command Execution
The remote host is running GForge, a web-based project for collaborative software development. The version of GForge installed on the remote host fails to sanitize user-supplied input to the 'plugins/scmcvs/cvsweb.php' script before using it to execute a shell command. An unauthenticated attacker...
sriweb-xss.txt
XSS found by fl0 fl0w in sri.ro Description: The Romanian Secret Service web site suffers from cross site scripting vulnerability. Author: fl0 fl0w Homepage: http://popesculescu.lx.ro File Size: 5,13 KB site 'search' variable XSS Cross Site Scripting in URI Desciption : This XSS variant usually...
tsp-exec.txt
!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$strin...
Snaps! Gallery 1.4.4 Remote User Pass Change Exploit
Exploit for unknown platform in category web applications ==================================================== Snaps! Gallery 1.4.4 Remote User Pass Change Exploit ==================================================== ?php / \|/// \ - - // @ @...
miniwebshop2-xss.txt
-=--------------------ADVISORY-------------------=- Mini Web Shop V.2 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Mini Web Shop -=+ Version: 2 -=+ Vendor's URL: http://obiewebsite.sourceforge.net/o.php?MiniWebShop -=+ Platform:...
RunCMS < 1.5.3 debug_show.php Multiple Vulnerabilities
The installed version of RunCMS fails to validate input to the 'class/debug/debugshow.php' script. An unauthenticated attacker may be able to leverage this issue to manipulate SQL queries or to determine information about local files on the affected host. %NASLMINLEVEL 70300 C Tenable Network...
mxBB Module FAQ & RULES 2.0.0 Remote File Inclusion Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? print ' mxBB Module MX Faq & Rules = 2.0.0 faq.php Remote File Include Exploit Vendor: http://www.mx-system.com/modules/mxpafiledb/dload.php?action=download&fileid=371 Bug found and Exploit by bd0rk from SOH-Crew Website1:...
DmCMS Shell Upload exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? / / DmCMS Shell Uploading / This exploit should allow you to execute commands / By : HACKERS PAL / WwW.SoQoR.NeT / echo' // / DmCMS Shell Uploading / / by HACKERS PAL [email protected] / / site: http://www.soqor.net /'; if...
meth-xss.txt
!/usr/bin/php -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =-=-=-=-=-= ISSUE: SIP protocol's fields such as From, To, Call-ID, User-Agent and many others can carry html tags, wich are shown unfiltered by the Asterisk Log File tools located at...