SMF 2.0.10 Remote Memory Exfiltration Exploit

Exploit for php platform in category web applications !/usr/bin/python -- coding: iso-8859-15 -- Title: SMF Filippo Roncari Truel Lab http://lab.truel.it import sys, requests, time, os, socket, thread, base64, string, urllib from multiprocessing import Process Payload config bytesnum = 000 num of...

Monsta FTP 1.6.2 - Multiple Vulnerabilities

Monsta FTP version 1.6.2 suffers from cross site request forgery and cross site scripting vulnerabilities. Exploit Title: CSRF XSS Monsta FTP Google Dork: intitle: Monsta FTP CSRF / XSS Date: 2015-09-11 Exploit Author: hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.monstaftp.com...

Vesta Control Panel 0.9.8 - OS Command Injection

Vesta Control Panel 0.9.8 - OS Command Injection Advisory ID: HTB23261 Product: Vesta Control Panel Vendor: http://vestacp.com Vulnerable Versions: 0.9.8 and probably prior Tested Version: 0.9.8 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor...

Vesta Control Panel 0.9.8 OS Command Injection Vulnerability

Vesta Control Panel version 0.9.8 suffers from an OS command injection vulnerability. Product: Vesta Control Panel Vendor: http://vestacp.com Vulnerable Versions: 0.9.8 and probably prior Tested Version: 0.9.8 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 2...

Vesta Control Panel 0.9.8 OS Command Injection

Advisory ID: HTB23261 Product: Vesta Control Panel Vendor: http://vestacp.com Vulnerable Versions: 0.9.8 and probably prior Tested Version: 0.9.8 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor Patch: June 3, 2015 Public Disclosure: June 17,...

CVE-2014-5447

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions 644 for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103...

Design/Logic Flaw

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions 644 for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103...

CVE-2014-5447

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions 644 for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103...

CVE-2014-5447

Technical details for CVE-2014-5447 are not publicly available in the provided documents. No concrete exploit vectors or affected versions are disclosed here; monitor for updates.

CVE-2014-5447

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions 644 for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103...

ownCloud Unencrypted Private Key Exposure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Senderek Web Security - Security Advisory ownCloud Unencrypted Private Key Exposure ========================================= https://senderek.ie/archive/2014/owncloudunencryptedprivatekeyexposure.php Revision: 1.00 Last Updated: 3 Aug 2014 Summary: I...

[ MDVSA-2014:182 ] zarafa

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:182 http://www.mandriva.com/en/support/security/ Package : zarafa Date : September 24, 2014 Affected: Business Server 1.0 Problem Description: Updated zarafa packages fix security vulnerabilities: Robert...

CVE-2014-0103

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files...

Information disclosure

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files...

CVE-2014-0103

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files...

Collabtive 1.0 (manageuser.php, task param) - SQL Injection Vulnerability

No description provided by source. Exploit Title: Collabtive 1.0 SQLi Date: 06/17/2013 Exploit Author: drone @dronesec More information: http://forelsec.blogspot.com/2013/06/collabtive-10-sqli.html Vendor homepage: http://collabtive.o-dyn.de/ Software link:...

session file spoofing vulnerability(marginalia non-cross-directory ideas)-vulnerability warning-the black bar safety net

Herein, the theoretical significance may be greater than the practical significance, only there is no way the time to provide ideas. 0x00 session description 0x01 Use Conditions 0x02 use ideas 0x03 vulnerability proof 0x04 prevention methods 0x00 session description Generally the web authenticati...

CVE-2012-2731

The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage...

CVE-2012-2731

The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage...

CVE-2012-2731

CVE-2012-2731 affects Ubercart AJAX Cart 6.x-2.x for Drupal prior to 6.x-2.1. The vulnerability stems from storing the PHP session ID in a JavaScript settings array on page loads, which could allow remote attackers to disclose sensitive information by sniffing or reading the HTML cache of a page....