Play! Framework Directory Traversal Vulnerability

The Play! Framework is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Remote attackers can use a specially crafted request with directory- traversal sequences to read arbitrary files in the context of the user running the affected...

Play! Framework <= 1.0.3.1 Directory Transversal Vulnerability

Exploit for multiple platform in category remote exploits ============================================================== Play! Framework = 1.0.3.1 Directory Transversal Vulnerability ============================================================== Exploit Title: Play! Framework = 1.0.3.1 Directory...

Play! Framework 1.0.3.1 - Directory Traversal

Exploit Title: Play! Framework = 1.0.3.1 Directory Transversal Vulnerability Date: July 24, 2010 Author: kripthor Software Link: http://www.playframework.org/ Version: Play! Framework = 1.0.3.1 Tested on: Ubuntu 10 CVE : N/A Notes: 28/07/2010 at 14:03 - Developer contacted 28/07/2010 at 15:04 - F...

Play! Framework 1.0.3.1 - Directory Traversal

Play! Framework 1.0.3.1 - Directory Traversal Exploit Title: Play! Framework = 1.0.3.1 Directory Transversal Vulnerability Date: July 24, 2010 Author: kripthor Software Link: http://www.playframework.org/ Version: Play! Framework = 1.0.3.1 Tested on: Ubuntu 10 CVE : N/A Notes: 28/07/2010 at 14:03...

Канадские ученые доказали уязвимость USB-периферии

В то время как одни флэш-драйвы предназначены для переноса и хранения информации, другие совершенно без проблем могут, что называется, взламывать компьютер, к которому подключаются, и считывать личные данные пользователя. Группа исследователей из канадского Королевского Военного Колледжа...

Online Community CMS by I-net - SQL Injection

Exploit Title: Online Community CMS by I-net SQL Injection Vulnerability Date: 16-03-2010 Author: Th3 RDX Software Link: www.i-netsolution.com/online-community-php-scripts.html Version: Tested on: Projects Made By Them category: webapp Code :...

CableTEL Triple Play 1.0 SQL Injection

CableTEL's Triple Play v1.0 login.php Remote Login Bypass SQL Injection Exploit 21.12.2009 by Gjoko 'LiquidWorm' Krstic Zero Science Lab http://www.zeroscience.mk Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4925.php PoC: https://clients.site/clients/index.php user and pass: '+...

CableTEL's Triple Play v1.0 (login.php) Remote Login Bypass SQL Injection Vuln

Summary Triple Play is a PHP script that CableTEL offers its clients to check their internet traffic status. Description Triple Play suffers from a security bypass vulnerability login.php with sql injection attack. The login page can be accessed only by CableTEL's users. The script fails to...

Microsoft Plug and Play Service Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Microsoft Pl...

Ease Audio Cutter 1.20 (.wav file) Local Crash PoC

No description provided by source. !/usr/bin/perl Ease Audio Cutter 1.20 .wav file Local Crash PoC By : zAx Application Homepage : http://mp3-cutter.com Application Download : http://mp3-cutter.com/download/audiocutter.exe Description : Click Select file button, select our file and click Play...

Ease Audio Cutter 1.20 (.wav file) Local Crash PoC

Exploit for unknown platform in category dos / poc ================================================== Ease Audio Cutter 1.20 .wav file Local Crash PoC ================================================== !/usr/bin/perl Ease Audio Cutter 1.20 .wav file Local Crash PoC By : zAx Application Homepage :...

Ease Audio Cutter 1.20 - &#039;.wav&#039; Local Crash (PoC)

!/usr/bin/perl Ease Audio Cutter 1.20 .wav file Local Crash PoC By : zAx Application Homepage : http://mp3-cutter.com Application Download : http://mp3-cutter.com/download/audiocutter.exe Description : Click Select file button, select our file and click Play $crash = "\x42" x 15000; my $file =...

Sql injection

Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI...

CVE-2008-5629

SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a play action...

CVE-2008-5629

SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a play action...

pidgin: unrestricted download of arbitrary files triggered via UPnP

The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service memory or disk consumption via a UDP packet that specifies an arbitrary URL...

Turnkey Arcade Script (id) Remote SQL Injection Vulnerability

No description provided by source. ----------------Mor0ccan Nightmares---------------- ------------------------------ Script: Turnkey Arcade Script- ------------------------------ ----------------------------------- Site: http://www.turnkeyarcade.com- -----------------------------------...

Unfixed XSS vulnerability at www.playbytherules.net.au

Security researcher xylitol, has submitted on 10/11/2008 a cross-site-scripting XSS vulnerability affecting www.playbytherules.net.au, which at the time of submission ranked 3585026 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/11/2008. It...

MS Windows Plug-and-Play Service Remote Universal Exploit (MS05-039)

No description provided by source. / HOD-ms05039-pnp-expl.c: 2005-08-10: PUBLIC v.0.2 Copyright c 2005 houseofdabus. MS05-039 Microsoft Windows Plug-and-Play Service Remote Overflow Universal Exploit + no crash shellcode .:: houseofdabus ::...

DEBIAN-CVE-2008-2957

The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service memory or disk consumption via a UDP packet that specifies an arbitrary URL...