CMS from Scratch <= 1.9.1 (fckeditor) Remote File Upload Exploit

No description provided by source. !/usr/bin/perl ---------------------------------------------------------------- CMS from Scratch = 1.9.1 fckeditor Remote File Upload Exploit by yeat - stakerathotmaildotit http://scratchwebdesignforums.com/forums/index.php?showtopic=629...

Profense Web Application Firewall 2.6.2 XSRF/XSS Vulnerabilities

No description provided by source. Written By Michael Brooks Special thanks to str0ke! Affects: Profense Web Application Firewall XSRF and XSS Version: 2.6.2 download http://www.armorlogic.com/downloadsoftware.html "Defenses against all OWASP Top Ten vulnerabilities" Too bad it doesn't defend its...

phpslash <= 0.8.1.1 Remote Code Execution Exploit

Exploit for unknown platform in category web applications ================================================= phpslash agent 'Mozilla Firefox' ; // Hey ya : head; // Target $url = getp 'url', true ; // Proxy options $prh = getp 'proxhost' ; $pra = getp 'proxauth' ; // Use a proxy ? if $prh // host:...

Profense Web Application Firewall 2.6.2 - Cross-Site Request Forgery / Cross-Site Scripting

Written By Michael Brooks Special thanks to str0ke! Affects: Profense Web Application Firewall XSRF and XSS Version: 2.6.2 download http://www.armorlogic.com/downloadsoftware.html "Defenses against all OWASP Top Ten vulnerabilities" Too bad it doesn't defend its self against all of these...

MemHT Portal 4.0.1 - Remote Code Execution

MemHT Portal 4.0.1 - Remote Code Execution !/usr/bin/perl MemHT Portal 7 Main::Usage; else HTTP::UserAgent$uagent; MemHT::Login; MemHT::Exploit$file; MemHT Exploit Package package MemHT; sub Exploit my $resp; my $file = shift...

MemHT Portal 4.0.1 - Remote Code Execution

!/usr/bin/perl MemHT Portal 7 Main::Usage; else HTTP::UserAgent$uagent; MemHT::Login; MemHT::Exploit$file; MemHT Exploit Package package MemHT; sub Exploit...

[SECURITY] Fedora 9 Update: tor-0.2.0.33-1.fc9

Tor is a connection-based low-latency anonymous communication system. Applications connect to the local Tor proxy using the SOCKS protocol. The local proxy chooses a path through a set of relays, in which each relay knows its predecessor and successor, but no others. Traffic flowing down the...

Oracle WebLogic Server Plug-in Remote Overflow (1166189)

The remote web server is using the WebLogic plug-in for Apache, IIS, or Sun web servers, a module included with Oracle formerly BEA WebLogic Server and used to proxy requests from an HTTP server to WebLogic. The version of this plug-in on the remote host is affected by an as-yet unspecified buffe...

Simple Machines Forum - Destroyer 0.1

Exploit for unknown platform in category web applications ===================================== Simple Machines Forum - Destroyer 0.1 ===================================== !/usr/bin/perl use LWP::UserAgent; use Getopt::Std; use LWP::Simple; use HTTP::Request; Author: Xianur0 Uxmal666atgmail.com...

Joomla Live Chat (SQL/Proxy) Multiple Remote Vulnerabilities

No description provided by source. Joomla Live Chat http://www.joompolitan.com/livechat.html Google Dork: allinurl:option=comlivechat author: jdc SQL Injections: administrator/components/comlivechat/getChat.php && administrator/components/comlivechat/getSavedChatRooms.php don't sanitize the...

Simple Machines Forum (SMF) 1.1.6 - Local File Inclusion / Code Execution

!/usr/bin/perl @title: Simple Machines Forum Code Execution @versn: perl P:\advisories\smf\smflocalfileinclude.pl -s http://localhost/audit/smf116 -u regular -p test -d ii 0day Simple Machines Forum new cookiejar = , agent = "Mozilla FireFox" ; my %parms = s = "", d = 0, x = sub print " Proxy...

Fake FTP server accepts any command

The remote FTP service is not working properly OpenVAS Vulnerability Test $Id: ftpdanycmd.nasl 4218 2016-10-05 14:20:48Z teissa $ Description: Fake FTP server accepts any command Authors: Michel Arboi Copyright: Copyright C 2008 Michel Arboi This program is free software; you can redistribute it...

Fake FTP server accepts a bad sequence of commands

The remote FTP service accepts commands in any order. OpenVAS Vulnerability Test $Id: ftpdbadsequence.nasl 4218 2016-10-05 14:20:48Z teissa $ Description: Fake FTP server accepts a bad sequence of commands Authors: Michel Arboi Copyright: Copyright C 2008 Michel Arboi This program is free softwar...

FTP server accepts a bad sequence of commands

The remote FTP service accepts commands in any order. SPDX-FileCopyrightText: 2008 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fake FTP server accepts any command

The remote FTP service is not working properly SPDX-FileCopyrightText: 2008 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Invision Power Board <= 2.3.5 Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ========================================================== Invision Power Board = 2.3.5 Remote SQL Injection Exploit ========================================================== ?php errorreportingEALL;...

Privilege escalation: User is able to add a page to his watchlist without having the permission

Szenario: create user1 and user2 user1 has access to space1 user2 has access to space2 user1 can add a page to his watchlist by manipulating using a proxy like webscarab the postrequest to http://localhost:8080/dwr/exec/PageNotification.startWatching.dwr and replacing the id contained in paramete...

moodle-exec.txt

phpinfo.html '.$argv0.' "echo set" '.$argv0.' /full/local/path/to/file/for/upload/phpshell.php '; exit; $upload = false; iffileexists$code && isfile$code $upload = $code; $code = 'moveuploadedfile$FILESfiletmpname, basename$FILESfilename'; $code .= ';exit;'; $injectionpoints = array...

XSS and Data Manipulation attacks found in CMS PHPCart.

. . | / | | | / / | |/ // / / / |/ / // | / | | / / / // / |/| || /| / / / / / / / / | | / / / | // est.2007 / / forum.darkc0de.com -d3hydr8 - sinner01 - baltazar - P47r1ck - C1c4Tr1Z - beenu -rsauron - letsgorun - K1u - DON - OutLawz - MAGE -JeTFyrE -r45c4l -Bond Author: h4x0r Home :...

Invision Power Board &lt;= 2.3.5 Multiple Vulnerabilities Exploit (revised)

No description provided by source. !/usr/bin/php -q ?php errorreportingEALL ^ ENOTICE; yeah ... it rox : class ipbspl var $web; function main $this-mhead; Gimme your args $this-pattack = $this-getp'attack', true; $this-pprox = $this-getp'proxhost'; $this-pproxa = $this-getp'proxauth';...