1826 matches found
Microsoft Windows XMLHTTP proxy problem
Because of insufficient request validation Msxml2.XMLHTTP ActiveX object can be used to proxy HTTML request via client browser...
Woltlab Burning Board Lite <= 1.0.2pl3e (pms.php) SQL Injection Exploit
Exploit for unknown platform in category web applications ======================================================================= Woltlab Burning Board Lite = 4.1 / if $argc6 printr' ------------------------------------------------------------------------------- Usage: php '.$argv0.' host path us...
Woltlab Burning Board Lite 1.0.2pl3e - 'pms.php' SQL Injection
= 4.1 / if $argc6 printr' ------------------------------------------------------------------------------- Usage: php '.$argv0.' host path user pass action OPTIONS host: target server ip/hostname path: path to wbblite user/pass: valid user credentials action: 1 vulnerability check 2 disclose admin...
CVE-2007-0419
The CVE-2007-0419 issue affects the BEA WebLogic Server proxy plug-in for the Apache HTTP Server (pre June 2006). The root cause is improper handling of protocol errors in the plug-in, which can allow remote attackers to cause a denial of service (server outage). The vulnerability description not...
webSPELL 4.01.02 - gallery.php Blind SQL Injection
webSPELL 4.01.02 - gallery.php Blind SQL Injection allowredirection1; $xpl-cookiejar1; function istrue$xpl,$host,$path,$prefix,$gid,$pid,$uid,$i,$h...
webSPELL 4.01.02 (gallery.php) Remote Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ================================================================= webSPELL 4.01.02 gallery.php Remote Blind SQL Injection Exploit ================================================================= allowredirection1; $xpl-cookiejar1; functio...
Multiple Squid cache proxy security vulnerability
externalacl queue infinite loop, FTP client code DoS on parsing FTP server listing...
ThWboard 3.0b2.84-php5 - SQL Injection / Code Execution
?php printr' ----------------------------------------------------------------------------- ThWboard =3.0 beta 2.84-php5 boardstyleid sql injection / cmd exec exploit by rgod dork: "powered by ThWboard" version specific: "powered by ThWboard 3 Beta 2.84-php5" "by Baecher & Gonschorek" mail: retrog...
Coppermine Photo Gallery 1.4.10 - xpl.php SQL Injection
Coppermine Photo Gallery 1.4.10 - xpl.php SQL Injection !/usr/bin/php "; print "\nProxyOptions..: "; print "\nExample.......: php xpl.php http://c.com/ admin passwd"; print "\n---------------------------------------------------------\n"; exit1; // 0 = xpl.php 1 = http://localhost/cpg1410/ 2 = roo...
Simple Web Content Management System Remote SQL Injection Exploit
Exploit for unknown platform in category web applications =========================================================================== Simple Web Content Management System Remote SQL Injection Exploit ================================================================= !/usr/bin/php Options.......:...
Kerio Winroute Firewall 5.10 users credentials leak
Application: Kerio Winroute Firewall 5.10 Vendor: Kerio Technologies Inc. Vendor Site: http://www.kerio.com Remote: Yes Exploitable: Yes Risk level: Critical if proxy requires authentication Authors: Alexander Antipov & 3APA3A aka Pig Killer Authors Sites: http://www.securitylab.ru...
What else can be ruined by antivirus?
What else will ruin AntiViruses? I have always been pleased with the "professionalism" of antivirus developers in everything, except for the viruses themselves take, for example, the same work with e-mail, whose standards are not followed by any of the manufacturers of anti-virus software. Anothe...
WebText 0.4.5.2 - Remote Code Execution
WebText 0.4.5.2 - Remote Code Execution DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=...
hlstats-sql.txt
Hlstats is more than 5 years old. HLstats has been downloaded more than 270,000 from http://sf.net. Nothing more than absolutely benign XSS has been reported for this application, until NOW. Merry Christmass, --Michael Brooks Homepage: http://sourceforge.net/projects/hlstats/ -----BEGIN PGP SIGNE...
HLStats 1.34 - 'hlstats.php' SQL Injection
= 1.20 works with magicquotesgpc=On by Michael Brooks / print "HLStats SQL Injection Exploit -------------------------------------------------------------------------------------------------------------------------------------------- Welcome To HLstats Exploit code. SQL Inection + Path Disclosure...
PHP-Update 2.7 - extract() Authentication Bypass Shell Injection
PHP-Update 2.7 - extract Authentication Bypass Shell Injection 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont+...
Mandiant First Response多个拒绝服务及代理劫持漏洞
Mandiant First Response是一款事件响应工具,用于收集所运行进程、系统服务之类的系统信息。 Mandiant First Response中存在多个安全漏洞,具体如下: 1 畸形客户端请求导致SSL代理拒绝服务 如果以守护程序模式运行的话,First Response代理(FRAgent.exe)会通过HTTP或修改过的HTTPS实现接受First Response控制台的远程连接。如果攻击者向启用了SSL的代理发送了一系列特制请求的话,就会强制代理出现异常,之后代理的套接字会陷入无限的CLOSEWAIT状态,所有之后的连接尝试也都会被拒绝,必须重启服务才能恢复连接。...
PHP-Proxima BB_Smilies.PHP本地文件包含漏洞
PHP-Proxima是一款基于PHP的WEB应用程序。 PHP-Proxima不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限查看系统文件内容。 问题是由于'BBSmilies.PHP'脚本对用户提交的'name'参数缺少过滤,提交包含多个"../"字符作为参数数据,可绕过WEB ROOT限制,以WEB进程权限查看系统文件内容。 PHP-Proxima 6.0 http://sourceforge.net/projects/phpproxima !/usr/bin/php -q -d shortopentag=on ? $devilteam = " :::::::...
PHPAlbum 0.4.1 Beta 6 - 'language.php' Local File Inclusion
DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Greetings DragonHeart and all DEVIL TEAM Patriots : - Leito & Leon | friend str0ke ; pepi,...
Envolution 1.1.0 - 'PNSVlang' Remote Code Execution
DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Greetings DragonHeart and all DEVIL TEAM Patriots : - Leito & Leon | friend str0ke ; pepi,...