184 matches found
PHP-Charts 1.0 - index.php?type Remote Code Execution
PHP-Charts 1.0 - index.php?type Remote Code Execution !/usr/bin/python Original Advisory came from: http://packetstormsecurity.com/files/119582/PHP-Charts-1.0-Code-Execution.html infodox - insecurety.net import requests import random import threading import sys def genpayloadhost, port: """ Perl...
vOlk Botnet Framework v4.0 Multiple Vulnerabilities
Exploit for php platform in category web applications Title: ====== vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities Introduction: ============= vOlk-Botnet v4.0 is a remote administration tool, its main function is to manage the HOSTS file of the windows operating systems The code creat...
Flogr 2.5.6 / 2.3 Cross Site Scripting Vulnerabilities
Exploit for php platform in category web applications Flogr v2.5.6 & v2.3 - Cross Site Script Vulnerabilities Details: ======== Multiple non persistent cross site scripting vulnerabilities are detected in the Flogr v2.5.6 & v2.3 photo gallery CMS. The vulnerability allows remote attackers to hija...
Microsoft Service Cross Site Scripting
Title: ====== Microsoft Service - Persistent Web Vulnerabilities Date: ===== 2012-04-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=433 http://www.vulnerability-lab.com/getcontent.php?id=439 MSRC ID: 12209nj VL-ID: ===== 433 Introduction: ============= Official...
Group Office 3.5.9 Remote Command Execution
Title Group Office Remote Command Execution Vulnerability Author ADEO Security Published 16/07/2010 Version 3.5.9 Possible all versions Vendor http://www.group-office.com Download http://sourceforge.net/projects/group-office/files/3.5/groupoffice-com-3.5.9.tar.gz/download Description "Take your...
Greenwood Content Manager Code Execution
!usr/bin/python Greenwood Content Manager Remote Code Execution AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : http://ircrash.com My Official WebSite : http://r3dw0rm.ir IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm Sina Yazdanmehr Download :...
Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000
SEC Consult Security Advisory 20090429-0 ======================================================================= title: Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000 product: LevelOne AMG-2000 Wireless AP Management Gateway vulnerable version: Firmware =2.00.00build00600...
PHPLD 3.3 - Blind SQL Injection
PHPLD 3.3 - Blind SQL Injection phpLD 3.3 Blind SQL Injection http://www.phplinkdirectory.com/ magicquotesgpc = Off registerglobals = On Vulnerable: GET http://site/phpld/page.php?name= True Request: validpagename' or 1=1 False Request: validpagename' or 1=0 Try this urlencode: validpagename' or...
Cocoon Counter statistics program background written mA-vulnerability warning-the black bar safety net
Reference the latest Ocean to the top of the eval version in a few words, here to use is % eval reques tchr 3 5 % , "evalExecutePP. htm in the text box write your own code is added with 2006X2. exe conversion to generate the html text box in code. What is the text box you know? Don't just check t...
CVE-2006-2559
Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic...
RaidenHTTPD Web server / Quick 'n Easy Web Server / Baby ASP / Blazix Web Server / AN HTTPD / Xeneo scripts source code disclosure
It's possible to retrieve script source code by adding " ./" to request...
PHP-Nuke SQL Injection Edit/Save Message(s) Bug
Exploit for unknown platform in category web applications =============================================== PHP-Nuke SQL Injection Edit/Save Messages Bug =============================================== !/usr/bin/perl use LWP; $log = "poskomenphpnukesavemsg.txt"; $Agent = "Mbahmubangga/1.0"; $proxy ...
SnipSnap 0.5.2 - HTTP Response Splitting
source: https://www.securityfocus.com/bid/11180/info SnipSnap is reported prone to an HTTP response splitting vulnerability. The issue exists in the 'referer' parameter. The issue presents itself due to a flaw in the application that allows an attacker to manipulate how POST requests are handled...
Conceptronic CADSLR1 Router Denial of Service Vulnerability
Exploit for hardware platform in category dos / poc =========================================================== Conceptronic CADSLR1 Router Denial of Service Vulnerability =========================================================== $ $victima="ip.victim" $ perl -e 'print "GET / HTTP/1.1\r\nHost:...
SureCom EP-9510AXEP-4504AX Network Device - Malformed Web Authorisation Request Denial of Service (2)
SureCom EP-9510AXEP-4504AX Network Device - Malformed Web Authorisation Request Denial of Service 2 // source: https://www.securityfocus.com/bid/9795/info An issue in the handling of specific web requests by SureCom network devices has been identified. By placing a malformed request to the web...
Xerox MicroServer - Web Server Directory Traversal
source: https://www.securityfocus.com/bid/9256/info It has been reported that XeroxMicroServer/Xerox11 may be prone to a directory traversal vulnerability that may allow an attacker to traverse outside the server root directory by using '/..' or '/.' character sequences at the end of a URL reques...
CVE-2003-0424
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space %20 or . %2e characters to an HTTP request for the script, e.g. viewbroadcast.cgi...
CVE-2003-0424
The CVE-2003-0424 entry affects Apple QuickTime/Darwin Streaming Server prior to 4.1.3f. The vulnerability allows an attacker to disclose script source code by appending encoded characters (%20 space or %2e dot) to an HTTP request for a script (e.g., /view_broadcast.cgi). The issue is a Script So...
CVE-2002-0304
Lil HTTP Server 2.1 allows remote attackers to read password-protected files via a /./ in the HTTP request...
CVE-2001-0425
AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information...