Spotify 0.8.2.610 (search func) Memory Exhaustion Exploit

Exploit for windows platform in category local exploits !/usr/local/bin/perl Spotify 0.8.2.610 search func Memory Exhaustion Exploit Vendor: Spotify Ltd Product web page: http://www.spotify.com Affected version: 0.8.2.610.g090a06f8 Summary: Think of Spotify as your new music collection. Your...

Spotify 0.8.2.610 (search func) Memory Exhaustion Exploit

Summary Think of Spotify as your new music collection. Your library. Only this time your collection is vast: millions of tracks and counting. Spotify comes in all shapes and sizes, available for your PC, Mac, home audio system and mobile phone. Wherever you go, your music follows you. Description...

Tube Ace Cross Site Scripting

Exploit Title: Tube AceAdult PHP Tube Script XSS Vulnerability Date: 15/02/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Tube Ace http://www.tubeace.com Tested on: Linux Dork: "?viewStandard=0" Comment Greetz: Hernan...

Unfixed XSS vulnerability at museum.samgd.ru

Security researcher Atmon3r, has submitted on 24/12/2011 a cross-site-scripting XSS vulnerability affecting museum.samgd.ru, which at the time of submission ranked 998031 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 24/12/2011. It is current...

Unfixed XSS vulnerability at www.ulm.de

Security researcher cAs, has submitted on 15/12/2011 a cross-site-scripting XSS vulnerability affecting www.ulm.de, which at the time of submission ranked 183885 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 16/12/2011. It is currently unfixe...

AlldataSheet Cross Site Scripting

Title: AlldataSheet Domains Cross Site Scripting Author: 3spi0n About AlldataSheet ; Alldatasheet was constructed in 2003 to help Engineers to find datasheet fast, easy and effective from vast volume. Since 2008, Alldatasheet became the most popular and powerful site for search datasheets. Poc...

Yet Another CMS 1.0 Cross Site Scripting / SQL Injection

Advisory: Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities Advisory ID: SSCHADV2011-031 Author: Stefan Schurtz Affected Software: Successfully tested on Yet Another CMS 1.0 Vendor URL: http://yetanothercms.codeplex.com/ Vendor Status: informed ========================== Vulnerability...

Qianbo Enterprise Web Site Management System Cross Site Scripting

cross site scripting XSS Vulnerability + Portal Name : qianbo + software : http://www.qianbo.com.cn + Author : d3c0der + Contact : [email protected] + Google dork : Web Site Technology Framework$B!'BQianbo Enterprise Web Site Management System Copyright...

Unfixed XSS vulnerability at www.gamerevolution.com

Security researcher Moonzorg, has submitted on 19/02/2011 a cross-site-scripting XSS vulnerability affecting www.gamerevolution.com, which at the time of submission ranked 15855 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/12/2011. It is...

Auto Database System 1.0 Infusion Addon - SQL Injection

Auto Database System 1.0 Infusion Addon - SQL Injection Exploit Title: PHP-Fusion Auto Database System 1.0 Infusion SQL injection Date: 8-2-2011 Author: Saif El-Sherei Software Link: http://www.php-fusion.co.uk/infusions/addondb/view.php?addonid=146 Version: Auto Database System 1.0 Infusion,...

PHP-Fusion Auto Database System 1.0 Infusion SQL Injection

Exploit Title: PHP-Fusion Auto Database System 1.0 Infusion SQL injection Date: 8-2-2011 Author: Saif El-Sherei Software Link: http://php.opensourcecms.com/scripts/redirect/download.php?id=480 Version: Auto Database System 1.0 Infusion, PHP-fusion 7.01..03 Tested on: Firefox 3.0.15, , IE 8, mySQL...

CmsEasp 2.0.0 XSS vulnerability

易通企业网站系统也称易通企业网站程序，是易通公司开发中国首套免费提供企业网站模板的营销型企业网站管理系统，系统前台生成html、完全符合SEO、同时有在线客服、潜在客户跟踪、便捷企业网站模板制作、搜索引擎推广等功能的企业网站系统。 CmsEasy 2.0.0 null http://server/index.php?act=search&case=%3Cscript%3Ealert%28/xss/%29%3C/script%3E...

Cisco Wireless Control System XSS

Product Name: Cisco Wireless Control System Vendor: http://www.cisco.com Date: 4 August, 2010 Author: [email protected] [email protected] Original URL: http://www.tomneaves.com/CiscoWirelessControlSystemXSS.txt Discovered: 8 July, 2010 Disclosed: 4 August, 2010 I. DESCRIPTION The Cisco Wireless...

Thousand Bo enterprise website management system v2010 Build 0 7 1 6 vulnerability analysis-vulnerability warning-the black bar safety net

Release time: 2010-07-16 Affected version: Thousand Bo enterprise website management system v2010 Build 0 7 1 6 Vulnerability Description: The search type injection vulnerability Default background address: http://127.1/system/AdminLogin.Asp Publishing author: m4r10 reproduced please indicate the...

Unfixed XSS vulnerability at www.afmm.fr

Security researcher Xylitol, has submitted on 07/01/2010 a cross-site-scripting XSS vulnerability affecting www.afmm.fr, which at the time of submission ranked 300643 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 25/12/2011. It is currently...

TWiki Search Function Arbitrary Command Execution

This module exploits a vulnerability in the search component of TWiki. By passing a 'search' parameter containing shell metacharacters to the 'WebSearch' script, an attacker can execute arbitrary OS commands. This module requires Metasploit: https://metasploit.com/download Current source:...

Scribd.com Cross Site Scripting

SecWorm.net - Advisory http://SecWorm.net/ Steam XSS Vulnerability ---------------------------------------------------------------------------- ------ 1. Advisory Information: ---------------------------------------------------------------------------- ------ Title:- Cross Site Scripting...

Sun Solaris AnswerBook2 Multiple Cross-Site Scripting Vulnerabilities

Sun Solaris AnswerBook2 is reported prone to multiple cross-site scripting vulnerabilities. These issues arise due to insufficient sanitization of user-supplied data facilitating execution of arbitrary HTML and script code in a user's browser. The following specific issues were identified: It is...

Advanced Image Hosting v2.2 XSS

No description provided by source. Vendor: http://yabsoft.com/ .. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + XSS + + http://server/search.php?text=%3Cscript%3Ealertdocument.cookie%3C/script%3E&dosearch=Search + + +...

Unfixed XSS vulnerability at www.safc.com

Security researcher cueballr, has submitted on 12/02/2009 a cross-site-scripting XSS vulnerability affecting www.safc.com, which at the time of submission ranked 112361 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/12/2011. It is currently...