92 matches found
LightOpenCMS 0.1 (smarty.php cwd) Local File Inclusion Vulnerability
No description provided by source. LightOpenCMS 0.1 smarty.php cwd Local File Inclusion Vulnerability bug found by Jose Luis Gongora Fernandez a.k.a JosS contact: sys-projectathotmail.com website: http://www.hack0wn.com/ - download: http://sourceforge.net/project/showfiles.php?groupid=251474...
Pivot 1.40.4-7 Multiple Remote Vulnerabilities
No description provided by source. Pivot - XSS and HTML Injection Vulnerabilities Versions Affected: 1.40.4 and 1.40.7 22nd March 2009 newest Info: Pivot is a web-based tool to help you maintain dynamic sites, like weblogs or online journals. Pivot is released under the GPL so it is completely fr...
Yogurt 0.3 (XSS/SQL Injection) Multiple Remote Vulnerabilities
No description provided by source. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Name : Yogurt Site :...
Desi Short URL Script (Auth Bypass) Insecure Cookie Handling Vuln
No description provided by source. Desi Short URL Insecure Cookie Handling Vulnerability Discovered By:N@bilX Home:ma-exploit.com /m4r0c-s3curity.cc email:[email protected] Not: jib L3az Wla Khaz ma --------------------...
Winamp skin.xml皮肤文件处理缓冲区溢出漏洞
BUGTRAQ ID: 34009 Winamp是一款流行的媒体播放器,支持多种文件格式。 如果Winamp受骗加载了恶意的皮肤文件的话,就可能触发缓冲区溢出,导致在用户系统上执行任意代码。 Nullsoft Winamp 5.541 厂商补丁: Nullsoft -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.winamp.com/ http://www.sebug.net/exploit/5933/...
FreeBSD 'telnetd' Daemon Remote Code Execution Vulnerability
FreeBSD is prone to a remote code-execution vulnerability. Remote attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will facilitate in the complete compromise of affected computers. FreeBSD 7.0-RELEASE is vulnerable; other...
Audacity '.aup'项目文件解析缓冲区溢出漏洞
BUGTRAQ ID: 33160 CNCAN ID:CNCAN-2009010801 Audacity是一款数码音效处理程序。 Audacity处理'.aup'文件存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 构建包含超长字符的'.aup'文件,诱使用户使用Audacity导入,可导致以应用程序权限执行任意指令。 Audacity 1.6.2 厂商解决方案 目前没有详细解决方案提供: http://audacity.sourceforge.net/ http://www.sebug.net/exploit/5573/...
Ultimate PHP Board请求记录HTML注入漏洞
BUGTRAQ ID: 33029 Ultimate PHP Board(UPB)是一款由PHP编写的免费开放源代码公告板程序,可使用在Unix和Linux操作系统下。 Ultimate PHP Board没有正确地过滤通过HTTP User-Agent头所传送的输入,远程攻击者可以通过向论坛提交恶意请求注入任意HTML和脚本代码。当在IP地址日志中查看恶意数据的时候,就会在用户浏览器会话中执行注入的代码。 Ultimate PHP Board Ultimate PHP Board = 2.2.1 Ultimate PHP Board ------------------...
Windows Media Player WAV/MID/SND文件解析整数溢出漏洞
BUGTRAQ ID: 33018 Windows Media Player是Windows操作系统中默认捆绑的媒体播放器。 如果用户使用Windows Media player打开了恶意的WAV、SND或MID文件的话,就可能触发整数溢出,导致在用户系统上执行任意代码。 Microsoft Windows Media Player 9.0 Microsoft Windows Media Player 11 Microsoft Windows Media Player 10.0 厂商补丁: Microsoft ---------...
TmaxSoft JEUS Alternate Data Streams File Disclosure Vulnerability
No description provided by source. Title: TmaxSoft JEUS Alternate Data Streams Vulnerability Author: Simon Ryeobar4mi at gmail Severity: High Impact: Remote File Disclosure Vulnerable Version: JEUS 5: Fix26 on NTFS References: - http://www.microsoft.com/technet/security/bulletin/ms98-003.mspx -...
MS Internet Explorer XML Parsing Remote Buffer Overflow Exploit 0day
No description provided by source. // ksOSe 12/10/2008 - tested on winxp sp3, explorer 7.0.5730.13 // windows/exec - 141 bytes // http://www.metasploit.com // EXITFUNC=seh, CMD=C:\WINDOWS\system32\calc.exe http://sebug.net/paper/poc/2008-iesploit.tar.gz...
Nero ShowTime .m3u文件处理缓冲区溢出漏洞
BUGTRAQ ID: 32446 Nero ShowTime是一款高清DVD播放器。 Nero ShowTime播放器没有正确地验证m3u播放列表文件中的超长文件名,如果用户受骗加载了恶意文件的话就可能触发缓冲区溢出,导致执行任意指令。 Nero ShowTime 5.0.15.0 Nero ---- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.nero.com http://www.sebug.net/exploit/5234/...
U-Mail edit.php任意文件上传漏洞
BUGTRAQ ID: 32013 CVECAN ID: CVE-2008-4932 U-Mail专家级邮件系统是福洽科技最新推出的第四代企业邮局系统。 U-Mail邮件系统的edit.php文件没有正确地处理HTTP POST参数,远程攻击者可以通过提交恶意请求向webroot下的任意文件写入数据。如果向带有.php扩展的文件写入了PHP代码的话,就可能导致执行任意代码。 ComingChina.com U-Mail 4.91 ComingChina.com --------------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
Aztec ActiveX 'Aztec.dll' ActiveX控件任意文件覆盖漏洞
BUGTRAQ ID: 31974 CNCAN ID:CNCAN-2008103002 MW6 Aztec ActiveX是一款条形码组件。 MW6 Aztec ActiveX 'Aztec.dll'存在设计问题,远程攻击者可以利用漏洞以应用程序权限覆盖系统文件。 控件对SaveAsBMP和SaveAsWMF方法处理存在问题,构建恶意WEB页,诱使用户访问,可导致以应用程序权限覆盖系统文件。 MW6 Technologies Aztec ActiveX 3.0.0.1 目前没有详细解决方案提供: http://www.mw6tech.com/products.html...
SurgeMail IMAP Service 'APPEND'命令远程缓冲区溢出漏洞
BUGTRAQ ID: 30000 CNCAN ID:CNCAN-2008070103 Surgemail是一款邮件服务程序。 Surgemail处理'APPEND'命令存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 提交超长字符串作为'APPEND'命令,可触发IMAP服务崩溃,造成缓冲区溢出,可能以应用程序权限执行任意指令。 NetWin SurgeMail 3.9e 目前没有详细解决方案提供: http://www.rss-aggregator.com/ http://www.sebug.net/exploit/3999...
Linkspile (link.php cat_id) Remote SQL Injection Vulnerability
No description provided by source. Remote SQL Injection Vulnerabilities Linkspile link.php Author : HaCkeREgY C0NTACT : [email protected] H^OME : www.PAL-HaCkeR.com & ATSDP.COM Script Name : Linkspile Download : http://www.linkspile.com Price : $399.00 ======= Buy iT :...
XOOPS Module Recipe (detail.php id) SQL Injection Vulnerability
No description provided by source. XOOPS Project-RecetteRecipe2.2 SQL Injection Vulnerability AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MA脻L : [email protected] DORK 1 : allinurl :"modules/recipe" EXPLOIT :...
phpAddressBook 2.11 (view.php id) SQL Injection Vulnerability
No description provided by source. phpAddressBook Remote Sql 陌nj. Vuln. Download: http://downloads.coronamatrix.org/phpAddressBookv2.11.zip Version : All My Version Founder: Cr@zyKing HomePage: http://coderx.org Greatz : str0ke & All My Friends Contact: [email protected] PoC:...
Koobi Pro 6.25 links Remote SQL Injection Vulnerability
No description provided by source. Koobi Pro 6.25 linkscateg all version Koobi AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 BLOG : http://my.opera.com/SQL-Injection/blog/ MAiL : [email protected] DORK 1 : allinurl: "index.php?showlink"links EXPLOiT :...
Joomla Component Restaurante 1.0 (id) SQL Injection Vulnerability
No description provided by source. Mambo Component comrestaurante SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MA陌L : [email protected] TODAY MY B陌RTDAY SOO I WROTE 5 BUGS ALL FOR HACKERS 5 EXPLO陌T HAVE 100.000 MAMBO-JOOMLA WEBPAGES OR MUCH MORE DONT FORG...