XOOPS WF-Section Module print.php articleid Parameter SQL Injection

The remote host is running the WF-Section module, a third-party module for XOOPS. The version of this module installed on the remote host fails to properly sanitize user-supplied input to the 'articleid' parameter of the 'modules/wfsection/print.php' script before using it to build a database...

XOOPS Module WF-Section <= 1.01 (articleid) SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================================= XOOPS Module WF-Section : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n";...

XOOPS Module WF-Section 1.01 - articleId SQL Injection

XOOPS Module WF-Section 1.01 - articleId SQL Injection !/usr/bin/perl Script Name: XOOPS Module WF-Section : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; print "User ID uid: "; $id = ; chop...

XOOPS Module WF-Section 1.01 - &#039;articleId&#039; SQL Injection

!/usr/bin/perl Script Name: XOOPS Module WF-Section : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; print "User ID uid: "; $id = ; chop $id; $target =...

libero-xss.txt

Libero.it, one of the most important italian ISP www.libero.it is affected from a XSS vulnerability. The vulnerability can be found in the "Community" section of Libero portal, and the affected functionality is "add nick" http://digiland.libero.it/profilo.phtml?nick=. The implementation of this...

oracle 10g (PROCESS_DUP_HANDLE) Local Privilege Elevation (win32)-vulnerability warning-the black bar safety net

include windows. h include stdio. h BOOL InjectShellcodeDWORD oldEIP,CHAR oSID HMODULE hKernel; FARPROC pCreateProc; LPSTR sCommand="cmd.exe"; DWORD dwStrLen; CHAR buff1 0 0; dwStrLen=strlensCommand; hKernel=LoadLibrary"Kernel32.dll"; pCreateProc=GetProcAddresshKernel,"CreateProcessA"; strcpybuff...

Unfixed XSS vulnerability at www.glooks.com

Security researcher MaXWeL, has submitted on 16/03/2007 a cross-site-scripting XSS vulnerability affecting www.glooks.com, which at the time of submission ranked 270567 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 17/03/2007. It is currently...

Oracle 10g (Windows x86) - &#039;PROCESS_DUP_HANDLE&#039; Local Privilege Escalation

// Argeniss - Information Security // // Oracle Database local elevation of privileges PoC exploit // // Author: Cesar Cerrudo include include BOOL InjectShellcodeDWORD oldEIP,CHAR oSID HMODULE hKernel; FARPROC pCreateProc; LPSTR sCommand="cmd.exe"; DWORD dwStrLen; CHAR buff100;...

Unfixed XSS vulnerability at kisiselbasari.com

Security researcher St@rExT, has submitted on 28/02/2007 a cross-site-scripting XSS vulnerability affecting kisiselbasari.com, which at the time of submission ranked 58362 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/03/2007. It is...

nabopoll 1.2 Remote Unprotected Admin Section Vulnerability

No description provided by source. By Cr@zyKing [email protected] Thakns : ApAci & Erne & Uyussman & Eno7 & Thehacker & CrackersChild Script : nabopoll 1.1.2 Risk : Remote Add Admin Exploit |High Site : http://nabocorp.com/ Google Dork : inurl:"nabopoll/" Exploit :...

nabopoll 1.2 - Remote Unprotected Admin Section

nabopoll 1.2 - Remote Unprotected Admin Section nabopoll 1.1.2 sensitive file admin without password By : sn0oPy Risk : high site : http://nabocorp.com/ Dork : inurl:"nabopoll/" exploit : acces without password to : http://target/nabopoll/admin/configedit.php...

nabopoll 1.2 - Remote Unprotected Admin Section

nabopoll 1.1.2 sensitive file admin without password By : sn0oPy Risk : high site : http://nabocorp.com/ Dork : inurl:"nabopoll/" exploit : acces without password to : http://target/nabopoll/admin/configedit.php http://target/nabopoll/admin/templateedit.php...

Microsoft Help Workshop .HPJ file HLP field buffer overflow

Added: 01/26/2007 CVE: CVE-2007-0427 BID: 22135 OSVDB: 31899 Background Microsoft Help Workshop is a standard component of Microsoft Visual Studio and is also available as a standalone product. Problem A buffer overflow vulnerability in Microsoft Help Workshop allows command execution when a user...

Microsoft Help Workshop .HPJ file HLP field buffer overflow

Added: 01/26/2007 CVE: CVE-2007-0427 BID: 22135 OSVDB: 31899 Background Microsoft Help Workshop is a standard component of Microsoft Visual Studio and is also available as a standalone product. Problem A buffer overflow vulnerability in Microsoft Help Workshop allows command execution when a user...

Microsoft Help Workshop .HPJ file HLP field buffer overflow

Added: 01/26/2007 CVE: CVE-2007-0427 BID: 22135 OSVDB: 31899 Background Microsoft Help Workshop is a standard component of Microsoft Visual Studio and is also available as a standalone product. Problem A buffer overflow vulnerability in Microsoft Help Workshop allows command execution when a user...

CVE-2007-0427

Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project .HPJ file with a long HLP field in the OPTIONS section...

Design/Logic Flaw

The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information the full path via "unvalidated output" in FAQ/index.php, possibly involving an undefined idcat variable...

Design/Logic Flaw

Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug."...

CVE-2007-0386

Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug."...

CVE-2007-0385

The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information the full path via "unvalidated output" in FAQ/index.php, possibly involving an undefined idcat variable...