MySQL - Remote User Enumeration

MySQL - Remote User Enumeration MySQL User Account Enumeration Utility When an attacker authenticates using an incorrect password with the old authentication mechanism from mysql 4.x and below to a mysql 5.x server the mysql server will respond with a different message than Access Denied, what...

UMPlayer Portable 0.95 Crash PoC

Exploit for windows platform in category dos / poc Exploit Title: UMPlayer Portable Edition Date: 2012-11-28 Exploit Author: p3kok Vendor Homepage: http://www.umplayer.com/ Software Link: http://sourceforge.net/projects/umplayer/ or http://www.umplayer.com/download/ Version: 0.95Portable Edition...

anwsion最新版本任意上传漏洞(通杀所有。。。)

简要描述： 怎么说呢,虽然程序热门,黑市价钱很高！但是得为wooyun贡献点东西吧！！！！白帽子精神！！！！ 希望厂家给个礼物, ^^ 详细说明： 上传附件地方没有好好处理文件后缀问题: 判断的是文件头没有判断后缀问题。。。。。。。。 漏洞证明： http://wenda.anwsion.com/uploads/questions/20121126/e826a3e05a4beb6c24373ba014fe39f8.php pass 合并图片一句话木马成功！！！！！ http://wenda.anwsion.com/robots.txt...

BigAnt Server 2.52 SP5 - Remote Stack Overflow ROP-Based (SEH) (ASLR + DEP Bypass)

Exploit Title: BigAnt Server 2.52 SP5 SEH Stack Overflow ROP-based exploit ASLR + DEP bypass Date: 03/11/2012 Exploit Author: Lorenzo Cantoni Vendor Homepage: http://www.bigantsoft.com/ Version: BigAnt Console 2.52 SP5 Tested on: Windows 7 SP0 x86 Italian - expsrv.dll 6.0.9589 Info: Vulnerability...

青果教务网络系统 SQL注入漏洞

No description provided by source...

Novell Sentinel Log Manager 1.2.0.2 Bypass

Hello, Novell Sentinel Log Manager ver. =1.2.0.2 allows unauthenticated users configuring retention policies. Vendor informed: 2012/09/06 Patch Released: 2012/09/21 PoC: !/bin/bash TARGET=$1 PORT=8443 if $ -ne 1 ; then echo "Usage: basename $0 target" exit 1 fi echo "POST...

WordPress Theme Archin 3.2 - Configuration Access

WordPress Theme Archin 3.2 - Configuration Access Exploit Title: Archin WordPress Theme Unauthenticated Configuration Access Date: Sept 29, 2012 Exploit Author: bwall @bwallHatesTwits Vendor Homepage: http://themeforest.net/user/wptitans Software Link:...

linux/x86 - cp /etc/shadow /tmp && chmod 777 /tmp/shadow - 126 bytes

/ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x Official Website: http://www.1337day.com 0 1 x...

Oracle Business Transaction Management FlashTunnelService Remote Code Execution

This module exploits abuses the FlashTunnelService SOAP web service on Oracle Business Transaction Management 12.1.0.7 to upload arbitrary files, without authentication, using the WriteToFile method. The same method contains a directory traversal vulnerability, which allows to upload the files to...

anwsion问答系统存在任意文件上传重大漏洞

简要描述： 上传只做了js验证貌似 详细说明： 本人只在topic话题下上传了，貌似头像上传那里也存在该问题（没测试） 点击话题图像，就可以编辑上传图像了。 使用火狐的TAMPER DATA插件，并打开开始截获。 选择一个2bb.jpg（内涵php一句话的正常图片即可 该文件目录内还有一个2bb.php（留作备用 在tamaper data内修改数据，把2bb.JPG改成2bb.php即可 就可以看到上传上去的php图片小马了，但是这个是经过处理的 只要把url后面的100X100参数或者50x50参数去除，就可以得到一个没有经过处理的PHP小马了。 漏洞证明： 官方已经拿到shell了...

Clipbucket 2.5 Directory Traversal

Author: loneferret of Offensive Security Product: ClipBucket Version: 2.5 and maybe older versions Vendor Site: http://clip-bucket.com/ Software Download: http://sourceforge.net/projects/clipbucket/ Software description: ClipBucket is an OpenSource Multimedia Management Script Provided Free to th...

WespaJuris <= 3.0 a plurality of defect and repair-vulnerability warning-the black bar safety net

? php / Title spaJuris = 3.0 auto exploit Author: WhiteCollarGroup Website: http://www.wespadigital.com.br/ Download address http://www.wespadigital.com.br/download/wespajurisv302012.rar Affected version: 3.0 Tested platforms: Apache Server WespaJuris is a software for law firms. Use this exploit...

Symantec Web Gateway 5.0.3.18 Blind SQL Injection

!/usr/bin/python @Kc57 Blind SQLi POC Dumps out the first available hash in the users table of spywalldb import urllib import time from time import sleep timing='2.5' checks = 0 def checkchari, pos: global timimg global checks checks += 1 url =...

httpdx 1.5.4 - Remote Heap Overflow

httpdx 1.5.4 - Remote Heap Overflow !/usr/bin/perl -w ====================================================================== Exploit Title: httpdx UnhandledExceptionFilter ====================================================================== use strict; use IO::Socket::INET; target my $host =...

phpBB - Multiple SQL Injections

source: https://www.securityfocus.com/bid/54734/info phpBB is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access ...

Symantec Web Gateway 5.0.3.18 Blind SQLi Backdoor via MySQL Triggers

Exploit for php platform in category web applications Exploit Title: Symantec Web Gateway 5.0.3.18 Blind SQLi Backdoor via MySQL Triggers Date: Jul 23 2012 Author: muts Version: Symantec Web Gateway 5.0.3.18 Vendor URL: http://www.symantec.com Timeline: 12 Jun 2012: Vulnerability reported to CERT...

PHPNuke <= 8.0 SQL Injection

PHPNuke = 8.0 SQL Injection downloads.php Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

BoutikOne CSRF Add User Vulnerability

Exploit for php platform in category web applications !/usr/bin/perl -w Exploit Title: BoutikOne CSRF Add User Exploit Author: GarA Vendor Homepage: www.boutikone.com Tested on: Win Xp sp3 system "color a"; system "cls"; $numargs = $ARGV + 1; if $numargs != 4 print " :MM:....:HMMM .MMMMMMMMMM. \n...

IBM DeveloperWorks NCP 2.1 Information Disclosure

http://www.ibm.com/developerworks/systems/articles/freetools/index.html Can visit ncp pages and get info without authentication! http://target:8282/ gives version http://target:8282/real/lsconf.html detailed config info including: System Model Machine Serial Number Processor Type Number of...

Lattice Diamond Programmer Buffer Overflow

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Lattice Diamond Programmer Buffer Overflow 1. Advisory Information Title: Lattice Diamond Programmer Buffer Overflow Advisory ID: CORE-2012-0530 Advisory URL:...