mspicturepusher-activex.txt

'PicturePusherControl.PostURL = "http://127.0.0.1/?aaaa=1" PicturePusherControl.PostURL = "http://192.168.1.1/?aaaa=1" PicturePusherCont...

Stash 1.0.3 (SQL) User Credentials Disclosure Exploit

Exploit for unknown platform in category web applications ===================================================== Stash 1.0.3 SQL User Credentials Disclosure Exploit ===================================================== !/usr/bin/perl -w User credentials disclosure exploit - stash103exp.pl This...

ScriptsEz Easy Image Downloader Local File Download Vulnerability

No description provided by source. ScriptsEz Easy Image Downloader Local File Download Vulnerability url: http://www.scriptsez.net/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at...

WebBiscuits Modules Controller <= 1.1 (RFI/RFD) Remote Vulnerabilities

No description provided by source. | | | \ \ \ / / / \ / | / | / | | | | | | \ V / / \ | | | | | | | | | | | / \ | || | | | | | || || \ || // \ | | | WebBiscuits Modules Controller = 1.1 RFI/RFD Multiple Remote Vulnerabilities Script : http://webbiscuits.com/download/all11.zip I- Remote File...

Mozilla Firefox Internet快捷方式同源策略冲突漏洞

BUGTRAQ ID: 31611 CNCAN ID：CNCAN-2008100802 Mozilla Firefox是一款开放源代码的WEB浏览器。 Mozilla Firefox处理Internet快捷文件时存在同源策略冲突问题，远程攻击者可以利用漏洞获得其他域中的敏感信息或进行其他攻击。 通过HTML元素运行的.URL快捷方式时Firefox的location是错误的，利用这个错误可导致任意位置的内容可被读取-缓存信息，COOKIE信息，WEB, 本地文件系统等。 Mozilla Firefox 3.0.3 Mozilla Firefox 3.0.2 Mozilla Firefox...

AdaptCMS Lite 1.3 - Blind SQL Injection

AdaptCMS Lite 1.3 - Blind SQL Injection !/usr/bin/perl ----------------------------------------------------- AdaptCMS Lite post$host.'/includes/checkuser.php', username = $param ; if$post-issuccess return 38 unless $post-content = /yes/i; my @chars = 48..57, 97..102; for0..32 foreach my $set@char...

A4Desk Event Calendar - 'eventid' SQL Injection

source: https://www.securityfocus.com/bid/33835/info A4Desk Event Calendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access o...

SG Real Estate Portal 2.0 Blind SQL Injection/Local File Inclusion Vulns

Exploit for unknown platform in category web applications ======================================================================== SG Real Estate Portal 2.0 Blind SQL Injection/Local File Inclusion Vulns ======================================================================== + SG Real Estate...

joomlaimage-traverse.txt

Joomla Imagebrowser File Inc. Cr@zyKing / www.biyosecurity.com / sqL Lov3r'Z Crew Co. 2008 Down : http://www.joomlatr.org/index.php/component/remository/?func=fileinfo&id=129 FI : http://127.0.0.1/index.php?option=comimagebrowser&folder=../../../../ Grtz : aLL My Friend'z...

PHPcounter <= 1.3.2 (index.php name) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/php -q ?php // PHPcounter = 1.3.2 Remote SQL Injection Exploit // Discovered By: StAkeR - StAkeRathotmaildotit // Discovered On: 28/09/2008 // Download: http://sourceforge.net/projects/phpcounter/ errorreporting0; $host = $argv1 or banner; $path = $arg...

Pro Chat Rooms 3.0.3 - SQL Injection

Pro Chat Rooms 3.0.3 - SQL Injection Author: !DoktOR! Date found: 28.09.08 Product: Pro Chat Rooms Version: 3.0.3 Price: $55 URL: www.prochatrooms.com Vulnerability Class: SQL Injection Condition: magicquotesgpc = Off Exploit 1:...

Atomic Photo Album 1.1.0pre4 (XSS/SQL) Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================= Atomic Photo Album 1.1.0pre4 XSS/SQL Remote Vulnerabilities =============================================================...

emergecolab 1.0 (sitecode) Local File Inclusion Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl emergecolab 1.0 Local File Inclusion Vulnerability Script site: http://emerge2004.net/software.p...

PHP infoboard 7 plus - Multiple Vulnerabilities

PHP infoboard 7 plus - Multiple Vulnerabilities ========================================================== PHP infoBoard V.7 Plus Multiple Remote Vulnerabilities ========================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH...

LanSuite 3.3.2 (fckeditor) Arbitrary File Upload Exploit

Exploit for unknown platform in category web applications ======================================================== LanSuite 3.3.2 fckeditor Arbitrary File Upload Exploit ======================================================== !/usr/bin/perl use strict; use warnings; use LWP::UserAgent; use...

Atomic Photo Album 1.1.0pre4 - Cross-Site Scripting / SQL Injection

----------------------------------------------------------------------- Atomic Photo Album 1.1.0pre4 album.php - Multiple Remote Vulnerabilities http://atomicpa.sourceforge.net ---------------------------------------------------------- Bug founded by d3v1l Date: 25.09.2008 [email protected]...

Invision Power Board 'name'参数SQL注入漏洞

BUGTRAQ ID: 31288 CNCAN ID：CNCAN-2008092307 Invision Power Board是一款基于PHP的论坛程序。 Invision Power Board不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息或可操作数据库。 问题是脚本对'name'参数缺少过滤，构建恶意的SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息。 Invision Power Services Invision Power Board 2.3.5 Invision Power Services Invision Power Boa...

CJ Ultra Plus 1.0.4 - Cookie SQL Injection

!/usr/bin/perl CJ Ultra Plus GretzZz 2: pronoobz.org - Wesker, China Sun and all other memberZz "SID='UNION SELECT b12 from settings/"; $ua = LWP::UserAgent-new; $ua-timeout10; $ua-envproxy; $ua-agent"Mozilla/5.0 Windows; U; Windows NT 5.1; nl; rv:1.8.1.12 Gecko/20080201 Firefox/2.0.0.12";...

MyBlog 0.9.8 - Insecure Cookie Handling

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= MyBlog eNYe-Sec - www.enye-sec.org MyBlog is an open source Blog/CMS project. It allows begginers to have a simple to use blog/cms and it will still please developers with feature packed system with plugins, themes and modules...

xt:Commerce 3.04 - 'XTCsid' Session Fixation

source: https://www.securityfocus.com/bid/31313/info xt:Commerce is prone to multiple vulnerabilities, including a session-fixation vulnerability and a cross-site scripting vulnerability. An attacker can leverage the session-fixation issue to hijack a session of an unsuspecting user. The attacker...