65 matches found
Omnistar Mailer - Multiple SQL Injections / HTML Injection Vulnerabilities
source: https://www.securityfocus.com/bid/55760/info Omnistar Mailer is prone to multiple SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to compromise the application,...
Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities
source: https://www.securityfocus.com/bid/54456/info Simple Machines is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script cod...
PHP Grade Book 1.9.4 Multiple CSRF Vulnerability
Exploit for php platform in category web applications PHP Grade Book 1.9.4 Multiple CSRF Vulnerability ==================================================================== .:. Author : AtT4CKxT3rR0r1ST email protected .:. Script : http://www.phpgradebook.com/ .:. Tested On Demo :...
Exploit Pack - An open source security framework
Exploit Pack - An open source security framework Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a Java GUI, Python as Engine and well-known exploits on the wild. It has an IDE to make the task of developing new exploits easier, instant searc...
course registration management system 2.1 - Multiple Vulnerabilities
Source: http://packetstormsecurity.org/files/view/98650/CourseMS2.1-LFI.txt ------------------------------------------------------------------------ Software................Course MS 2.1 Vulnerability...........Local File Inclusion Download................http://sourceforge.net/projects/coursems...
Pegasus Mail Client 4.51 PoC BoF
Exploit for unknown platform in category remote exploits ================================ Pegasus Mail Client 4.51 PoC BoF ================================ Title: Pegasus Mail Client 4.51 PoC BoF CVE-ID: OSVDB-ID: Author: Francis Provencher Published: 2009-10-23 Verified: yes view source print?...
Pegasus Mail Client 4.51 - Remote Buffer Overflow
Pegasus Mail Client 4.51 - Remote Buffer Overflow Application: Pegasus Mail Client Platforms: Windows XP Professional SP2 Exploitation: remote BoF Date: 2009-10-06 Author: Francis Provencher Protek Research Lab's 1 Introduction 2 Technical details 3 The Code Only DoS =============== 1 Introductio...
Pixie CMS SQL Injection and Cross Site Scripting Vulnerabilities
Pixie CMS is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modif...
Solaris 9 (UltraSPARC) - sadmind Remote Code Execution
Solaris 9 UltraSPARC - sadmind Remote Code Execution !/usr/bin/perl holygrail2 --------------------------------------------------------------------------------- SunOS 5.9 UltraSPARC sadmind Remote Root Exploit by KingCope in 2008 Most of work was shamelessy ripped from HD-Moore and RISE-Security...
discforums-sql.txt
Author: !DoktOR! Date found: 30.09.08 Product: Discussion Forums 2k Version: 3.3 URL: http://developer.berlios.de/projects/df2k/ Vulnerability Class: SQL Injection Condition: magicquotesgpc = Off Exploit 1:...
phpTournois G4 - Arbitrary File Upload / Code Execution
Date: 04-06-08 - Remote Code Execution - Remote File Upload When testing if we are admin, phpTournois checks if $grade'a'=='a'. But when we are not loggued in, this var is not defined. So, using registerglobals, we can define it and let the CMS think we are authentificated. Using configuration zo...
Kaqoo Auction (install_root) Multiple Remote File Include Vulnerabilities
To ConTacT mE @ www.Asb-May.net/bb ScRiPt:-http://kaqoo.com/server/download.php GrEaTz To:-ToOofa-HaCk.eGy-Alkmadz-Bright Dark All AsB-MaY DisCoverY ExPloIts GrOup Discovered By:- ThE dE@Th AsB-MaY DiScOvEr ExPlIoTs Gr0uP Wrong Code:- includeonce"$installroot...
Pre News Manager v1.0
Pre News Manager v1.0 Homepage: http://www.preprojects.com/news.asp Description: Effected files: index.php newsdetail.php emailstory.php thankyou.php printableview.php tellafriend.php sendcomments.php Exploits & Vulns: XSS Vulnerabilities: By inserting IMG20"""SCRIPTalert"XSS"/SCRIPT" onto the id...
Hacked SQL Server system ten ways-vulnerability warning-the black bar safety net
Using either the manual probe or the use of security testing tools, malicious attackers always use a variety of tricks from your firewall to internal and external compromise your SQL Server system. Since the hackers do such a thing. You also need to implement the same attacks to test your system'...
Sire 2.0 Nws Remote File inclusion & Arbitary Files Upload
by Moroccan Security Team Geetz To All Freind +File Inclusion: Input passed to the "rub" parameter in "lire.php" isn't properly verified, before it is used to include remote files Successful exploitation requires that "registerglobals" is enabled. lire.php code ? 73...
Multiple Sql injection and XSS in Asp Nuke 0.80 (Working exploits included)
Severity: High Title: Multiple Sql injection and XSS in Asp Nuke 0.80 Working exploits included Date: 22/04/2005 Vendor: Asp Nuke Vendor Website: http://www.aspnuke.com/ Summary: There are, multiple sql injection and xss in asp nuke 0.80. Proof of Concept Exploits:...
phpbb -- privilege elevation and path disclosure
The phpbb developer group reports: phpBB Group announces the release of phpBB 2.0.13, the "Beware of the furries" edition. This release addresses two recent security exploits, one of them critical. They were reported a few days after .12 was released and no one is more annoyed than us, having to...
CGI bugs
No description provided...
CGI bugs
No description provided...
Network Associates PGP Keyserver contains multiple vulnerabilities in LDAP handling code
Overview The Network Associates PGP Keyserver contains vulnerabilities that may allow denial-of-service attacks, unauthorized privileged access, or both. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this...