11967 matches found
PHP File Sharing System 1.5.1 - Multiple Vulnerabilities
No description provided by source. Title: PHP File Sharing System 1.5.1 Multiple Vulnerabilities Author: blake Tested on: Windows XP SP3 with xampplite 1 XSS http://192.168.1.149/fss/index.php?cam= 2 Directory transversal http://192.168.1.149/fss/index.php?cam=/../../../../../../../.. 3 Shell...
MaticMarket 2.02 for PHP Nuke LFI Vulnerability
No description provided by source. MaticMarket 2.02 for PHP Nuke LFI Vulnerability Url: http://sourceforge.net/projects/maticmarket Author: xer0x Expl: http://localhost/modules/maticmarket/deco/blanc/haut.php?modulename=../../../../../../../../../../../../../../etc/passwd%00...
phpBB <= 2.0.10 Remote Command Execution Exploit (cgi version)
No description provided by source. !/usr/bin/perl wphpbb.cgi hack service: http://site/cgi-bin/wphpbb.cgi use CGI qw:standard; $CGI::HEADERSONCE = 1; $CGI = new CGI; $atak = $CGI-paramatak; $serv = $CGI-paramserv; $dir = $CGI-paramdir; $topic = $CGI-paramtopic; $cmd = $CGI-paramcmd; print...
Open Bulletin Board <= 1.0.5 - SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w OpenBB sql injection tested on Open Bulletin Board 1.0.5 with mysql coded by x97Rang 2005 RST/GHC Gr33tz: blf, 1dt.w0lf use IO::Socket; if @ARGV != 3 print \nUsage: $0 server path id\n; print like $0 forum.mysite.com / 1\n; print If found nothi...
Jobscript4Web 3.5 - Multiple CSRF Vulnerability
No description provided by source. Title: Jobscript4Web 3.5 Multiple CSRF Vulnerability Date: 17/12/2009 Author: bi0 Software Link: http://www.jobscript4web.com/ Version: 3.5 CVE : /\ == \ /\ \ /\ \ \ \ \ \ \ \ \ /\ \ \ \ \ \ \ \ // // // 01000010 01101001 01001111...
Eventy Online Scheduler 1.8 - Multiple Vulnerabilities
No description provided by source. Eventy Online Scheduler V1.8 - Multiple Vulnerabilties =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script :...
CoBaLT 0.1 - Multiple Remote SQL Injection Vulnerabilities
No description provided by source. ---------------------------------------- CoBaLT v1.0 Remote SQL İnjection Vulnerabiltiy Discovered : U238 Mail : [email protected] WebPage : http://ugur238.org The End Script: http://www.aspindir.com/indir.asp?ID=5414 Script Alternativ :...
webid <= 1.0.4 - Multiple Vulnerabilities
No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ posdubatgmail.com 2012-08-17 WeBid = 1.0.4 Multiple Vulnerabilities Script: Open source php/mysql fully featured...
Threat Outbreak Alert RuleID7930: Email Messages Distributing Malicious Software on February 17, 2015
Medium Alert ID: 34789 First Published: 2014 June 30 14:15 GMT Last Updated: 2015 February 17 20:26 GMT Version: 103 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID7930KV...
WePay: CSRF on email address operations. Also performing unintended operations.
After authentication in the WePay application, a user can navigate to the "My Settings" tab and perform operations like makeprimary and resend on the email addresses. These operations do not have any CSRF tokens present in the request. The only value unknown to an attacker present in the request ...
TP-LINK Model No. TL-WR841N / TL-WR841ND - Multiple Vulnerabilities
TP-LINK TL-WR841N / TL-WR841ND are vulnerable to many CSRF and XSS attacks because of no CSRF prevention technique and poor parameters filtration. Attacker is able to compromise router and steal config & log files. Title: TP-LINK Model No. TL-WR841N / TL-WR841ND - Multiple Vulnerabilities Date:...
[oss-security] CVE request for vulnerability in OpenStack Heat
A vulnerability was discovered in OpenStack see below. In order to ensure full traceability, we need a CVE number assigned that we can attach to further notifications. This issue is already public, although an advisory was not sent yet. Title: Heat template URL information leakage Reporter: Jason...
Discuz跨域数据劫持+附件类型限制绕过
简要描述: 两个凑一块发了 详细说明: 1 跨域数据劫持(csrf token formhash盗取) 下载远程附件功能不会对文件内容(文件格式)进行检测导致可以上传恶意的swf文件(扩展名还是图片扩展名),进而进行跨域数据劫持: 伪造图片CrossDomainDataHijack.jpg相关代码: package com.powerflasher.SampleApp import flash.external.ExternalInterface; import flash.display.Sprite; import flash.display.Sprite; import...
asterisk -- multiple vulnerabilities
The Asterisk project reports: Asterisk Manager User Unauthorized Shell Access. Manager users can execute arbitrary shell commands with the MixMonitor manager action. Asterisk does not require system class authorization for a manager user to use the MixMonitor action, so any manager user who is...
PayPal GoToMaxx PDFMailer - Local Overflow Vulnerability
Document Title: =============== PayPal GoToMaxx PDFMailer - Local Overflow Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1274 http://www.vulnerability-lab.com/getcontent.php?id=940 Video: https://www.youtube.com/watch?v=IXhwfZV6x0M Release Date:...
Multiple Vulnerabilities in OpenSSL
...
CVE-2014-2577
Multiple cross-site scripting XSS vulnerabilities in the Transform Content Center in Bottomline Technologies Transform Foundation Server before 4.3.1 Patch 8 and 5.x before 5.2 Patch 7 allow remote attackers to inject arbitrary web script or HTML via the 1 pn parameter to index.fsp/document.pdf, ...
SOAPpy 0.12.5 多个漏洞
0×01:Background SOAPpy provides tools for building SOAP clients and servers.The goal of the SOAPpy team is to provide a full featured SOAP library for Python that is very simple to use and that fully supports dynamic interaction between clients and servers. SOAPpy use sax.xml as SOAP parser to...
AuraCMS 3.0 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: AuraCMS 3.0 Multiple Vulnerabilities Date: 05/28/2014 Author: Mustafa ALTINKAYNAK Download URL :http://auracms.org/ Software Link: http://codeload.github.com/auracms/AuraCMS/zip/master Vuln Category: CWE-79 XSS - CWE-98 LFI Test...
Slack: SSRF on https://whitehataudit.slack.com/account/photo
During post request to https://whitehataudit.slack.com/account/photo: POST /account/photo HTTP/1.1 Host: whitehataudit.slack.com User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.9; rv:29.0 Gecko/20100101 Firefox/29.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8...