11967 matches found
XAMPP 3.2.1 Cross Site Scripting
Title : XAMPP 3.2.1 Cross Site Scripting Author : DevilScreaM Date : 15 January 2014 Category : Web Applications Vendor : http://sourceforge.net/projects/xampp Version : 3.2.1 Type : PHP Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security Indonesian Hacker |...
PHPJabbers Event Booking Calendar 2.0 - Multiple Vulnerabilities
Event Booking Calendar V2.0 - Multiple Vulnerabilities ==================================================================== .:. Author : HackXBack .:. Contact : [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : www.phpjabbers.com/event-booking-calendar/ .:. Dork :...
Hotel Booking System 3.0 CSRF / XSS / File Disclosure
Hotel Booking System V3.0 - Multiple Vulnerabilties ==================================================================== .:. Author : HackXBack .:. Contact : [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.phpjabbers.com/hotels-booking-system/ .:. Tested On Demo :...
Internet Bug Bounty: Handling of jar: URIs bypasses AllowScriptAccess=never
This bug was reported directly to Adobe. http://helpx.adobe.com/security/products/flash-player/apsb14-02.html...
Built2Go PHP Shopping 1.x Cross Site Request Forgery
Built2Go PHP Shopping v 1.x – CSRF Vulnerabilityadd admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.built2go.com/ .:. Dor...
Seagate Black Armor Root Exploit
Public Release v0.2 abstract class MD5Decryptor abstract public function probe$hash; public static function plain$hash, $class = NULL if $class === NULL $class = getcalledclass; else $class = sprintf"MD5Decryptor%s", $class; $decryptor = new $class; if count$hash 1 foreach $hash as &$one $one =...
Ubuntu Update for linux USN-2064-1
Check for the Version of linux OpenVAS Vulnerability Test $Id: gbubuntuUSN20641.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for linux USN-2064-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; yo...
Solaris 9 (sparc) : 127411-16
Message Queue 4.1 Update 4 Patch 6 SunOS 5.9 5.10 Core product. Date this patch was last updated by Sun : Mar/12/12 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...
IBM Lotus Sametime Version Enumeration
This module scans an IBM Lotus Sametime web interface to enumerate the application's version and configuration information. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule Release...
RBS Change 3.6.8 Cross Site Scripting
Script Name : RBS Change Version : v3.6.8 Bug Type : XSS vulnerability Found by : Metropolis Home : http://metropolis.fr.cr Discovered : 25/12/2013 Download app : http://www.rbschange.fr/addons/distributions/RBS-Change-Core,51422.html Google search : Propulsé par RBS Change PoC :...
RealNetworks RealPlayer 16 Buffer Overflow
!/usr/bin/perl ----------------------------------------------------------------------------- Exploit Title: RealNetworks RealPlayer Version Attribute Buffer Overflow Date: Dec 20, 2013 Exploit Author: Gabor Seljan Vendor Homepage: http://www.real.com Software Link:...
Traidnt Upload 3 Add Administrator
!/usr/bin/python import urllib2 import sys print """ +-------------------------------------------+ | Traidnt upload 3 - Admin add Exploit | | By i-Hmx | | sec4ever.com | | [email protected] | +-------------------------------------------+""" target=strrawinput" Enter Target " print "+ Adding new...
KikChat - (LFI/RCE) Multiple Vulnerability
Exploit for php platform in category web applications KikChat http://127.0.0.1/KikChat/myroom/shell.php?cmd=whoami;id;uname -a;pwd;ls -al makase banyak : tau lo bentor to hulandalo tamongodula'a wau tamohutata, dulo ito momongulipu \\\\\\\\\\\\\\\\\\\\\\\\\ p.s malandingalo...
CVE-2013-6356
...
D-Link DIR-XXX remote root access exploit.
General info: ============= A lot have been already said about SOHO routers. Thus, without further ado another nail in the coffin. knock knock =========== -- cut !/bin/sh if -z "$1" ; then echo "d-link DIR-300 all, DIR-600 all, DIR-615 fw 4.0"; echo "exploited by AKAT-1,...
CVE-2013-4478
CVE-2013-4478 affects Sup versions prior to 0.13.2.1 and prior to 0.14.1.1, where remote attackers could execute arbitrary commands via shell metacharacters in the filename of an email attachment. The fixed releases are 0.13.2.1 and 0.14.1.1, per the descriptions in the connected records. Practic...
Pony Botnet Controller Has 2 Million Stolen, Weak Passwords
So what’s worse: Finding two million passwords harvested by a botnet, or learning that most of the stolen passwords are terribly weak? Researchers at Trustwave found another Pony botnet controller recently that oversees a trove of close to two million website logins, email account credentials, as...
FlashComs Chat <= 6.5 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications "@".$options'f'."","fileId" = $options"f"; $result = curlexec$handle; ifstrpos$result,"UPLOADSUCCESS" echo "\n\n"; echo "\t+ Exploitation success!!\n"; echo "\t+ http://$optionsu/files/$optionsf\n"; echo "\n"; else echo "\n- Target is not...
Small Zhu in the order management system of an injection-vulnerability warning-the black bar safety net
I didn't stop, too busy with work, time although little, but always there is nothing original out, okay 90SEC can often come up around and back into an internship, really scared a jump. Often engage in a shopping station should have encountered such an order management system, a fee system for. 漏...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4513. Reason: This candidate is a duplicate of CVE-2013-4513. Notes: All CVE users should reference CVE-2013-4513 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...