1774 matches found
wget <= 1.9 - Directory Traversal exploit
No description provided by source. !/usr/bin/perl -W wgettrap.poc -- A POC for the wget1 directory traversal vulnerability Copyright 2004 Jan Min=C3=A1=C5=99 jjminar fastmail fm License: Public Domain - SECU When wget connects to us, we send it a HTTP redirect constructed so that wget wget will...
Unclassified NewsBoard <= 1.6.1 patch 1 Arbitrary Local Inclusion Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo Unclassified NewsBoard = 1.6.1 patch 1 ABBCConfigsmileset arbitrary\r\n; echo local inclusion\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; echo works with registerglobals ...
Linksys X3000 1.0.03 build 001 - Multiple Vulnerabilities
No description provided by source. Device: X3000 Vendor: Linksys ============ Vulnerable Firmware Releases: ============ Firmware Version: v1.0.03 build 001 Jun 11,2012 ============ Vulnerability Overview: ============ OS Command Injection The vulnerability is caused by missing input validation i...
kr-web <= 1.1b2 - Remote File Inclusion Vulnerability
No description provided by source. Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg KR-Web = 1.1b2 Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/krw/files/ Dork : dieHacking attempt; :D Vuln : ./KR-Web-1.1b2/adm/krgourl.php line 2 ?php include...
SunOS <= 4.1.3 kmem setgid /etc/crash Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/59/info /etc/crash was installed setgid kmem and excutable by anyone. Any user can use the ! shell command escape to executes commands, which are then performed with group set to kmem. $ /etc/crash ! sh...
Mountain Network Systems WebCart 8.4 Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3453/info Mountain Network Systems WebCart is a cgi based online shopping suite. An error in the webcart.cgi script allows a remote user to pass an arbitrary shell command which will be executed by the script. WebCart...
QPopper 4.0.x PopAuth Trace File Shell Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3710/info Qpopper is a freely available, open source Post Office Protocol server. It is maintained and distributed by Qualcomm. When popauth is executed with the trace option, it does not correctly handle user-supplied...
Microsoft IIS 4.0,Microsoft JET 3.5/3.5.1 Database Engine VBA Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/286/info Microsoft's JET database engine feature allows the embedding of Visual Basic for Application in SQL string expressions and the lack of metacharacter filtering by many web applications may allow remote users to...
WebText <= 0.4.5.2 - Remote Code Execution Exploit
No description provided by source. ? //Kacper Settings $exploitname = WebText = 0.4.5.2 Remote Code Execution Exploit; $scriptname = WebText 0.4.5.2; $scriptsite = http://www.webtext.pl/?go=download; $dork = 'Powered by WebText'; // print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+:...
AWStats <= 6.5 (migrate) Remote Shell Command Injection Exploit
No description provided by source. !/usr/bin/env python http://secunia.com/advisories/19969/ by [email protected] May 5, 2006 - HAPPY CINCO DE MAYO HAPPY BIRTHDAY DAD private plz redsand@jinxy / $ nc -l -p 31337 -v listening on any 31337 ... connect to 65.99.197.147 from blacksecurity.org...
Drupal <= 4.7 (attachment mod_mime) Remote Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo Drupal = 4.7 attachment modmime poc exploit\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; / this works with a user account with upload rights and with permissions to modify...
PhpCommander <= 3.0 (upload) Remote Code Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? $devilteam = ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+:...
L2J Statistik Script <= 0.09 (index.php page) Local File Include Exploit
No description provided by source. ? print ' | \ | \ \ / | | | | | | | \ \ \ / \ \ | \ \ / \ | \ | | | / \ | \ \ \ / / | | | | | | | | | | ||/ // |./ |/\ ./ |/ || | \ \ / \ \ / | | | / | | | | | | \ | \ \ | \ | | / | | | / | | | / | |/ ,||./ | |,||\ Rev.4 www.codebreak.tk -...
CVE-2014-4046
Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action...
CVE-2014-4046
Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action...
CVE-2014-4046
CVE-2014-4046 affects Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1, plus Certified Asterisk 11.6 before 11.6-cert3, allowing remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action. Public advisories (Debian DLA-455-1, Mageia MGASA-2014-03...
GLSA-201406-15 : KDirStat: Arbitrary command execution
The remote host is affected by the vulnerability described in GLSA-201406-15 KDirStat: Arbitrary command execution Missing escape of executable shell command in KDirStat can be used to insert malicious shell commands. Impact : A local attacker could possibly execute arbitrary shell command with t...
KDirStat: Arbitrary command execution
Background KDirStat is a graphical disk usage utility for KDE. Description Missing escape of executable shell command in KDirStat can be used to insert malicious shell commands. Impact A local attacker could possibly execute arbitrary shell command with the privileges of the process. Workaround...
[SECURITY] [DSA 2946-1] python-gnupg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2946-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 04, 2014 http://www.debian.org/security/faq -...
GLSA-201401-26 : Zabbix: Shell command injection
The remote host is affected by the vulnerability described in GLSA-201401-26 Zabbix: Shell command injection If a flexible user parameter is configured in Zabbix agent, including a newline in the parameters will execute newline section as a separate command even if UnsafeUserParameters are...