1774 matches found
Drupal <= 4.7 (attachment mod_mime) Remote Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "Drupal = 4.7 attachment modmime poc exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; / this works with a user account with upload rights and with permissions to...
Nucleus CMS <= 3.22 (DIR_LIBS) Arbitrary Remote Inclusion Exploit
Exploit for unknown platform in category web applications ================================================================= Nucleus CMS = 3.22 DIRLIBS Arbitrary Remote Inclusion Exploit ================================================================= !/usr/bin/php -q -d shortopentag=on ? echo...
sugarsuite.txt
!/usr/bin/php -q -d shortopentag=on \r\n"; die; / software site: http://www.sugarcrm.com/crm/ i vulnerable code in modules/OptimisticLock/LockResolve.php...
DeluxeBB 1.06 - 'Attachment mod_mime' Remote Command Execution
!/usr/bin/php -q -d shortopentag=on ? echo "DeluxeBB = v1.06 attachment modmime exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "tested & working against a fresh deluxebb installation\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host...
Sugar Suite Open Source <= 4.2 "OptimisticLock!" arbitrary remote inclusion exploit
!/usr/bin/php -q -d shortopentag=on ? echo "Sugar Suite Open Source = 4.2 "OptimisticLock!" arbitrary remote inclusion exploitrn"; echo "by rgod [email protected]"; echo "site: http://retrogod.altervista.orgrnrn"; echo "this is called the "five claws of Sun-tzu"rnrn"; if $argc5 echo "Usage: ph...
FreeBSD : firefox & mozilla -- command line URL shell command injection (2e28cefb-2aee-11da-a263-0001020eed82)
A Secunia Advisory reports : Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in t...
FreeBSD : opera -- command line URL shell command injection (dfc1daa8-61de-11da-b64c-0001020eed82)
An Opera Advisory reports : Opera for UNIX uses a wrapper shell script to start up Opera. This shell script reads the input arguments, like the file names or URLs that Opera is to open. It also performs some environment checks, for example whether Java is available and if so, where it is located...
FreeBSD : libgadu -- multiple vulnerabilities (3b4a6982-0b24-11da-bc08-0001020eed82)
Wojtek Kaniewski reports : Multiple vulnerabilities have been found in libgadu, a library for handling Gadu-Gadu instant messaging protocol. It is a part of ekg, a Gadu-Gadu client, but is widely used in other clients. Also some of the user contributed scripts were found to behave in an insecure...
phpRaid-1.txt
Kurdish Security Advisory phpRaid Remote File Include PHPBB : "Sosyalizim'de ısrar insan olmakta ısrardır" Abdullah Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com & [email protected] Script : phpRaid Script Website : http://www.spiffyjr.com/ Version : phpRaid v2.9.5 "...
AWStats 6.5 - 'migrate' Remote Shell Command Injection
!/usr/bin/env python http://secunia.com/advisories/19969/ by [email protected] May 5, 2006 - HAPPY CINCO DE MAYO HAPPY BIRTHDAY DAD private plz redsand@jinxy / $ nc -l -p 31337 -v listening on any 31337 ... connect to 65.99.197.147 from blacksecurity.org 65.99.197.147 53377 id uid=81apach...
AWStats 6.5 - migrate Remote Shell Command Injection
AWStats 6.5 - migrate Remote Shell Command Injection !/usr/bin/env python http://secunia.com/advisories/19969/ by [email protected] May 5, 2006 - HAPPY CINCO DE MAYO HAPPY BIRTHDAY DAD private plz redsand@jinxy / $ nc -l -p 31337 -v listening on any 31337 ... connect to 65.99.197.147 from...
SA-03.txt
I'm proud to introduce an example of return into libc exploit which works though grsecurity patch protection. Please read source carefully and change some lines cause default version probably wont work on your machine. - This is example, remember it. ; / Grsecurity bypass tryout - system"/bin/sh"...
PHPList <= 2.10.2 GLOBALS[] Remote Code Execution Exploit
Exploit for unknown platform in category web applications ========================================================= PHPList this works against registerglobals=On \r\n"; echo "a dork: inurl:"lists/?p=subscribe" | inurl:"lists/index.php?p=subscribe"\r\n"; echo " -ubbi phplist\r\n\r\n"; if $argc4...
TWiki revision control shell command injection
Added: 04/06/2006 CVE: CVE-2005-2877 BID: 14834 OSVDB: 19403 Background TWiki is a web-based collaboration platform written in PERL. Problem The revision control function in TWiki does not sufficiently check the rev parameter before using it in a shell command call. This allows remote attackers t...
TWiki Search.pm shell command injection
Added: 04/06/2006 CVE: CVE-2004-1037 BID: 11674 OSVDB: 11714 Background TWiki is a web-based collaboration platform written in PERL. Problem The Search.pm module does not sufficiently check search strings for illegal characters, allowing remote attackers to execute commands using search strings...
TWiki Search.pm shell command injection
Added: 04/06/2006 CVE: CVE-2004-1037 BID: 11674 OSVDB: 11714 Background TWiki is a web-based collaboration platform written in PERL. Problem The Search.pm module does not sufficiently check search strings for illegal characters, allowing remote attackers to execute commands using search strings...
TWiki revision control shell command injection
Added: 04/06/2006 CVE: CVE-2005-2877 BID: 14834 OSVDB: 19403 Background TWiki is a web-based collaboration platform written in PERL. Problem The revision control function in TWiki does not sufficiently check the rev parameter before using it in a shell command call. This allows remote attackers t...
TWiki revision control shell command injection
Added: 04/06/2006 CVE: CVE-2005-2877 BID: 14834 OSVDB: 19403 Background TWiki is a web-based collaboration platform written in PERL. Problem The revision control function in TWiki does not sufficiently check the rev parameter before using it in a shell command call. This allows remote attackers t...
TWiki revision control shell command injection
Added: 04/06/2006 CVE: CVE-2005-2877 BID: 14834 OSVDB: 19403 Background TWiki is a web-based collaboration platform written in PERL. Problem The revision control function in TWiki does not sufficiently check the rev parameter before using it in a shell command call. This allows remote attackers t...
[SA19453] v-creator VCEngine.php Shell Command Injection Vulnerability
TITLE: v-creator VCEngine.php Shell Command Injection Vulnerability SECUNIA ADVISORY ID: SA19453 VERIFY ADVISORY: http://secunia.com/advisories/19453/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: v-creator 1.x http://secunia.com/product/9080/ DESCRIPTION: A...