Slackware: Security Advisory (SSA:2005-278-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GIMP script-fu buffer overflow

Buffer overflow on message parsing, shell execution...

pBot - Remote Code Execution

pBot - Remote Code Execution !/usr/bin/perl Exploit Title: pBot Remote Code Execution "" hostauth Date: 31.07.2012 Exploit Author: @bwallHatesTwits Software Link: https://www.firebwall.com/decoding/read.php?u=620d21fd31b87046e94975e03fdafa8a decoded from attempted attack Version: Various versions...

eGlibc Signedness Code Execution

Exploit Title: eGlibc Signedness Vulnerability Date: November 2011 Exploit Author: c0ntex Vendor Homepage: http://www.eglibc.org Software Link: http://www.eglibc.org/home Version: eGlibc supplied by Ubuntu 10.4 LTS Tested on: Ubuntu 10.4 LTS CVE : CVE-2011-2702 A delicious, yet slightly cold...

Calibre E-Book Reader - Local Privilege Escalation (1)

Calibre E-Book Reader - Local Privilege Escalation 1 !/bin/sh .50-Calibrer Assault Mount by zx2c4 Calibre uses a suid mount helper, and like nearly all suid mount helpers that have come before it, it's badly broken. Let's go through Calibre's faulty code available at http://pastebin.com/auz9SULi...

Calibre E-Book Reader - Local Privilege Escalation (1)

!/bin/sh .50-Calibrer Assault Mount by zx2c4 Calibre uses a suid mount helper, and like nearly all suid mount helpers that have come before it, it's badly broken. Let's go through Calibre's faulty code available at http://pastebin.com/auz9SULi and look at the array of silly things done, only one ...

Drupal 7.0 Shell Execution

!/usr/bin/env php ================ + In any Drupal , detecting the file http://local/Path/scripts/drupal.sh The content file 'drupal.sh' is this PHP CODE for EXECUTING Scripts ================ ------------------------ Check for your PHP interpreter - on Windows you'll probably have to replace lin...

WSN Links SQL Injection Vulnerability

Exploit for php platform in category web applications ===================================== WSN Links SQL Injection Vulnerability ===================================== I. DESCRIPTION --------------------------------------- A vulnerability exists in the search.php code that allows for SQL injectio...

JAF CMS Multiple Remote File Include and Remote Shell Command Execution Vulnerabilities

JAF CMS is prone to an shell-command-execution vulnerability and multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit the remote shell-command-execution issue to execute arbitrary shell commands in the context...

MobPartner Counter - Arbitrary File Upload

MobPartner Counter Remote File Upload Vulnerability + Author : wlhaan hacker + Email : [email protected] + Site : www.sa-hacker.com/vb + team wlhaan Hacker + Dork : "MobPartner Counter" "upload files" The exploit : http://localhost/path/upload.php edit shell shell.php.pgif Get now shell :...

Joomla RSGallery2 Backdoor

Vulnerability: Remote code execution back doors Software: RSGallery2 - Gallery Extension for Joomla! We are currently working on a new website. All files are still available at the JoomlaCode project page. Severity: Not a big deal. Joomla components contain all sorts of obfuscated junk all the...

Dokuwiki 2009-02-14 Remote/Temporary File Inclusion exploit

Exploit for unknown platform in category web applications =========================================================== Dokuwiki 2009-02-14 Remote/Temporary File Inclusion exploit =========================================================== Dokuwiki 2009-02-14 Remote/Temporary File Inclusion exploit...

VirtueMart <= 1.1.2 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications =================================================== VirtueMart = 1.1.2 Multiple Remote Vulnerabilities =================================================== Author: Janek Vind "waraxe" Date: 24. January 2009 Location: Estonia, Tartu...

SupeV 1.0.1 0DAY-vulnerability warning-the black bar safety net

Source: WEB Security manual Thank '&waste. Delivery Hello everyone, I'm nameless Today released a discuz its products "video podcast SupeV 1.0.1" 0day Vulnerability file: api目录下test.php Looking directly at the code $str=filegetcontents $thumb ;//first the 1 8 line with filegetcontents to read$thu...

Falt4 CMS RC4 (fckeditor) Arbitrary File Upload Exploit

No description provided by source. Falt4 CMS fckeditor Arbitrary File Upload Exploit Bug Discovered By : Sp3shial [email protected] Persian Boys Hacking Team From A Land With A History-Long Background Download CMS :...

1024 CMS 1.4.4 - Remote Command Execution Remote File Inclusion

1024 CMS 1.4.4 - Remote Command Execution Remote File Inclusion !/usr/bin/perl 1024 CMS = 1.4.4 Remote Command Execution with RFI c99 Exploit download: http://www.trebledesigns.com/1024cms.zip Author: JosS mail: sys-projectathotmaildotcom site: http://www.hack0wn.com/ team: Spanish Hackers Team -...

Moodle < 1.9.4 'filter/tex/texed.php' 'pathname' Parameter RCE

Binary data 4788.prm...

FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Thecus N5200Pro NAS Server Control Panel - Remote File Inclusion

Thecus N5200Pro NAS Server Control Panel Remote File Ä°nclude Author : CrackersChild Mail : [email protected] Bug in : usrgetform.html Exploit : www.site.com:9443/usr/usrgetform.html?name=Shelz? Ä°nfo : http://www.thecus.com/productsover.php?cid=11&pid=8 Greetz: Str0ke milw0rm.com 2008-02-18...

Remote Shell Command Execution in &quot;KB-Bestellsystem&quot; &#40;amensa-soft.de&#41;

"KB-Bestellsystem" is a domain order system written in Perl. The "domain" and "tld" parameters in "kbwhois.cgi" are not filtering shell metacharacters. The following examples will show you the /etc/passwd file:...