CVE-2010-2336

CVE-2010-2336 affects Yamamah Photo Gallery 1.00; the index.php download parameter allows remote attackers to obtain the source code of executable files within the web document root. The root cause is improper handling of the download parameter that exposes server file contents. Impact is exposur...

KubeLance 1.7.6 - 'profile.php' SQL Injection

Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Kubelance SQL Injection Vendor url:http://www.kubelabs.com Version:1.7.6 Price:90$ Published: 2010-06-19 Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to all ICW members. Spl Greetz to:inj3ct0r.com Team,...

Nginx Source Code Disclosure/Download

This module exploits a source code disclosure/download vulnerability in versions 0.7 and 0.8 of the nginx web server. Versions 0.7.66 and 0.8.40 correct this vulnerability. This module requires Metasploit: https://metasploit.com/download Current source:...

MolyX Forum system SQL injection defects, and source code disclosure vulnerability-vulnerability warning-the black bar safety net

Magic ForumMolyX Board is a magic series of Web application software products one of the by the magic StudioMolyX Studios after several years of market, technical research and study, in the fusion of the current many Forum program technical and practical advantages on the basis for Chinese People...

nginx HTTP请求源码泄露和拒绝服务漏洞

BugCVE: CVE-2010-2263 BUGTRAQ: 40760 nginx是多平台的HTTP服务器和邮件代理服务器 nginx服务器无法处理交换数据流（ADS），将其处理为普通文件的数据量。攻击者可以使用filename::$data的形式读取并下载Web应用文件的源码；此外如果在HTTP请求中添加了目录遍历序列的话，就可以覆盖内存寄存器，导致拒绝服务。 nginx 0.7.x/0.8.x 厂商补丁： Igor Sysoev ----------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2010-2263

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI...

CVE-2010-2263

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI...

CVE-2010-2263

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI...

UnrealIRCd: Multiple vulnerabilities

Background UnrealIRCd is an Internet Relay Chat IRC daemon. Description Multiple vulnerabilities have been reported in UnrealIRCd: The vendor reported a buffer overflow in the user authorization code CVE-2009-4893. The vendor reported that the distributed source code of UnrealIRCd was compromised...

nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities

nginx is prone to remote source-code-disclosure and denial of service vulnerabilities. An attacker can exploit these vulnerabilities to view the source code of files in the context of the server process or cause denial-of- service conditions. nginx 0.8.36 for Windows is vulnerable; other versions...

nginx <= 0.8.36 Remote Source Code Disclosure and DoS Vulnerabilities

nginx is prone to remote source code disclosure and denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...

Litespeed Technologies - Web Server Remote Poison Null Byte

Litespeed Technologies Web Server Remote Poison null byte Zero-Day discovered and exploited by Kingcope in June 2010 google gives me over 9million hits Example exploit session: %nc 192.168.2.19 80 HEAD / HTTP/1.0 HTTP/1.0 200 OK Date: Sun, 13 Jun 2010 00:10:38 GMT Server: LiteSpeed . %cat...

Litespeed Technologies - Web Server Remote Poison Null Byte

Litespeed Technologies - Web Server Remote Poison Null Byte Litespeed Technologies Web Server Remote Poison null byte Zero-Day discovered and exploited by Kingcope in June 2010 google gives me over 9million hits Example exploit session: %nc 192.168.2.19 80 HEAD / HTTP/1.0 HTTP/1.0 200 OK Date: Su...

Litespeed Technologies Web Server Remote Poison null byte Exploit

Exploit for multiple platform in category remote exploits ================================================================= Litespeed Technologies Web Server Remote Poison null byte Exploit ================================================================= Litespeed Technologies Web Server Remote...

Yamamah - &#039;news&#039; SQL Injection / Source Code Disclosure

Exploit Title: Yamamah Vulnerability news SQL Injection / disclosure Vulnerability Date: 12-06-2010 Author: anT!-Tr0J4n My Home : www.Dev-PoinT.com Software Link:http://www.yamamah.org Version: 1.00 Tested on: Win7/Linux DorK : N / A ========== Exploit By anT!-Tr0J4n============ =======Yamamah...

Yamamah - news SQL Injection Source Code Disclosure

Yamamah - news SQL Injection Source Code Disclosure Exploit Title: Yamamah Vulnerability news SQL Injection / disclosure Vulnerability Date: 12-06-2010 Author: anT!-Tr0J4n My Home : www.Dev-PoinT.com Software Link:http://www.yamamah.org Version: 1.00 Tested on: Win7/Linux DorK : N / A ==========...

nginx engine x server <= 0.7.65 stable/0.8.39 (development) source code

Exploit for windows platform in category remote exploits ================================================================================================================= NGINX ENGINE X SERVER http://nginx.org/en/ ref-1 ======TESTED VERSIONS===== Unix versions are not vulnerable it only affects t...

Nginx 0.7.65/0.8.39 (dev) - Source Disclosure / Download

TITLE: NGINX ENGINE X SERVER http://nginx.org/en/ ref-1 ======TESTED VERSIONS===== Unix versions are not vulnerable it only affects to NTFS file system Windows Stable versions: nginx/0.7.66 -- Not vulnerable nginx/0.7.65 -- Vulnerable nginx/0.7.64 -- Vulnerable nginx/0.7.63 -- Vulnerable...

DaLogin - Multiple Vulnerabilities

dalogin 2.2 multiple vulnerabilites app desc: Configurable WebSite. PHP + Mysql: news zone with rss feed, private zone, languages, themes, administration panel app source: http://dalogin.sourceforge.net/ author: hc0 1 config file disclosure you can access config.ini file from...

QuickTalk 1.2 Information Disclosure

======================================================================= QuickTalk v1.2 Source code disclosure Multiple Vulnerabilities ======================================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\...