chicomas <= 2.0.4 (DB Backup/DD/XSS) Multiple Vulnerabilities

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: chicomas =2.0.4 Multiple Vulnerabilities Vendor: http://www.chicomas.com/ Demo: http://demo.opensourcecms.com/chicomas Bug: Database Information Disclosure, Authorization Weakness, XSS Vulnerable Version:...

FreeLyrics 1.0 (source.php p) Remote File Disclosure Vulnerability

No description provided by source. Piker FreeLyrics Remote Source Code Disclosure Vulnerability Affected software: FreeLyrics Vendor: http://lyrics.sourceforge.net/ Risk: Medium http://target/path/source.php?p=FILE PoC: http://target/path/source.php?p=config.php Found by Piker...

Chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting

www.BugReport.ir AmnPardaz Security Research Team Title: chicomas Dtabase Information Disclosure POC: http://URL/chicomas/config.inc +--The Latest generated Database backups POC: http://URL/chicomas/backup +--Cross Site Scripting XSS. Reflected XSS attack in "index.php" in "q" parameter. POC:...

FreeLyrics 1.0 (source.php p) Remote File Disclosure Vulnerability

Exploit for unknown platform in category web applications ================================================================== FreeLyrics 1.0 source.php p Remote File Disclosure Vulnerability ================================================================== FreeLyrics Remote Source Code Disclosure...

FreeLyrics 1.0 - Remote File Disclosure

FreeLyrics 1.0 - Remote File Disclosure Piker FreeLyrics Remote Source Code Disclosure Vulnerability Affected software: FreeLyrics Vendor: http://lyrics.sourceforge.net/ Risk: Medium http://target/path/source.php?p=FILE PoC: http://target/path/source.php?p=config.php Found by Piker...

FreeLyrics 1.0 - Remote File Disclosure

Piker FreeLyrics Remote Source Code Disclosure Vulnerability Affected software: FreeLyrics Vendor: http://lyrics.sourceforge.net/ Risk: Medium http://target/path/source.php?p=FILE PoC: http://target/path/source.php?p=config.php Found by Piker piker0x90atgmaildotcom D.O.M Labs - Security Researche...

TmaxSoft JEUS source code leakage

It's possible to access code source by using NTFS alternative streams be adding ::$DATA to filename...

A simple php source code disclosure vulnerability excavations-vulnerability warning-the black bar safety net

We know that in asp appears to be the most or thesql injection, but in php since magicquotesgpc is on case special characters will be escaped, so even if there are a lot of times theresql injectionalso I can not use. But php powerful file operation function, but so that we can experience in asp c...

Webshell under to crack computer administrator password-vulnerability warning-the black bar safety net

Method of use: 1, The your password dictionary was renamed into the psw. txt, upload to the target server is an executable, writable directory. It is assumed that this directory is: c:\windows\temp\ 2, The program upload to the c:\windows\temp, and then run it. 3, and then is wait a few...

Mini-CMS 1.0.1 - 'index.php' Local File Inclusion

/ $Id: minicms-1.0.1-lfi.txt,v 0.1 2008/12/06 04:06:00 cOndemned Exp $ Mini-CMS 1.0.1 index.php Multiple Local File Inclusion Vulnerabilities Discovered by cOndemned Download : http://www.bpowerhouse.info/minicms.htm Greetz : ZaBeaTy, str0ke, d2, sid.psycho, Adish, TBH & Avantura ; / Source of...

Gravity GTD <= 0.4.5 (rpc.php objectname) LFI/RCE Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl gravity-gtd = 0.4.5 LFI/RCE Vulnerability Script: An open source list manager for tracking actio...

mysimpleforum-lfi.txt

/ $Id: mysimpleforum-3.0-lfi.txt,v 0.1 2008/12/04 23:03:00 cOndemned Exp $ My Simple Forum 3.0 index.php action Local File Inclusion Vulnerability Bug discovered by cOndemned Script download: http://drennansoft.com/index.php?action=download&id=1 Greetz: ZaBeaTy, str0ke, d2, TBH, Avantura / Source...

My Simple Forum 3.0 - Local File Inclusion

My Simple Forum 3.0 - Local File Inclusion / $Id: mysimpleforum-3.0-lfi.txt,v 0.1 2008/12/04 23:03:00 cOndemned Exp $ My Simple Forum 3.0 index.php action Local File Inclusion Vulnerability Bug discovered by cOndemned Script download: http://drennansoft.com/index.php?action=download&id=1 Greetz:...

W3C Amaya 10.1 Web Browser (id) Remote Stack Overflow PoC

No description provided by source. W3C Amaya 10.1 Web Browser Amaya id Remote Stack Overflow Vulnerability Written and discovered by: r0ut3r writ3r at gmail.com / www.bmgsec.com.au Advisory: http://www.bmgsec.com.au/advisory/41/ ------------------------------------------------------ Shellcode...

Amaya (id) Remote Stack Overflow Vulnerability

W3C Amaya 10.1 Web Browser Amaya id Remote Stack Overflow Vulnerability Written and discovered by: r0ut3r writ3r at gmail.com / www.bmgsec.com.au Advisory: http://www.bmgsec.com.au/advisory/41/ ------------------------------------------------------ Shellcode notes: The application fails to...

social-sql.txt

HACKATTACK Advisory 2008-11-20Social Engine 2.7 CRLF Injection + SQL injection Details Product: Social Engine Security-Risk: moderate Remote-Exploit: yes Vendor-URL: http://www.socialengine.net/ Vendor-Status: informed Advisory-Status: published Credits Discovered by: David Vieira-Kurz of...

Microsoft Windows Vista - iphlpapi.dll Local Kernel Buffer Overflow

Microsoft Windows Vista - iphlpapi.dll Local Kernel Buffer Overflow // source: https://www.securityfocus.com/bid/32357/info // Microsoft Windows Vista is prone to a buffer-overflow vulnerability because of insufficient boundary checks. // Local attackers could exploit this issue to cause...

Q-Shop 3.0 Remote XSS/SQL Injection Vulnerabilities

No description provided by source. 000000 00000 0000 0000 000 00 000000 0000000 0000 000000 00000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 00000 0 0 0 0 0 0 0 0 00000 0000 0 0 0 0 00000 0 0 0 0 0 0 0 0 0 0 000 0 0 0 ...

Q-Shop 3.0 Remote XSS/SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications =================================================== Q-Shop 3.0 Remote XSS/SQL Injection Vulnerabilities =================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' ...

Minigal b13 (index.php list) Remote File Disclosure Exploit

No description provided by source. ?php settimelimit0; function findpass$data $tab = explode'$gallerycopyright = ',$data; $tab1 = explode'$version = "B13";',$tab1; $tab2 = explode'$adminpass = "',$tab10; if$tab21!="" echo"Vuln exploited enjoy !\n"; echo sleep1; echo"Admin hash ==...