PhpHostBot <= 1.06 (svr_rootscript) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ======================================================================= PhpHostBot = 1.06 svrrootscript Remote File Inclusion Vulnerability ======================================================================= \ /\ \ / | \ \ | / \ // /...

OpenWebMail Multiple XSS vuln.

OpenWebMail Multiple XSS vuln. Vuln. discovered by : r0t Date: 2 August 2007 vendor:openwebmail.org orginal advisory: http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html affected versions:2.52 20060831 and previous OpenWebMail contains multiple flaws that allows a remote...

WebDirector XSS vuln.

WebDirector XSS vuln. Vuln. discovered by : r0t Date: 1 August 2007 vendor:www.webdirector.ru orginal advisory: http://pridels-team.blogspot.com/2007/08/webdirector-xss-vuln.html affected versions:2.2 and previous WebDirector contains a flaw that allows a remote Cross-Site Scripting attacks.Input...

corehttp-overflow.txt

/ corehttpv0.5.3alpha: httpd remote buffer overflow exploit. by: vade79/v9 [email protected] fakehalo/realhalo compile: gcc xcorehttp.c -o xcorehttp syntax: ./xcorehttp -r -h host -p port corehttp homepage/url: http://corehttp.sourceforge.net/ bughttp.c:...

Code injection

Unspecified vulnerability in Sun Java System SJS Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors...

CVE-2007-4025

Unspecified vulnerability in Sun Java System SJS Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors...

CVE-2007-4025

Unspecified vulnerability in Sun Java System SJS Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors...

DirectAdmin XSS vuln.

DirectAdmin XSS vuln. Vuln. discovered by : r0t Date: 28 June 2007 vendor:http://www.directadmin.com orginal advisory: http://pridels-team.blogspot.com/2007/06/directadmin-xss-vuln.html affected versions:v1.30.1 and previous DirectAdmin contains a flaw that allows a remote Cross-Site Scripting...

QuickTicket multiple sql inj.

QuickTicket multiple sql inj. Vuln. discovered by : r0t Date: 27 June 2007 vendor:http://www.qt-cute.org/ orginal advisory: http://pridels-team.blogspot.com/2007/06/quickticket-multiple-sql-inj.html affected versions: tested on QuickTicket 1.2 build:20070621 other versions also can be affected...

Code injection

Sergey Lyubka Simple HTTPD shttpd 1.38 allows remote attackers to obtain sensitive information script source code via a URL with a trailing encoded space %20...

CVE-2007-3407

Sergey Lyubka Simple HTTPD shttpd 1.38 allows remote attackers to obtain sensitive information script source code via a URL with a trailing encoded space %20...

SHTTPD V1.38 server source code disclosure

SHTTPD V1.38 server source code disclosure ------------------------------------ link:http://shttpd.sourceforge.net/ info: The vulnerability is caused due to a parser error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files...

SHTTPD HTTP server information leak

It's possible to access scripts source code with request of kind http://127.0.0.1/test.php20...

myserver-disclose.txt

The vulnerability is caused due to a parser error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files. Found By:Shay Priel aka Prili site: http://www.myserverproject.net/ poc: ---- http://localhost/cgi-bin/post.mscgI I -...

Design/Logic Flaw

MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information script source code via a modified extension, as demonstrated by post.mscgI...

CVE-2007-3365

MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information script source code via a modified extension, as demonstrated by post.mscgI...

ClickGallery Server vuln.

ClickGallery Server vuln. Vuln. discovered by : r0t Date: 2 May 2007 vendor:http://www.clicktech.com/ orginal advisory: http://pridels-team.blogspot.com/2007/06/clickgallery-server-vuln.html affected versions: 5.1 and previous 1. ClickGallery Server contains a flaw that allows a remote sql...

access2asp XSS vuln.

access2asp XSS vuln. Vuln. discovered by : r0t Date: 22 June 2007 vendor:http://www.access2asp.com/ orginal advisory: http://pridels-team.blogspot.com/2007/06/access2asp-xss-vuln.html affected versions: access2asp v4.5 and prior access2asp contains a flaw that allows a remote Cross-Site Scripting...

Code injection

httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sensitive information script source code via a URI with a trailing %20 encoded space...

CVE-2007-3327

httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sensitive information script source code via a URI with a trailing %20 encoded space...