RoarSmithinfo2www远程执行任意命令漏洞

BugCVE: CVE-1999-0266 BUGTRAQ: 1995 “info2www”是一个将GNU Info文本转化成HTML文件的CGI程序。 某些早期版本的info2www脚本实现上存在输入验证漏洞，远程攻击者可以利用此漏洞以Web进程的权限在主机上 执行任意系统命令。 问题在于程序脚本没有过滤用户输入中包含的一些shell元字符，远程攻击者可能以Web守护程序的权限（root或nobody）在主机上执行任意程序。 1.0-1.1 临时解决方法： 如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁：...

PHP Execute Command

Execute a single system command This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include Msf::Payload::Php def initializeinfo =...

racer-overflow.txt

!/usr/bin/perl Credit's to n00b. Racer v0.5.3 beta 5 12-03-07 remote exploit. Racer is also prone to a buffer over flow in the server and client.Automatically the game open's Udp port 26000 and is waiting for a msg buffer. If we send an overly long buffer we are able to Control the eip register a...

ls-exec.txt

Special Greetings To - Timq,Warpboy,The-Maggot File: index.php Affects: LS simple guestbook v1 Date: 15th April 2007 Issue Description: =========================================================================== LS simple guestbook fails to sanitize user input that it writes to the posts.txt file...

PHP-Nuke Module eBoard 1.0.7 - GLOBALS[name] Local File Inclusion

!Perl PHP-Nuke Module eBoard 1.0.7 GLOBALSname Local File Inclusion Exploit Vendor: http://www.complex-berlin.de/modules.php?name=Downloads&dop=getit&lid=975 Coded by bd0rk || SOH-Crew Greetz: str0ke, TheJT, MereX, mymaster use IO::Socket; use LWP::Simple; ripped @apache=...

PBlang 4.66z - Remote Code Execution

PBlang 4.66z - Remote Code Execution !/usr/bin/perl PBlang 4.66z Remote Command Execution Exploit this Exploit register a user with admin access - magicquotesgpc = Off - Only work on 4.66z Coded & Discovered By Hessam-x / Hessamx-at-Hessamx.net use IO::Socket; use LWP::UserAgent; use HTTP::Cookie...

phpnukesplat-lfi.txt

!/usr/bin/perl Modulo Splatt Forum v4.0 RC1bbcoderef.php nameLocal File Include Exploit D.Script: http://sourceforge.net/projects/splattforum/ V.Code $modulename = $name; -------- Line : 17 include"modules/".$modulename."/functions.php"; -------- Line : 19 Dork: "Splatt Forum" Discovered & Coded ...

DEBIAN-CVE-2006-6719

The ftpsyst function in ftp-basic.c in Free Software Foundation FSF GNU wget 1.10.2 allows remote attackers to cause a denial of service application crash via a malicious FTP server with a large number of blank 220 responses to the SYST command...

PHP Command, Double Reverse TCP Connection (via Perl)

Creates an interactive shell via perl This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include Msf::Payload::Php include...

MattWrighttextcounter.pl远程执行命令漏洞

textcounter.pl是一个由Matt Wright编写的基于Web的记数器脚本，使用比较广泛。 某些早期版本的textcounter.pl脚本实现上存在输入验证漏洞，远程攻击者可以利用此漏洞以httpd进程的权限在主机上执行任意系统命令。问题在于程序脚本没有过滤用户输入中包含的一些特殊字符，远程攻击者可以向$DOCUMENTURI环境变量注入指定的值，脚本在处理的时候就会以Web守护程序的权限（root或nobody）在主机上执行攻击者指定的任意命令。 Matt Wright TextCounter1.2...

FreeWPS 2.11 - 'upload.php' Remote Command Execution

source: https://www.securityfocus.com/bid/20494/info FreeWPS is prone to a remote command-execution vulnerability. Attackers can exploit this issue to execute arbitrary system commands with the privileges of the webserver process. FreeWPS version 2.11 is vulnerable to this issue; other versions m...

How to execute system command in MSSQL-vulnerabilities and early warning-the black bar safety net

Assume that a host opening a 1 4 3 3 ports we have bySQL injectionor empty weak password for remote connection Can have what way to add a system administrator user? or perform a system command 1. XPCMDSHELL cmd.exe /c net user aaa bbb /add Everyone knows the way,the biggest benefit is the return...

The Windows environment via the MySQL to the SYSTEM status perform system commands-bug warning-the black bar safety net

Some time ago two about MySQL vulnerabilities in the MySQL CREATE FUNCTION mysql. func table allows injecting arbitrary function library vulnerability, the MySQL CREATE FUNCTION libc library allows arbitrary code execution vulnerabilities of a careful study of these two vulnerabilities, you can...

Limbo CMS Multiple Vulnerabilities

The remote web server contains a PHP application that is affected by numerous vulnerabilities. Description : The remote host is running Limbo CMS, a content-management system written in PHP. The remote version of this software is vulnerable to several flaws including : - If registerglobals is off...

ShoutLIVE <= 1.1.0 (savesettings.php) Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl ShoutLIVE = 1.1.0 Remote Php Code Execution Based on: http://www.frsirt.com/bulletins/4109 Credits: Coded by DarkFig Website: http://disarm.free.fr/bohard/ Greetz: All AcidRoot/Bod members = use IO::Socket; use LWP::Simple; if!$ARGV1headers; print...

dotProject-2.0.1.txt

dotproject Date: Feb. 14 2006 Vendor: dotproject.net contacted Description: dotProject is a volunteer supported Project Management application. Details: The 'protection.php' script does not properly validate user-supplied input in the 'siteurl' parameter. Some user-supplied input is not checked...

QNX Neutrino 6.2.1 (phfont) Race Condition Local Root Exploit

Exploit for QNX platform in category local exploits ============================================================= QNX Neutrino 6.2.1 phfont Race Condition Local Root Exploit ============================================================= !/bin/sh email protected 18/10/2003 $ cksum...

Elm < 2.5.8 (Expires Header) Remote Buffer Overflow Exploit

No description provided by source. / Exploit code for the bug posted by Ulf Harnhammar metaurtelia.com http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html Probably you will need to change SYSLOC and STRLOC to work on your box / include stdio.h include stdlib.h include string.h...

OS2A-1001.txt

OS2A ePing Arbitrary File Creation/Command Execution Vulnerability OS2A ID: OS2A1001 Status Published: 08/04/2005 Updated : 08/05/2005 Patch Released Class: File Creation/Command Execution Severity: CRITICAL Overview: ePing is a ping utility plugin for e107, a PHP-based content management system...

nbSMTP 0.99 - 'util.c' Client-Side Command Execution

/ nbSMTPfsexp.c nbSMTP v0.99 remote format string exploit by CoKi root@nosystem:/home/coki/audi ./nbSMTPfsexp nbSMTP v0.99 remote format string exploit by CoKi Use: ./nbSMTPfsexp options options: -t type of target system -r return address -s shellcode address -o offset -l targets list...