Microsoft SQL Server Payload Execution via SQL injection

No description provided by source. $Id: mssqlpayloadsqli.rb 11730 2011-02-08 23:31:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

Agnitum Outpost Firewall 4.0 Outpost_IPC_HDR Local Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24284/info Outpost Firewall is prone to a local denial-of-service vulnerability. An attacker can exploit this issue to block arbitrary processes, denying service to legitimate users. This issue affects Outpost Firewall 4....

FtpXQ Server 3.01 MKD Command Remote Overflow DoS

No description provided by source. source: http://www.securityfocus.com/bid/20721/info DataWizard FtpXQ Server is prone to multiple remote vulnerabilities: - A remote denial-of-service issue occurs because the application fails to perform adequate bounds checks on user-supplied data before copyin...

IBM Bladecenter Management - Multiple web application vulnerabilities

No description provided by source. DSECRG-09-054 IBM Bladecenter Management - Multiple vulnerabilities The BladeCenter management module is prone to multiple security vulnerabilities: Unauthorized Access, Directory Listing, XSS Digital Security Research Group DSecRG Advisory DSECRG-09-054...

sweetrice cms 0.6.7 - Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22669 Reference: http://www.htbridge.ch/advisory/resetadminpasswordinsweetricecms.html Product: SweetRice CMS Vendor: basic-cms.org http://www.basic-cms.org/ Vulnerable Version: 0.6.7 Vendor Notification: 21 October 2010 Vulnerability Type:...

Microsoft Office Word 2010 Crash PoC

No description provided by source. Title : Microsoft Office Word 2010 Stack Overflow Version : Microsoft Office professional Plus 2010 Date : 2012-10-23 Vendor : http://office.microsoft.com Impact : Med/High Contact : coolkaveh at rocketmail.com Twitter : @coolkaveh tested : XP SP3 ENG Bug : ----...

RunCMS 1.6 - Remote Blind SQL Injection Exploit (IDS evasion)

No description provided by source. // / RUNCMS 1.6 BLIND SQL Injection Exploit + IDS evasion / // / exploit get hash of admin password / / / / Exploit is invisible for / / RUNCMS sql injection detecting mechanism / // // / tested on RUNCMS english version 1.6 / // // / Date of Public EXPLOIT:...

Poison Ivy 2.3.2 C&C Server Buffer Overflow

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Facebook Profile MyBB Plugin 2.4 - Persistant XSS

No description provided by source. Exploit Title: MyBB Facebook Profile Plugin Persistant XSS Date: 12/12/2012 Exploit Author: limb0 Vendor Homepage: http://www.collectiontricks.it/ Software Link: http://mods.mybb.com/view/facebook-profile-link-on-postbit-2-2 Version: 2.4 Tested on: Linux P-XSS...

Blaze Apps Multiple Vulnerabilities

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: Blaze Apps Multiple Vulnerabilities Vendor: http://blazeapps.codeplex.com Vulnerable Version: 1.4.0.051909 and prior versions Exploitation: Remote with browser Fix: N/A - Description: Blaze Apps is a ASP...

Tutti Nova <= 1.6 (TNLIB_DIR) Remote File Include Vulnerability

novalib/class.novaEdit.mysql.php 代码中对TNLIBDIR变量校验不严格。 利用方法： !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = '63860' ssvid version = '1.0' author = '皮皮' vulDate = '2006-08-21'...

Winamp Playlist UNC Path Computer Name Overflow

No description provided by source. $Id: winampplaylistunc.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

File Sharing Wizard 1.5.0 - (SEH) Exploit

No description provided by source. !/usr/bin/python print \n print Team Hackers Garage print www.garage4hackers.com print print File Sharing Wizard Version 1.5.0 print Remote Command Execution print Author: b0nd print [email protected] print print Greetz to: The Hackers Garage Family print...

WordPress Contact Form plugin <= 2.7.5 - SQL Injection

No description provided by source. Exploit Title: WordPress Contact Form plugin = 2.7.5 SQL Injection Vulnerability Date: 2011-10-13 Author: Skraps jackie.craig.sparksatlive.com jackie.craig.sparksatgmail.com @skrapsfoo Software Link: http://downloads.wordpress.org/plugin/contact-form-wordpress.z...

PoPToP PPTP <= 1.1.4-b3 Remote Root Exploit (poptop-sane.c)

No description provided by source. / Fixed Exploit against PoPToP in Linux poptop-sane.c ./r4nc0rwh0r3 of blightninjas [email protected] blightninjas: bringing pain, suffering, and humiliation to the security world Expect more great release like helloworld-annotated.c and cd explained...

RunCMS <= 1.6 disclaimer.php Remote File Overwrite Exploit

No description provided by source. ?php WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: RunCmss Bug Yahoo! Crawler Vendor: http://www.runcms.org/ Vulnerable Version: RunCMS 1.6 Halloween, 1.5.x prior versions also may be affected Exploitation: Remote with browser...

ACollab Multiple Vulnerabilities

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: ACollab Multiple Vulnerabilities Vendor: http://www.atutor.ca/acollab Vulnerable Version: 1.2 Latest version till now Exploitation: Remote with browser Fix: N/A - Description: ACollab as described by its...

PowerNews (Newsscript) 2.5.6 - Local File Inclusion Vulnerabilities

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-014 Application: PowerNews Newsscript Versions Affected: 2.5.6 Vendor URL: http://www.powerscripts.org/ Bug: Multiple Local File Include Exploits: YES Reported: 01.02.2008 Vendor Response: none Solution:...

MyBB Extended Useradmininfo Plugin 1.2.1 - Cross Site Scripting

No description provided by source. Exploit Title: Extended Useradmininfo MyBB Plugin 1.2.1 - Cross Site Scripting Google Dork: N/A Date: 09.02.2014 Exploit Author: Fikri Fadzil - [email protected] Vendor Homepage: http://forum.mybboard.de/user-9022.html Software Link:...

blogcms 4.2.1b (sql/xss) Multiple Vulnerabilities

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-003 Application: Blogcms Versions Affected: Blogcms 4.2.1b Vendor URL: http://blogcms.com/ Bugs: SQL Injestions, SiXSS, XSS Exploits: YES Reported: 15.01.2008 Vendor response: 16.01.2008 Date of Public...