smf-blind.txt

SMF is a very hardened php application. If anyone wants an example of some interesting PHP security SMF is a good place to look. Even after being able to injection SQL I had to take another step and bypass some difficult filters found in the dbquery function. Ultimately i was able to do so. This...

smf-sql.txt

!/usr/bin/perl Written By Michael Brooks contact: th3dotr00katgmaildotcom SMF 1.1.3 Extremely fast Blind SQL Injection Exploit! -Binary Search -Multi-Threaded -NO benchmark's Two SQL Injection flaws. Works with magicquotesgpc=On or Off. Total Bypass of SMF's SQL Injection filter. I submitted a...

Simple Machines Forum 1.1.3 Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl Written By Michael Brooks contact: th3dotr00katgmaildotcom SMF 1.1.3 Extremely fast Blind SQL Injection Exploit! -Binary Search -Multi-Threaded -NO benchmark's Two SQL Injection flaws. Works with magicquotesgpc=On or Off. Total Bypass of SMF's SQL...

Simple Machines Forum (SMF) 1.1.3 - Blind SQL Injection

!/usr/bin/perl Written By Michael Brooks contact: th3dotr00katgmaildotcom SMF 1.1.3 Extremely fast Blind SQL Injection Exploit! -Binary Search -Multi-Threaded -NO benchmark's Two SQL Injection flaws. Works with magicquotesgpc=On or Off. Total Bypass of SMF's SQL Injection filter. I submitted a...

Simple Machines Forum (SMF) 1.1.3 - Blind SQL Injection

Simple Machines Forum SMF 1.1.3 - Blind SQL Injection !/usr/bin/perl Written By Michael Brooks contact: th3dotr00katgmaildotcom SMF 1.1.3 Extremely fast Blind SQL Injection Exploit! -Binary Search -Multi-Threaded -NO benchmark's Two SQL Injection flaws. Works with magicquotesgpc=On or Off. Total...

DEBIAN-CVE-2007-3847

The date handling code in modules/proxy/proxyutil.c modproxy in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service caching forward proxy process crash via crafted date headers that trigger a buffer over-read...

Sql injection

SQL injection vulnerability in signin.aspx in Message Board / Threaded Discussion Forum Application Template allows remote attackers to execute arbitrary SQL commands via the Password parameter...

CVE-2007-4110

The CVE-2007-4110 entry describes an SQL injection in sign_in.aspx of a Message Board/Threaded Discussion Forum Application Template, allowing remote execution of arbitrary SQL via the Password parameter. The issue is caused by unsafely incorporated user input into SQL commands, exposing partial ...

Message Board / Threaded Discussion Forum SQL INJECTION

A R I A - S E C U R I T Y Message Board / Threaded Discussion Forum SQL INJECTION Vendor: http://www.codewidgets.com http://target.com/PATH/signin.aspx Username: admin Password: anything' OR 'x'='x Credits: Aria-Security Team http://aria-security.net http://outlaw.aria-security.info...

Guidance Software response to iSEC report on EnCase

Guidance Software Response to iSEC Report Guidance Software received and reviewed the report drafted by two presenters at the upcoming Black Hat USA conference. We have also spoken to Alex Stamos, one of the testing leaders. The report authors disclose that they conducted, over a period of six...

httpd mod_cache segfault

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

Design/Logic Flaw

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

DEBIAN-CVE-2007-1863

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

httpd mod_cache segfault

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

httpd mod_cache segfault

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

CVE-2007-2844

PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access...

Tracing execution of a threaded executable causes kernel BUG report

The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service system hang related to "MT exec + utraceattach spin failure mode," as demonstrated by ptrace-thrash.c...

CVE-2006-4155

Unspecified vulnerability in functopicthreaded.php aka threaded view mode in Invision Power Board IPB before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic."...

CVE-2006-4155

CVE-2006-4155 affects Invision Power Board (IPB) prior to 2.1.7. The vulnerability is in func_topic_threaded.php (threaded view mode) and allows remote attackers to access posts outside the topic. The available references describe the issue as an unspecified vulnerability with network exposure (b...

panic-reloaded - TCP Denial of Service Tool

/ ----------------------------------------------------------------------------- / \ / / / / / / / / / / / / / / / / / // / / // / / / / // // // / / / / / / // // ,/ ,/ // / Security Community ----------------------------------------------------------------------------- Software for...