2563 matches found
osCSS 1.2.1 Backup Disclosure
======================================================================================== | Title : osCSS 1.2.1 Backups Vulnerability | Author : indoushka | email : [email protected] | Home : www.sec-war.com | Web Site :...
osCSS 1.2.1 - Database Backups Disclosure
======================================================================================== | Title : osCSS 1.2.1 Backups Vulnerability | Author : indoushka | email : [email protected] | Home : www.sec-war.com | Dork : Powered by osCSS | Dork : Index of /osCSS/admin/backups | Tested on: windows...
PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution
PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution !/usr/bin/php ?php / Found this after getting my inet back and noticing this http://www.milw0rm.com/exploits/6085 . The only problem with the remote command execution there is that it actually requires registerglobals = on. I saw the GLOBAL...
PHPizabi v0.848b C1 HFP1-3 Remote Command Execution Exploit
Exploit for unknown platform in category web applications =========================================================== PHPizabi v0.848b C1 HFP1-3 Remote Command Execution Exploit =========================================================== !/usr/bin/php ?php / Found this after getting my inet back...
PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution
!/usr/bin/php ?php / Found this after getting my inet back and noticing this http://www.milw0rm.com/exploits/6085 . The only problem with the remote command execution there is that it actually requires registerglobals = on. I saw the GLOBAL keyword, and actually believed this populated those...
ASPTicker 1.0 - Remote Database Disclosure
ASPTicker 1.0 DD Remote Vuln. ---------------------------------------------------------- Discovered By: ZoRLu msn: [email protected] Home: www.z0rlu.blogspot.com N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ----------------------------------------------------------- exp for demo: DD...
Use download the vulnerability database to initiate network attacks-vulnerability warning-the black bar safety net
As scripting vulnerability the number one killer-and database download vulnerabilities, now has been more and more people to the art. In this information technology update Fast of the era, the vulnerability produced after the attendant is to respond to the tricks, such as change the database...
Stack overflow
Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and possibly earlier versions allows remote attackers to execute arbitrary code or cause a denial of service application crash via a long string in a .M3U file. NOTE: some of these details are obtained from third party information...
Creative Software UK Community Portal 1.1 - EventView.php?event_id SQL Injection
Creative Software UK Community Portal 1.1 - EventView.php?eventid SQL Injection source: https://www.securityfocus.com/bid/17890/info Creative Community Portal is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplie...
Cross site scripting
Cross-site scripting XSS vulnerability in page.php in in Siteframe Beaumont, possibly 5.0.2 or 5.0.1a, allows remote attackers to inject arbitrary web script or HTML via the commenttext parameter to the user comment page /edit/Comment...
PHPWebThings 1.4 - download.php?File SQL Injection
PHPWebThings 1.4 - download.php?File SQL Injection source: https://www.securityfocus.com/bid/15399/info phpWebThings is prone to an SQL injection vulnerability. This is an input validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure an...
qmail -- 64 bit integer overflows with possible remote code execution on large SMTP requests
Georgi Guninski writes: There are several issues with qmail on 64 bit platforms - classical integer overflow, pointer with signed index and signedness problem not counting the memory consumtion dos, which just helps. Update: the problem with the signed index is exploitable on Freebsd 5.4 amd64 wi...
CVE-2004-2718
PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request...
CVE-2002-1479
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges...
ProductCart 1.5/1.6/2.0 - File Disclosure
source: https://www.securityfocus.com/bid/8112/info A vulnerability has been reported for ProductCart that may result in an attacker obtaining the contents of the database file. http://victimhost/productcart/database/EIPC.mdb...
OpenBB 1.01.1 - index.php SQL Injection
OpenBB 1.01.1 - index.php SQL Injection source: https://www.securityfocus.com/bid/7401/info It has been reported that OpenBB does not properly check input passed via the 'index.php' script. Because of this, an attacker may be able to inject arbitrary commands to the database in the context of the...
CVE-2002-0536
PHPGroupware 0.9.12 and earlier, when running with the magicquotesgpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack...
flickstitan.txt
I originally sent this message to bugtraq, but they did not post it. Instead they stuck it in their vulnerability database and removed all of my comments and example. So much for full disclosure... Flicks Software just released a product named Titan1. It is described as an application firewall...
CVE-2020-29410
...
CVE-2026-3370
CVE-2026-3370 entry is rejected and not used; this CVE ID does not represent an active vulnerability.