[ECHO_ADV_96$2008] HiveMaker Professional <= 1.0.2 (cid) Sql Injection Vulnerability

ECHOADV96$2008 ----------------------------------------------------------------------------------------- ECHOADV96$2008 HiveMaker Professional = 1.0.2 cid Sql Injection Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran...

Security policy new angle: a closer look at local permissions of the contention-vulnerability warning-the black bar safety net

We know that the Administrators in order to ensure that the terminal computer security, will be the bulk of the terminal to be limiting, and some even only open 8 0 port, simple web browsing, which need for some special operation or installation of the software needs friends, because you do not...

MiniBB 2.2 - Cross-Site Scripting SQL Injection Full Path Disclosure

MiniBB 2.2 - Cross-Site Scripting SQL Injection Full Path Disclosure Author: GiReX Homepage: girex.altervista.org Date: 21/04/2008 CMS: miniBB 2.2 and maybe prior Site: minibb.net Bug 1: Full Path Disclosure Bug 2: Cross Site Scripting Bug 3: Remote SQL Injection Need: registerglobals = On...

PostNuke Module PostSchedule 1.0 - eid SQL Injection

PostNuke Module PostSchedule 1.0 - eid SQL Injection Vuln: Postnuke Mod PostSchedule SQL Vuln Author: Vuln search Kacper kacper1964atyahoo.pl google:"PostSchedule ver 1" Vuln:...

Blog PixelMotion - 'modif_config.php' Arbitrary File Upload

------------------------------------------------------------------------- -- JIKI Team JIKO + KIl1er --- ------------------------------------------------------------------------- Author : jiko jiki team email : [email protected] Home : www.no-back.org Script : Blog PixelMotion Bug : Remote File...

RunCMS Module bamagalerie3 Remote SQL Injection Vulnerability

No description provided by source. RUNCMS 1.1A : bamagalerie3 Module Remote SQL Injection's cid Script Page : http://runcms.org/ ---------------------------------------------------------- AUTHOR : DreamTurk Exploit coded and founded by DreamTurk : [email protected]...

CenterIM <= 4.22.3 Remote Command Execution Vulnerability:

Application: CenterIM http://www.centerim.org/index.php/MainPage Versions: centerim = 4.22.3 OS: Linux Bug: Execution of shell commands Exploit: remote Date: 15 March 2008 Author: Brian Fonfara w00 eMail: [email protected] Web: newb.kicks-ass.net 1 Bug 2 Exploit ======= 1 Bug ======= Received...

MiniWebsvr 0.0.9a - Remote Directory Traversal

MiniWebsvr 0.0.9a - Remote Directory Traversal import socket import sys print '---------------------------------------------------------' print 'MiniWebSvr 0.0.9a Directory Transversal Vulnerability' print 'Project URL: http://miniwebsvr.sourceforge.net/' print 'Author: gbr' print 'Tested on...

phpuserbase-lfi.txt

Author : BeyazKurt - [email protected] Script : php User Base 1.3b Risk : Local File Include Download : http://sourceforge.net/project/showfiles.php?groupid=200632 File : include/unverified.inc.php Code : Exploit : Vuln.Com/include/unverified.inc.php?template=CODE ----------------------------...

phpnukeokul-sql.txt

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-= PHP-NUKE Modules Okul v1.0 Remote SQL Injection =-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-= Found: xoron contact: [email protected] only e-mail...

Journalness <= 4.1 (last_module) Remote Code Execution exploit

No description provided by source. !/usr/bin/perl Vendor url: journalness.sourceforge.net note: exploit requires Registerglobals = On in php.ini Iron http://www.randombase.com require LWP::UserAgent; print " Journalness = 4.1 Remote Code Execution exploit By Iron - randombase.com Greets to everyo...

allclub-sql.txt

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- All Club CMS No go on the hack attempt."; // log attempt, from IP, etc. if $SYSSET'banattackip' // ban ip if banattackip die; $sth = $dbh-prepare"SELECT FROM accmsmodules WHERE name='$name'"; ... Stripslashes function only...

XZeroScripts XZero Community Classifieds 本地文件包含漏洞

BUGTRAQ ID: 27041 CNCAN ID:CNCAN-2007122808 XZeroScripts XZero Community Classifieds是一款基于PHP的WEB应用程序。 XZeroScripts XZero Community Classifieds不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是由于脚本对用户提交的WEB参数缺少过滤，提交包含多个\"../\"字符作为参数数据，可绕过WEB ROOT限制，以WEB权限查看系统文件内容。 XZeroScripts XZero Community...

Cisco Phone 7940 - Remote Denial of Service

!/usr/bin/perl Vulnerabily discovered using KiF Kiph Authors: Humberto J. Abdelnur Ph.D Student Radu State Ph.D Olivier Festor Ph.D Madynes Team, LORIA - INRIA Lorraine http://madynes.loria.fr use IO::Socket::INET; use String::Random; die "Usage $0 " unless $ARGV3; $targetUser = $ARGV1; $targetIP...

eurologon-disclose.txt

--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Eurologon...

Microsoft Jet Engine MDB File Parsing Stack Overflow PoC

No description provided by source. Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability by cocoruderfrankruderathotmail.com http://ruder.cdut.net Summary: A remote code execute vulnerability exists in Microsoft Jet...

CONTENTCustomizer 3.1 - Dialog.php Unauthorized Access

CONTENTCustomizer 3.1 - Dialog.php Unauthorized Access source: https://www.securityfocus.com/bid/26437/info CONTENTCustomizer is prone to an unauthorized access vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker could exploit this issue to delete...

Quick and Dirty Blog (qdblog) 0.4 - categories.php Local File Inclusion

Quick and Dirty Blog qdblog 0.4 - categories.php Local File Inclusion Quick and Dirty Blog 0.4 categories.php Local File Inclusion Vulnerability http://heanet.dl.sourceforge.net/sourceforge/qdblog/qdblog-0.4.tar.bz2 POC: /categories.php?theme=../../../../../../../../../etc/passwd%00 milw0rm.com...

phpFaber URLInn 2.0.5 - 'dir_ws' Remote File Inclusion

/ \ @ /|\ /|\ |-| / | \ /|/\ / | \ @ | |--------------------/--|-voV---|'/--Vov-|-----------------------|-| |-| '^ o o '^ | | | | \Y/' |-| |-| | | | | -=ShAd0w-CrEw=- |-| |-| | | | | |-| ||| | @ l /\ / \ /\ l |-| l / V \ \ V \ l @ l/ \I \ /' ---------------------------------------------- GrEeTs...

PHPbasic basicFramework 1.0 - Includes.php Remote File Inclusion

PHPbasic basicFramework 1.0 - Includes.php Remote File Inclusion source: https://www.securityfocus.com/bid/26194/info basicFramework is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to...