In-portal 5.0.3 Remote Arbitrary File Upload Exploit

Exploit for php platform in category web applications ==================================================== In-portal 5.0.3 Remote Arbitrary File Upload Exploit ==================================================== Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

MicroWorld eScan Antivirus Remote Root Command Execution

!/usr/bin/env python import sys from socket import auther: Mohammed almutairi [email protected] """ MicroWorld eScan Antivirus 1 if $POST'forgot' == "Send Password" $user = $POST"uname"; 2 insecure: vulnerable code in forgotpassword.php and commonfunctions.php in 1 $runasroot =...

PhpMyLogon 2 SQL Injection

Exploit Title: PhpMyLogon SQL Injection Date: March 14, 2010 Author: Blake Software Link: http://sourceforge.net/projects/phpmylogon/files/PhpMyLogon/PhpMyLogon%202/phpmylogon2.zip/download Version: 2 Tested on: Windows XP SP3 Proof of Concept: Enter the following for the username to login as the...

ShortCMS 1.2.0 SQL Injection

Informatique inside ShortCMS : SQL injection Version : 1.2.0 Last Version of 11/02/2010 and ALL version. Author : Thibow Contact : Thibow4tlinformatique-insidedotcom Location : France Website : http://www.informatique-inside.com Solution : Secure your parameters in printView page of News . : :::I...

ShortCMS 1.2.0 - SQL Injection

ShortCMS 1.2.0 - SQL Injection Informatique inside ShortCMS : SQL injection Version : 1.2.0 Last Version of 11/02/2010 and ALL version. Author : Thibow Contact : Thibow4tlinformatique-insidedotcom Location : France Website : http://www.informatique-inside.com Solution : Secure your parameters in...

Wireshark LWRES Dissector getaddrsbyname_request Buffer Overflow

$Id: wiresharklwresgetaddrbyname.rb 8367 2010-02-04 04:56:18Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Wireshark LWRES Dissector getaddrsbyname_request Buffer Overflow

The LWRES dissector in Wireshark version 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allows remote attackers to execute arbitrary code due to a stack-based buffer overflow. This bug found and reported by babi. This particular exploit targets the dissectgetaddrsbynamerequest function. Several...

PHP Open Chat 3.0.2 Cross Site Scripting

PHPOPENCHAT 3.0.2 Xss AND/OR Full Path Disclosure 1.- Preview This web APP is Vulnerable to xss in its instalation file but you can misconfigurate all the code with this bug also, you must see to understand... 2.- Vulnerable Code function databasesetup if isset$POST'formdata' $host = string...

PHPOPENCHAT 3.0.2 - Cross-Site Scripting AND/OR FPD

The PoC: 1.- Preview This web APP is Vulnerable to xss in its instalation file but you can misconfigurate all the code with this bug also, you must see to understand... 2.- Vulnerable Code function databasesetup if isset$POST'formdata' $host = string $POST'DATABASEHOST'; $user = string...

PHPOPENCHAT 3.0.2 Cross Site Scripting AND/OR FPD

No description provided by source. The PoC: 1.- Preview This web APP is Vulnerable to xss in its instalation file but you can misconfigurate all the code with this bug also, you must see to understand... 2.- Vulnerable Code function databasesetup if isset$POST'formdata' $host = string...

phpCollegeExchange 0.1.5c Multiple SQL Injection Vulnerabilities

phpCollegeExchange 0.1.5c Multiple SQL Injection Vulnerabilities Name phpCollegeExchange Vendor http://phpcollegeex.sourceforge.net Versions Affected 0.1.5c Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2009-12-11 X...

Digital Scribe 1.4.1 Multiple SQL Injection Vulnerabilities

No description provided by source. Name Digital Scribe Vendor http://www.digital-scribe.org Versions Affected 1.4.1 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2009-12-11 X. INDEX I. ABOUT THE APPLICATION II...

phpCollegeExchange 0.1.5c - Multiple SQL Injections

phpCollegeExchange 0.1.5c - Multiple SQL Injections phpCollegeExchange 0.1.5c Multiple SQL Injection Vulnerabilities Name phpCollegeExchange Vendor http://phpcollegeex.sourceforge.net Versions Affected 0.1.5c Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact...

phpLDAPadmin - Local File Inclusion

PHPLDAPADMIN LOCAL FILE INCLUSION author : ipsecs website : http://ipsecs.com Date : December, 10th, 2009 -i- Description "Phpldapadmin is web based LDAP client which provides easy, anywhere-accessible, multi-language administration for LDAP server." http://phpldapadmin.sourceforge.net vulnerable...

phpldapadmin Local File Inclusion

No description provided by source. PHPLDAPADMIN LOCAL FILE INCLUSION author : ipsecs website : http://ipsecs.com Date : December, 10th, 2009 -i- Description "Phpldapadmin is web based LDAP client which provides easy, anywhere-accessible, multi-language administration for LDAP server."...

Shoutbox 1.0 Cross Site Scripting

Vulnerable Code in index.php : : Shoutbox 1.0 HTML / Xss inejction exploit AuTh0r : SKuLL-HacKeR H0ME : Sec-Best & SaudiHack & S3curity-Art Email : [email protected] Vendor: http://www.plohni.com exploit: site.com/Shoutbox/index.php in the select your name and your text put this code '"alert'XSS skh'...

Shoutbox 1.0 - HTML / Cross-Site Scripting Injection

Vulnerable Code in index.php : : Shoutbox 1.0 HTML / Xss inejction exploit AuTh0r : SKuLL-HacKeR H0ME : Sec-Best & SaudiHack & S3curity-Art Email : [email protected] Vendor: http://www.plohni.com exploit: site.com/Shoutbox/index.php in the select your name and your text put this code '"alert'XSS skh'...

Shoutbox 1.0 HTML / Xss Injection

No description provided by source. Vulnerable Code in index.php : pstrong?php echo $names$i; ?:/strong ?php echo $shouts$i; ?/p Shoutbox 1.0 HTML / Xss inejction exploit AuTh0r : SKuLL-HacKeR H0ME : Sec-Best & SaudiHack & S3curity-Art Email : [email protected] Vendor: http://www.plohni.com exploit:...

Endonesia 8.4 CMS Local File Inclusion

Endonesia 8.4 CMS Site: http://www.endonesia.org/ Download: http://sourceforge.net/projects/endonesia Bug: Local File Inclusion in mod.php file ! Author: s4r4d0 Mail: [email protected] Team: Fatal Error Poc:http://www.site.com/mod.php?mod=/../../../../../../proc/self/environ%00...

eNdonesia CMS 8.4 - Local File Inclusion

eNdonesia CMS 8.4 - Local File Inclusion Endonesia 8.4 CMS Site: http://www.endonesia.org/ Download: http://sourceforge.net/projects/endonesia Bug: Local File Inclusion in mod.php file ! Author: s4r4d0 Mail: [email protected] Team: Fatal Error...