Lucene search
+L

1063 matches found

packetstorm
packetstorm
added 2009/09/24 12:0 a.m.32 views

html2ps 1.0 beta5 File Disclosure

!/usr/bin/env python html2ps the "include file" ssi directive doesn't check for directory traversal so you can include and disclose any file in the dir tree very handy when html2ps is running as a part of a web app with data that you control the vuln requires that "ssi" in the @html2ps block in t...

7.4AI score
Exploits0
threatpost
threatpost
added 2009/05/19 6:38 p.m.7 views

Jeremiah Grossman on Web App Security, Secure Development and When Web Security Will Improve

Dennis Fisher talks with Jeremiah Grossman, CTO and founder of WhiteHat Security, about the company’s new Website Vulnerability Statistics report, why SQL injection is still such a problem and when Web application security may improve. Download Subscribe to the Digital Underground podcast on...

0.3AI score
Exploits0References4
threatpost
threatpost
added 2009/04/29 6:37 p.m.12 views

Five 'must-secure' Web app vulnerabilities

Security holes in the Apache Geronimo Application Server and SAP cFolders headline a list of five serious Web app vulnerabilities that demand immediate attention. According to Mark Painter from the HP Security Laboratory, the Geronimo flaws expose users to a variety of attack vectors that could...

2.8AI score
Exploits0References3
seebug
seebug
added 2009/03/31 12:0 a.m.20 views

X-Forum 0.6.2 Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl Web App: X-Forum 0.6.2 Link : http://freefr.dl.sourceforge.net/sourceforge/x-forum/xforum-0.6.2.tar.gz Bug : Auth Bypass via Cookie Handling : There are also other SQL Injections Remote Command Execution Exploit Credits to Giovanni Buzzin,...

7.1AI score
Exploits0
seebug
seebug
added 2009/03/24 12:0 a.m.20 views

Syzygy CMS 0.3 LFI/SQL Command Injection Exploit

No description provided by source. !/usr/bin/perl Web App : Syzygy CMS 0.3 Link : http://sourceforge.net/project/downloading.php?groupid=103298&usemirror=heanet&filename=syzygycms-0.3.tar.gz&a=89932245 Remote Command Execution Exploit : Case 1: If LFI works, exploitation via Shell Injection + LFI...

7.1AI score
Exploits0
exploitdb
exploitdb
added 2009/03/23 12:0 a.m.27 views

Syzygy CMS 0.3 - Local File Inclusion / SQL Injection

!/usr/bin/perl Web App : Syzygy CMS 0.3 Link : http://sourceforge.net/project/downloading.php?groupid=103298&usemirror=heanet&filename=syzygycms-0.3.tar.gz&a=89932245 Remote Command Execution Exploit : Case 1: If LFI works, exploitation via Shell Injection + LFI Case 2: Unless, exploitation via S...

7.4AI score
Exploits0
zdt
zdt
added 2009/03/23 12:0 a.m.42 views

Syzygy CMS 0.3 LFI/SQL Command Injection Exploit

Exploit for unknown platform in category web applications ================================================ Syzygy CMS 0.3 LFI/SQL Command Injection Exploit ================================================ !/usr/bin/perl Web App : Syzygy CMS 0.3 Link :...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2009/03/19 12:0 a.m.20 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score
Exploits0References4Affected Software4
myhack58
myhack58
added 2009/03/16 12:0 a.m.65 views

phpinfo cross-site scripting vulnerability-vulnerability warning-the black bar safety net

Vulnerability description: php is a widely used programming language, can be nested in the html with a to do web app development. phpinfois used to display the current php environment is a function of many site and program will phpinfo on your own site or on a program, but phpinfo in the presence...

6.3AI score
Exploits0
myhack58
myhack58
added 2008/06/08 12:0 a.m.23 views

Talking about the Web App secondary vulnerability-vulnerability warning-the black bar safety net

On the assumption that design does not exist on the problems that people solve an application problem does not exist, and the use of language, and other peripheral component is a secure case, the program of the vulnerability on most of is due to in the implementation process, the programmer for t...

7.6AI score
Exploits0
packetstorm
packetstorm
added 2008/03/26 12:0 a.m.35 views

pjirc-lfi.txt

/ PJIRC mod phpBB Local File Include Discrovered by: 0in from DaRk-CodeRs Programming & Security Group! Contact: 0indotemailatgmaildotcom Description: This is a simply irc applet to phpbb. Download: http://www.hotscripts.pl/produkt-1998.html HTTP://Dark-Coders.4rh.eu Greetz to: All DaRk-CodeRs Te...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2008/03/23 12:0 a.m.72 views

hacking the mitsubishi GB-50A

Hi All, Well, it's been over 4 months since my plea for a security contact at Mitsubishi Electric to come forward. Since no one has, I thought I'd release a POC for hacking one. It's not exactly hard, the web controller uses a nasty set of Java applets to interact with itself. The shocking thing ...

7AI score
Exploits0
jvn
jvn
added 2008/02/07 12:0 a.m.15 views

JVN#38893575 PC2M cross-site scripting vulnerability

PC2M is an open source web application which converts web pages and images to be available on web-capable mobile devices such as cellphones and PDAs. PC2M contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the...

6.7AI score
Exploits0
seebug
seebug
added 2007/11/20 12:0 a.m.28 views

Cacti SQL注入漏洞

Cacti是一款基于PHP的WEB应用程序。 Cacti不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息或操作数据库。 问题是由于脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或可能操作数据库。 Planet Technology WSW-2401 0.8.6 h Planet Technology WSW-2401 0.8.6 g Cacti Cacti 0.8.7 Cacti Cacti 0.8.6 fCacti Cacti 0.8.6 c Cacti Cacti 0.8.5 aCact...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/10/24 12:0 a.m.29 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score
Exploits0References7
securityvulns
securityvulns
added 2007/05/03 12:0 a.m.32 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score
Exploits0References11Affected Software7
securityvulns
securityvulns
added 2007/03/10 12:0 a.m.63 views

[ECHO_ADV_68$2007] PMB Services <= 3.0.13 Multiple Remote File Inclusion Vulnerability

/ / | | / // / | | Y / | / / /| / / / / / / .OR.ID ECHOADV68$2007 ----------------------------------------------------------------------------------------- ECHOADV68$2007 PMB Services = 3.0.13 Multiple Remote File Inclusion Vulnerability...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2007/03/09 12:0 a.m.57 views

PMB Services 3.0.13 - Multiple Remote File Inclusions

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV68$2007 ----------------------------------------------------------------------------------------- ECHOADV68$2007 PMB Services = 3.0.13 Multiple Remote File Inclusion Vulnerability...

7.4AI score
Exploits0
zdt
zdt
added 2007/03/09 12:0 a.m.36 views

PMB Services <= 3.0.13 Multiple Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications =================================================================== PMB Services = 3.0.13 Multiple Remote File Inclusion Vulnerability =================================================================== \ /\ \ / | \ \ | / \ // / | \ | \...

7.1AI score
Exploits0
attackerkb
attackerkb
added 2007/03/02 9:18 p.m.3 views

CVE-2007-1183

WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors...

7.5CVSS5.5AI score0.01402EPSS
Exploits0References6
Rows per page
Query Builder