1063 matches found
html2ps 1.0 beta5 File Disclosure
!/usr/bin/env python html2ps the "include file" ssi directive doesn't check for directory traversal so you can include and disclose any file in the dir tree very handy when html2ps is running as a part of a web app with data that you control the vuln requires that "ssi" in the @html2ps block in t...
Jeremiah Grossman on Web App Security, Secure Development and When Web Security Will Improve
Dennis Fisher talks with Jeremiah Grossman, CTO and founder of WhiteHat Security, about the company’s new Website Vulnerability Statistics report, why SQL injection is still such a problem and when Web application security may improve. Download Subscribe to the Digital Underground podcast on...
Five 'must-secure' Web app vulnerabilities
Security holes in the Apache Geronimo Application Server and SAP cFolders headline a list of five serious Web app vulnerabilities that demand immediate attention. According to Mark Painter from the HP Security Laboratory, the Geronimo flaws expose users to a variety of attack vectors that could...
X-Forum 0.6.2 Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl Web App: X-Forum 0.6.2 Link : http://freefr.dl.sourceforge.net/sourceforge/x-forum/xforum-0.6.2.tar.gz Bug : Auth Bypass via Cookie Handling : There are also other SQL Injections Remote Command Execution Exploit Credits to Giovanni Buzzin,...
Syzygy CMS 0.3 LFI/SQL Command Injection Exploit
No description provided by source. !/usr/bin/perl Web App : Syzygy CMS 0.3 Link : http://sourceforge.net/project/downloading.php?groupid=103298&usemirror=heanet&filename=syzygycms-0.3.tar.gz&a=89932245 Remote Command Execution Exploit : Case 1: If LFI works, exploitation via Shell Injection + LFI...
Syzygy CMS 0.3 - Local File Inclusion / SQL Injection
!/usr/bin/perl Web App : Syzygy CMS 0.3 Link : http://sourceforge.net/project/downloading.php?groupid=103298&usemirror=heanet&filename=syzygycms-0.3.tar.gz&a=89932245 Remote Command Execution Exploit : Case 1: If LFI works, exploitation via Shell Injection + LFI Case 2: Unless, exploitation via S...
Syzygy CMS 0.3 LFI/SQL Command Injection Exploit
Exploit for unknown platform in category web applications ================================================ Syzygy CMS 0.3 LFI/SQL Command Injection Exploit ================================================ !/usr/bin/perl Web App : Syzygy CMS 0.3 Link :...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
phpinfo cross-site scripting vulnerability-vulnerability warning-the black bar safety net
Vulnerability description: php is a widely used programming language, can be nested in the html with a to do web app development. phpinfois used to display the current php environment is a function of many site and program will phpinfo on your own site or on a program, but phpinfo in the presence...
Talking about the Web App secondary vulnerability-vulnerability warning-the black bar safety net
On the assumption that design does not exist on the problems that people solve an application problem does not exist, and the use of language, and other peripheral component is a secure case, the program of the vulnerability on most of is due to in the implementation process, the programmer for t...
pjirc-lfi.txt
/ PJIRC mod phpBB Local File Include Discrovered by: 0in from DaRk-CodeRs Programming & Security Group! Contact: 0indotemailatgmaildotcom Description: This is a simply irc applet to phpbb. Download: http://www.hotscripts.pl/produkt-1998.html HTTP://Dark-Coders.4rh.eu Greetz to: All DaRk-CodeRs Te...
hacking the mitsubishi GB-50A
Hi All, Well, it's been over 4 months since my plea for a security contact at Mitsubishi Electric to come forward. Since no one has, I thought I'd release a POC for hacking one. It's not exactly hard, the web controller uses a nasty set of Java applets to interact with itself. The shocking thing ...
JVN#38893575 PC2M cross-site scripting vulnerability
PC2M is an open source web application which converts web pages and images to be available on web-capable mobile devices such as cellphones and PDAs. PC2M contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the...
Cacti SQL注入漏洞
Cacti是一款基于PHP的WEB应用程序。 Cacti不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息或操作数据库。 问题是由于脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或可能操作数据库。 Planet Technology WSW-2401 0.8.6 h Planet Technology WSW-2401 0.8.6 g Cacti Cacti 0.8.7 Cacti Cacti 0.8.6 fCacti Cacti 0.8.6 c Cacti Cacti 0.8.5 aCact...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[ECHO_ADV_68$2007] PMB Services <= 3.0.13 Multiple Remote File Inclusion Vulnerability
/ / | | / // / | | Y / | / / /| / / / / / / .OR.ID ECHOADV68$2007 ----------------------------------------------------------------------------------------- ECHOADV68$2007 PMB Services = 3.0.13 Multiple Remote File Inclusion Vulnerability...
PMB Services 3.0.13 - Multiple Remote File Inclusions
\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV68$2007 ----------------------------------------------------------------------------------------- ECHOADV68$2007 PMB Services = 3.0.13 Multiple Remote File Inclusion Vulnerability...
PMB Services <= 3.0.13 Multiple Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications =================================================================== PMB Services = 3.0.13 Multiple Remote File Inclusion Vulnerability =================================================================== \ /\ \ / | \ \ | / \ // / | \ | \...
CVE-2007-1183
WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors...