vBulletin 3.7.3 - Visitor Message CSRF + Worm Exploit

No description provided by source. / ----------------------------- Author = Mx Title = vBulletin 3.7.3 Visitor Messages XSS/XSRF + worm Software = vBulletin Addon = Visitor Messages Version = 3.7.3 Attack = XSS/XSRF - Description = A critical vulnerability exists in the new vBulletin 3.7.3 softwa...

phpBB highlight Arbitrary File Upload (Santy.A)

No description provided by source. Santy.A - phpBB = 2.0.10 Web Worm Source Code Proof of Concept -SECU For educational purpose See : http://isc.sans.org/diary.php?date=2004-12-21 http://www.f-secure.com/v-descs/santya.shtml !/usr/bin/perl use strict; use Socket; sub PayLoad; sub DoDir$; sub DoFi...

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution (2)

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution 2 // source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request...

Microsoft IIS 3.0/4.0/5.0 - PWS Escaped Characters Decoding Command Execution (4)

// source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, it automatically performs two actions before completing the request: 1. IIS...