41207 matches found
CMS Openpage - index.php SQL Injection
CMS Openpage - index.php SQL Injection ==================================================== CMS Openpage index.php SQL Injection Vulnerability ==================================================== + Discovered by: Phenom + My id: http://inj3ct0r.com/author/2157 + Original:...
eDisplay Personal FTP Server 1.0.0 - (Authenticated) Multiple Stack Buffer Overflows (1)
eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Stack Buffer Overflows 1 Exploit Title : eDisplay Personal FTP server 1.0.0 Multiple Post-Authentication Stack BOF Type of sploit: Remote Code Execution Bug found by : loneferret march 19, 2010 Reference :...
Kolang 4.3.10 5.3.0 - proc_open() PHP safe_mode Bypass
Kolang 4.3.10 5.3.0 - procopen PHP safemode Bypass // "shellcode loader" : load and execute arbitrary shellcode from a file // Hami...
tincan ltd - section SQL Injection
tincan ltd - section SQL Injection +/=============================================+ + Title : tincan ltd section SQL Injection Vulnerability + site s.p : www.tincan.co.uk + Author : altbta + Email : [email protected] + home : v4-team.com & tryag.cc +=============================================/+...
Autodesk Maya Script - Nodes Arbitrary Command Execution
Autodesk Maya Script - Nodes Arbitrary Command Execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk Maya Script Nodes Arbitrary Command Execution 1. Advisory Information Title: Autodesk Maya Script...
Adobe JRun 4 - logfile (Authenticated) Directory Traversal
Adobe JRun 4 - logfile Authenticated Directory Traversal Digital Security Research Group DSecRG Advisory DSECRG-09-052 Application: Adobe JRun Application Server Versions Affected: 4 updater 7 Vendor URL: http://www.adobe.com/products/jrun/ Bug: Directory Traversal File Read Exploits: YES Reporte...
OpenSSL 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service
OpenSSL 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service / cve-2009-1386.c OpenSSL http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386 OpenSSL would SegFault if the DTLS server receives a ChangeCipherSpec as the first record instead of...
Enomaly ECP Enomalism 2.2.1 - Multiple Local Vulnerabilities
Enomaly ECP Enomalism 2.2.1 - Multiple Local Vulnerabilities Enomaly ECP/Enomalism: Multiple vulnerabilities in enomalism2.sh redux Synopsis All versions of Enomaly ECP/Enomalism1 before 2.2.1 have multiple issues relating to the use of temporary files in an insecure manner. Fixes for...
Barracuda Spam Firewall 3.5.11.020 Model 600 - SQL Injection
Barracuda Spam Firewall 3.5.11.020 Model 600 - SQL Injection CVE Number: CVE-2008-1094 Vulnerability: SQL Injection Risk: Medium Attack vector: From Remote Vulnerability Discovered: 16th June 2008 Vendor Notified: 16th June 2008 Advisory Released: 15th December 2008 Abstract Barracuda Networks Sp...
Microsoft Visual Basic - ActiveX Controls mscomct2.ocx Buffer Overflow (PoC)
Microsoft Visual Basic - ActiveX Controls mscomct2.ocx Buffer Overflow PoC !/usr/bin/perl Microsoft Visual Basic ActiveX Controls mscomct2.ocx Animation Object Buffer Overflow CVE-2008-4255 PoC You'll need Debugging Tools for Windows http://www.microsoft.com/whdc/devtools/debugging/default.mspx /...
PHPstore Wholesale - id SQL Injection
PHPstore Wholesale - id SQL Injection | | | Wholesale track.php id Remote SQL Injection Vulnerability | | | | | Author: Hussin X | | Home : WwW.IQ-ty.CoM | | email: [email protected] | | | | script : http://www.phpstore.info/productinfo.php?cPath=3653&productsid=162 | | DorK :...
zeeproperty 1.0 - Arbitrary File Upload Cross-Site Scripting
zeeproperty 1.0 - Arbitrary File Upload Cross-Site Scripting ZEEPROPERTY v1.0 remote file Upload & XSS author: ZoRLu msn: [email protected] home: www.z0rlu.blogspot.com dork: "Designed & Developed by Zeeways.com" first register to site you add this code your shell to head GIF89a; example...
Adobe Reader - util.printf() JavaScript Function Stack Overflow (2)
Adobe Reader - util.printf JavaScript Function Stack Overflow 2 Adobe Reader Javascript Printf Buffer Overflow Exploit =========================================================== Reference: http://www.coresecurity.com/content/adobe-reader-buffer-overflow CVE-2008-2992 Thanks to coresecurity for t...
Arcadem Pro - articlecat SQL Injection
Arcadem Pro - articlecat SQL Injection || | | Arcadem Pro articlecat Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : WwW.IQ-ty.CoM | WwW.TrYaG.CC | | email: darkangelg85atYahooDoTcom | | | | | | | | script :...
Plogger 3.0 - SQL Injection
Plogger 3.0 - SQL Injection GulfTech Security Research August 05, 2008 Vendor : Mike Johnson URL : http://www.plogger.org/ Version : Plogger addfile$filecontents, $row"path"; The...
phpAuction GPL Enhanced 2.51 - profile.php SQL Injection
phpAuction GPL Enhanced 2.51 - profile.php SQL Injection || | | PHPAuction GPL Enhanced V2.51 profile.php id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | ...
Scripteen Free Image Hosting Script 1.2 - cookie Pass Grabber
Scripteen Free Image Hosting Script 1.2 - cookie Pass Grabber Scripteen Free Image Hosting Script V1.2. cookie Admin Password Grabber Exploit Coded By RMx - Liz0ziM Web:www.biyosecurity.com Dork:"Powered by Scripteen Free Image Hosting Script V1.2" TARGET HOST: Example:www.xxxx.com TARGET PATH:...
OTManager CMS 24a - Local File Inclusion Cross-Site Scripting
OTManager CMS 24a - Local File Inclusion Cross-Site Scripting =========================================================== OTManager CMS LFI/XSS Multiple Remote Vulnerabilities =========================================================== ,--^----------,--------,-----,-------^--, | ||||||||| -------...
QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities
QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/29013/info QT-cute QuickTalk Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may...
Apple Mac OSX xnu 1228.3.13 - IPv6-ipcomp Remote kernel Denial of Service (PoC)
Apple Mac OSX xnu 1228.3.13 - IPv6-ipcomp Remote kernel Denial of Service PoC / xnu-ipv6-ipcomp.c Copyright c 2008 by Apple MACOS X xnu md typo?. md = mpulldownm, off, sizeofipcomp, NULL; if !m - md = mpulldownm, off, sizeofipcomp, NULL; if !md bsd/netinet6/ipcompinput.c curiosly the same bug...
X.Org xorg-server 1.1.1-48.13 - Probe for Files (PoC)
X.Org xorg-server 1.1.1-48.13 - Probe for Files PoC !/bin/sh Xorg file disclosure vulnerability CVE-2007-5958 Lame xploit by vl4dZ : sh-3.1$ whoami uid=1001kecos gid=1001user groups=1001user sh-3.1$ ./Xorg-File-Existence-PoC.sh /root/.ssh/iddsa ... FILE /root/.ssh/iddsa EXIST !! Vulnerable:...
nuBoard 0.5 - ssid SQL Injection
nuBoard 0.5 - ssid SQL Injection Nuboardv0.5 SQL Injection Vulnerability By IRCRASH AUTHOR : IRCRASH Discovered by : Dr.Crash Exploited By : Dr.Crash IRCRASH Team Members : Dr.Crash - Malc0de - R3d.w0rm Script Download : http://switch.dl.sourceforge.net/sourceforge/nuboard/nuboardv0.5.tar.gz SQL...
Vantage Linguistics AnswerWorks 4 - API ActiveX Control Buffer Overflow
Vantage Linguistics AnswerWorks 4 - API ActiveX Control Buffer Overflow Vantage Linguistics AnswerWorks 4 API ActiveX Control Buffer Overflow Exploit function Check var buf = 'A'; while buf.length = 214 buf = buf + 'A'; // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378...
vBulletin Mod RPG Inferno 2.4 - inferno.php SQL Injection
vBulletin Mod RPG Inferno 2.4 - inferno.php SQL Injection --==+================================================================================+==-- --==+ RPG Inferno v2.4 SQL Injection Vulnerability +==-- --==+================================================================================+==--...
Man Command - -H Flag Local Buffer Overflow
Man Command - -H Flag Local Buffer Overflow // source: https://www.securityfocus.com/bid/23355/info The 'man' command is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation. NOTE: Presumably, this...
phpBB MOD Forum picture and META tags 1.7 - Remote File Inclusion
phpBB MOD Forum picture and META tags 1.7 - Remote File Inclusion Exploitname: phpBB Module Forum picture and META tags 1.7 File Include Vulnerability Vendor: http://www.rfnnet.nl/downloads/phpbb/MODForumpictureandMETAtags.zip Founder: bd0rk Contact: bd0rkathackermail.com Greetings: str0ke, TheJT...
Oracle 9i10g - extproc LocalRemote Command Execution
Oracle 9i10g - extproc LocalRemote Command Execution -- -- $Id: raptororaextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororaextproc.sql - command exec via oracle extproc -- Copyright c 2006 Marco Ivaldi -- -- Directory traversal vulnerability in extproc in Oracle 9i and 10g -- allo...
DoceboLms 2.0.5 - help.php Remote File Inclusion
DoceboLms 2.0.5 - help.php Remote File Inclusion Vulnerable Script: Docebo LMS 2.05 Discovered: beford Noobs: %22Based+on+DoceboLMS+2.0%22 Vulnerable Files doceboLMS205/modules/credits/business.php = include$GET'lang'.'/language.php'; doceboLMS205/modules/credits/credits.php =...
PHP-Fusion 6.00.306 - Multiple Vulnerabilities
PHP-Fusion 6.00.306 - Multiple Vulnerabilities !/usr/bin/php -q -d shortopentag=on ? echo "PHPFusion = v6.00.306 avatar modmime arbitrary file upload &\r\n"; echo "local inclusion vulnerabilities\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; if...
MyBloggie 2.1.22.1.3 - trackback_url Cross-Site Scripting
MyBloggie 2.1.22.1.3 - trackbackurl Cross-Site Scripting source: https://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverag...
Microsoft Windows Server 2000 - UPNP getdevicelist Memory Leak Denial of Service
Microsoft Windows Server 2000 - UPNP getdevicelist Memory Leak Denial of Service / Author: Winny Thomas Nevis Labs, Pune, INDIA Details: While working on the exploit for MS05-047 i came across a condition where a specially crafted request to upnpgetdevicelist would cause services.exe to consume...
Microsoft Windows - Color Management Module Overflow (MS05-036) (1)
Microsoft Windows - Color Management Module Overflow MS05-036 1 / Author: snooq http://www.redpuffer.net/snooq/web/ Date: 21 July 2005 When I looked at the PoC posted on bugtraq.... I was basically quite disappointed. The 'PoC' fixed 'tag count' to a large number.. but this code path does not see...
CartWIZ 1.10 - AddToCart.asp SQL Injection
CartWIZ 1.10 - AddToCart.asp SQL Injection source: https://www.securityfocus.com/bid/13330/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. Successful...
Postfix 1.1.x - Denial of Service (2)
Postfix 1.1.x - Denial of Service 2 source: https://www.securityfocus.com/bid/8333/info Debian has reported two vulnerabilities in the Postfix mail transfer agent. The first vulnerability, CAN-2003-0468, can allow for an adversary to "bounce-scan" a private network. It has also been reported that...
Microsoft Windows XP2000NT 4.0 - Network Share Provider SMB Request Buffer Overflow (1)
Microsoft Windows XP2000NT 4.0 - Network Share Provider SMB Request Buffer Overflow 1 // source: https://www.securityfocus.com/bid/5556/info Microsoft Windows operating systems use the Server Message Block SMB protocol to support services such as file and printer sharing. A buffer overflow...
William Deich Super 3.x - SysLog Format String
William Deich Super 3.x - SysLog Format String // source: https://www.securityfocus.com/bid/5367/info super is prone to a format string vulnerability. This problem is due to incorrect use of the syslog function to log error messages. It is possible to corrupt memory by passing format strings...
Half Life - rcon Remote Buffer Overflow
Half Life - rcon Remote Buffer Overflow / SDI HalfLife rcon remote exploit for linux x86 portuguese exploit remoto para o buffer overflow do rcon no halflife Tamandua Sekure Labs Sao Paulo - Porto Alegre, Brazil by Thiago Zaninotti c0nd0r Gustavo Scotti csh Proof of concept - There is a remote...
GUnet OpenEclass E-learning platform 1.7.3 - uname SQL Injection
GUnet OpenEclass E-learning platform 1.7.3 - uname SQL Injection Exploit Title: GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Date: 2019-11-03 Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link:...
HP System Event 1.2.9.0 - HPWMISVC Unquoted Service Path
HP System Event 1.2.9.0 - HPWMISVC Unquoted Service Path Exploit Title: HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-02-14 Vendor Homepage:https://www8.hp.com/mx/es/home.html Software...
Microsoft SharePoint - Deserialization Remote Code Execution
Microsoft SharePoint - Deserialization Remote Code Execution !/usr/bin/env python3 -- coding: utf-8 -- import requests import sys from xml.sax.saxutils import escape from lxml import html import codecs import readline from clint.arguments import Args import signal def serializecommandcmd: total =...
Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions
Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions Exploit Title: Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions Exploit Author: ZwX Exploit Date: 2020-01-12 Vendor Homepage : https://advancedsystemrepair.com/ Software Link:...
ASTPP VoIP 4.0.1 - Remote Code Execution
ASTPP VoIP 4.0.1 - Remote Code Execution Exploit Title: ASTPP VoIP 4.0.1 - Remote Code Execution Date: 2019-11-18 Exploit Author: Fabien AUNAY Vendor Homepage: https://www.astppbilling.org/ Software Link: https://github.com/iNextrix/ASTPP/tree/v4.0.1 Version: 4.0.1 vendor default setup script...
NetworkSleuth 3.0.0.0 - Key Denial of Service (PoC)
NetworkSleuth 3.0.0.0 - Key Denial of Service PoC Exploit Title: NetworkSleuth 3.0.0.0 - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/networksleuthsetup.exe Test...
HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin)
HomeAutomation 3.3.2 - Cross-Site Request Forgery Add Admin Exploit: HomeAutomation 3.3.2 - Cross-Site Request Forgery Add Admin Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on:...
Microsoft Excel 2016 1901 - XML External Entity Injection
Microsoft Excel 2016 1901 - XML External Entity Injection Exploit Title: Microsoft Excel 2016 1901 - XML External Entity Injection Discovery by: hyp3rlinx Date: 2019-12-02 Vendor Homepage: www.microsoft.com Tested Version: 2016 v1901 CVE: N/A + Credits: John Page aka hyp3rlinx + Website:...
Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs
Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs Tested on Ubuntu 19.10, kernel "5.3.0-19-generic 20-Ubuntu". Ubuntu ships a filesystem "shiftfs" in fs/shiftfs.c in the kernel tree that doesn't exist upstream. This filesystem can be mounted from user namespaces, meaning that this i...
nipper-ng 0.11.10 - Remote Buffer Overflow (PoC)
nipper-ng 0.11.10 - Remote Buffer Overflow PoC Exploit Title: nipper-ng 0.11.10 - Remote Buffer Overflow PoC Date: 2019-10-20 Exploit Author: Guy Levin https://blog.vastart.dev Vendor Homepage: https://tools.kali.org/reporting-tools/nipper-ng Software Link:...
QNAP NetBak Replicator 4.5.6.0607 - QVssService Unquoted Service Path
QNAP NetBak Replicator 4.5.6.0607 - QVssService Unquoted Service Path Exploit Title: QNAP NetBak Replicator 4.5.6.0607 - 'QVssService' Unquoted Service Path Discovery Date: 2019-11-05 Exploit Author: Ivan Marmolejo Vendor Homepage: https://www.qnap.com/en/ Software Link:...
NPMJS gitlabhook 0.0.17 - repository Remote Command Execution
NPMJS gitlabhook 0.0.17 - repository Remote Command Execution Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: https://www.npmjs.com/package/gitlabhook Version: 0.0.17 Tested on: Kali Linux 2...
Rifatron Intelligent Digital Security System - animate.cgi Stream Disclosure
Rifatron Intelligent Digital Security System - animate.cgi Stream Disclosure !/bin/bash Rifatron Intelligent Digital Security System animate.cgi Stream Disclosure Vendor: Rifatron Co., Ltd. | SAM MYUNG Co., Ltd. Product web page: http://www.rifatron.com Affected version: 5brid DVR HD6-532/516,...