41207 matches found
Nibbleblog 3 - Multiple SQL Injections
Nibbleblog 3 - Multiple SQL Injections source: https://www.securityfocus.com/bid/48339/info Nibbleblog is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an...
Adobe Flash Player 10.1.53.64 - Action Script Type Confusion (ASLR + DEP Bypass)
Adobe Flash Player 10.1.53.64 - Action Script Type Confusion ASLR + DEP Bypass Source: http://www.abysssec.com/blog/2011/04/exploiting-adobe-flash-player-on-windows-7/ Adobe Flash player Action script type confusion exploit DEP+ASLR bypass advisory text : Here is another reliable windows 7 exploi...
7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities
7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities Sources: http://aluigi.org/adv/igss1-adv.txt http://aluigi.org/adv/igss2-adv.txt http://aluigi.org/adv/igss3-adv.txt http://aluigi.org/adv/igss4-adv.txt http://aluigi.org/adv/igss5-adv.txt http://aluigi.org/adv/igss6-adv.txt...
KingView 6.5.3 SCADA - ActiveX
KingView 6.5.3 SCADA - ActiveX Exploit Title: KingView 6.5.3 SCADA ActiveX Date: March 07 2011 Author: Carlos Mario Penagos Hollmann Software Link: http://download.kingview.com/software/kingview%20English%20Version/kingview6.53EN.rar Version: 6.53 English Tested on: Windows xp sp3 running on VMwa...
Woltlab Burning Board Userlocator 2.5 - SQL Injection
Woltlab Burning Board Userlocator 2.5 - SQL Injection ----------------------------Information------------------------------------------------ +Name : Woltlab Burning Board Userlocator V2.5 Hack = SQL injection Exploit +Autor : Easy Laster +Date : 08.11.2010 +Script : Woltlab Burning Board...
Foxit Reader 4.0 - .pdf Multiple Stack Based Buffer Overflow Jailbreak
Foxit Reader 4.0 - .pdf Multiple Stack Based Buffer Overflow Jailbreak import sys,zlib def getFFShellcodesc: ffsc = '' if lensc%4 != 0: sc += 4-lensc%4'\x00' for i in range0,lensc,4: ffsc += '\xff'+sci+3+sci+2+sci+1+sci return ffsc outputHeader = ''' FreeType Compact Font Format CFF Multiple Stac...
SonicWALL E-Class SSL-VPN - ActiveX Control Format String Overflow
SonicWALL E-Class SSL-VPN - ActiveX Control Format String Overflow -------------------------- NSOADV-2010-005 --------------------------- SonicWALL E-Class SSL-VPN ActiveX Control format string overflow 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 1110110...
ActiTime 2.0-MA - Cross-Site Request Forgery
ActiTime 2.0-MA - Cross-Site Request Forgery |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | |...
Palo Alto Network Vulnerability - Cross-Site Scripting
Palo Alto Network Vulnerability - Cross-Site Scripting Palo Alto Network Vulnerability - Cross-Site Scripting XSS ------------------------------ Class: Cross-Site Scripting XSS Vulnerability CVE: CVE-2010-0475 Remote: Yes Local: Yes Published: May 11, 2010 08:30AM Timeline:Submission to MITRE:...
big.asp - SQL Injection
big.asp - SQL Injection Author : Ra3cH Price : N/A Title : big.asp SQL Injection Vulnerability Site : www.dz4all.com/cc Dork : inurl:enq/big.asp?id= Risk : High Vulnerable script: enq/big.asp?id= SQL-injection ---------------------------------------------------------...
Virata EmWeb R6.0.1 - Remote Crash
Virata EmWeb R6.0.1 - Remote Crash Exploit Title: Virata EmWeb R6.0.1 Remote Crash Vulnerability Date: 06/04/10 Author: Jobert Abma Online 24 Email: j.abmaatonline24dotnl Version: R6.0.1 Tested on: linux CVE : Code : This was written for educational purpose. Use it at your own risk. Author will b...
Easy-Clanpage 2.2 - Multiple SQL Injections
Easy-Clanpage 2.2 - Multiple SQL Injections ----------------------------Information------------------------------------------------ +Name : Easy-Clanpage 2.2 http://www.easy-clanpage.de /?section=downloads&action=viewdl&id=18 +Price : for free +Language : PHP +Discovered by Easy Laster +Security...
Torrent Hoster - Remount Upload
Torrent Hoster - Remount Upload ======================================================================================== | Title : Torrent Hoster Remont Upload Exploit | Author : El-Kahina | Home : www.h4kz.com | | Script : Powered by Torrent Hoster. | Tested on: windows SP2 Franais V.Pnx2 2.0 +...
GOM Player 2.1.21.4846 - .wav Buffer Overflow
GOM Player 2.1.21.4846 - .wav Buffer Overflow !/usr/bin/perl GOM Player 2.1.21.4846 .wav Buffer Overflow Exploit Homepage: http://www.gomlab.com/ Exploit Coded by: cr4wl3r From: Gorontalo - Indonesia WARNING - WARNING - WARNING - WARNING Disclaimer: The author published the information under the...
MobPartner Counter - Arbitrary File Upload
MobPartner Counter - Arbitrary File Upload MobPartner Counter Remote File Upload Vulnerability + Author : wlhaan hacker + Email : [email protected] + Site : www.sa-hacker.com/vb + team wlhaan Hacker + Dork : "MobPartner Counter" "upload files" The exploit : http://localhost/path/upload.php edit she...
Gbook MX 4.1.0 (Arabic Version) - Remote File Inclusion
Gbook MX 4.1.0 Arabic Version - Remote File Inclusion ======================================================================================== | Title : Gbook MX v4.1.0 Arabic Version File inclusion Vulnerability | Author : indoushka | email : [email protected] | Home : Souk Naamane - 04325 -...
ImageVue 2.0 - Remote Admin Login
ImageVue 2.0 - Remote Admin Login Author: Sora Software Link: http://www.imagevuex.com/ Version: 2.0 Tested on: Windows and Linux --------------------------------- / ImageVue 2.0 Remote Admin Login Exploit Created by Sora Contact: vhr95zw at hotmail.com / + Google Dork: "inurl:/admin/" "ImageVue"...
Chance-i DiViS DVR System Web-Server - Directory Traversal
Chance-i DiViS DVR System Web-Server - Directory Traversal Digital Security Research Group DSecRG Advisory DSECRG-09-036 original advisory: http://dsecrg.com/pages/vul/DSECRG-09-036.html Application: Chance-i DiViS DVR System web-server Versions Affected: 2.0 Vendor URL: http://www.chance-i.com/...
Emefa Guestbook 3.0 - Remote Database Disclosure
Emefa Guestbook 3.0 - Remote Database Disclosure Title: Emefa Guestbook V 3.0 Remote Database Disclosure Vulnerability Credit: Cyber.Zer0 E-mail: Cyber.Zer04tHotmaildotcom Download: http://www.emefa.dyndns.org/downloads/ Remote: Yes Dork: "Emefa Guestbook V 3.0" --=Database Disclosure=--...
Barracuda Spam Firewall 3.5.11.020 Model 600 - SQL Injection
Barracuda Spam Firewall 3.5.11.020 Model 600 - SQL Injection CVE Number: CVE-2008-1094 Vulnerability: SQL Injection Risk: Medium Attack vector: From Remote Vulnerability Discovered: 16th June 2008 Vendor Notified: 16th June 2008 Advisory Released: 15th December 2008 Abstract Barracuda Networks Sp...
Joomla! Component mydyngallery 1.4.2 - SQL Injection
Joomla! Component mydyngallery 1.4.2 - SQL Injection Joomla Component mydyngallery AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download :...
Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization (Metasploit)
Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
WebStudio eCatalogue - Blind SQL Injection
WebStudio eCatalogue - Blind SQL Injection WebStudio eCatalogue pageid Blind SQL Injection Vulnerability Author: Hussin X Home : www.IQ-TY.com & www.TrYaG.cc script : http://www.bdigital.biz/index.php?pageid=218 DorK : ""Powered by WebStudio eCatalogue"" Demo :...
deeemm CMS (dmcms) 0.7.4 - Multiple Vulnerabilities
deeemm CMS dmcms 0.7.4 - Multiple Vulnerabilities DeeEmm CMS Sql Injection/Rfi AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : IRCRASH R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr Script Download :...
VideoLAN VLC Media Player 0.8.6d - httpd_FileCallBack Remote Format String
VideoLAN VLC Media Player 0.8.6d - httpdFileCallBack Remote Format String / Epibite // bite since 1442 pown meme ta mamie / / Advisory from Luigi Auriemma CVE-2007-6682 / format string in VideoLAN VLC 0.8.6d Description : Format string vulnerability in the httpdFileCallBack function network/httpd...
@lex Guestbook 4.0.5 - setup.php?language_setup Cross-Site Scripting
@lex Guestbook 4.0.5 - setup.php?languagesetup Cross-Site Scripting source: https://www.securityfocus.com/bid/28519/info @lex Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...
Mambo Component Sermon 0.2 - gid SQL Injection
Mambo Component Sermon 0.2 - gid SQL Injection netadvantist@copyright 2006 SQL Injectioncomnaxxx AUTHOR : S@BUN HOME : http://www.hackturkiye.com DORKS 1 : allinurl:"comnacontent" DORK 2 : allinurl:"comnabible" DORKS 3 : allinurl:"comnaevents" DORKS 4 : allinurl:"comnacontent" DORKS 5 :...
FreeWebShop 2.2.1 - Blind SQL Injection
FreeWebShop 2.2.1 - Blind SQL Injection !/usr/bin/perl Indonesian Newhack Security Advisory ------------------------------------ FreeWebshop version 2.2.1 - Multiple Remote SQL Injection Vulnerabilities Waktu : Dec 16 2007 01:50AM Software : FreeWebshop version 2.2.1 Vendor :...
TotalCalendar 2.402 - view_event.php SQL Injection
TotalCalendar 2.402 - viewevent.php SQL Injection --==+================================================================================+==-- --==+ TotalCalendar 2.402 SQL Injection Vulnerability +==-- --==+================================================================================+==-- AUTHO...
XOOPS module Articles 1.02 - print.php?id SQL Injection
XOOPS module Articles 1.02 - print.php?id SQL Injection !/usr/bin/perl -w Xoops All Version -Articles- Print.PHP ID Blind SQL Injection Exploit And PoC Type : SQL Injection Release Date : 2007-03-26 Product / Vendor : http://support.sirium.net/ Bug :...
@lex Guestbook 4.0.2 - Remote Command Execution
@lex Guestbook 4.0.2 - Remote Command Execution !/usr/bin/php @lex Guestbook ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor | status Trying to get logged in | sploit Done | status...
IMGallery 2.5 - Create Uploader Script
IMGallery 2.5 - Create Uploader Script DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=...
Exhibit Engine 1.5 RC 4 - photo_comment.php File Inclusion
Exhibit Engine 1.5 RC 4 - photocomment.php File Inclusion ' ' EXPLOIT coded by Kacper in Visual Basic ;- ' '::::::::: :::::::::: ::: ::: ::::::::::: ::: ':+: :+: :+: :+: :+: :+: :+: '+:+ +:+ +:+ +:+ +:+ +:+ +:+ '++ +:+ +++:++ ++ +:+ ++ ++ '++ ++ ++ ++ ++ ++ ++ '+ + + +++ + + ' ':::::::::::...
Hosting Controller 6.1 Hotfix 3.1 - Privilege Escalation
Hosting Controller 6.1 Hotfix 3.1 - Privilege Escalation Title: An attacker can gain reseller privileges and after that can gain admin privileges Version: 6.1 Hotfix function siteaction nact= "/hosting/addreseller.asp?htype=3" window.document.all.frm1.action = window.document.all.siteact.value +...
Microsoft Windows - Color Management Module Overflow (MS05-036) (2)
Microsoft Windows - Color Management Module Overflow MS05-036 2 / \ MS05-036 ICC Stack Overflow Exploit / by Darkeagle \ / GreetZ: all unl0ckerz, ed, f0st, uf0, sowhat, str0ke, black, redsand \ / \ special tnx to snooq for his PoC. / \ / xploit was tested on WinXP SP1 RUS with explorer.exe \ /...
Microsoft Windows - Metafile .WMF Arbitrary File Download (Generator)
Microsoft Windows - Metafile .WMF Arbitrary File Download Generator / \ / WMF nDay download Exploit Generator \ by Unl0ck Research Team / \ / greetz: rst/ghc ed, uf0, fost , uKt choix, nekd0, payhash, antq , blacksecurity black , 0x557 kaka, swan, sam, nolife , sowhat, tty64 izik ; This sploit is...
gpsdrive 2.09 (PPC) - friendsd2 Remote Format String
gpsdrive 2.09 PPC - friendsd2 Remote Format String !/usr/bin/perl -w Heh - Code by KF kflistsatdigitalmunitiondotcom - Shellcode by Charles Stevenson http://www.digitalmunition.com FrSIRT 24/24 & 7/7 - Centre de Recherche on Donkey Testicles. Free 14 day Testicle licking trial available! IIIIIIII...
SimpGB 1.0 - Guestbook.php SQL Injection
SimpGB 1.0 - Guestbook.php SQL Injection source: https://www.securityfocus.com/bid/12801/info SimpGB is reportedly affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input passed to the 'guestbook.php' script before using it...
3Com 3CDaemon FTP - Unauthorized USER Remote Buffer Overflow
3Com 3CDaemon FTP - Unauthorized USER Remote Buffer Overflow / Added " on line 86 /str0ke / / 3com 3CDaemon FTP Unauthorized "USER" Remote BOverflow The particularity of this exploit is to exploits a FTP server without the need of any authorization. Homepage: www.3com.com version: 3CDaemon v2.0...
Star Wars Battlefront 1.1 - Fake Players Denial of Service
Star Wars Battlefront 1.1 - Fake Players Denial of Service / Copyright 2004 Luigi Auriemma This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at...
ProFTPd 1.2.9 rc2 - .ASCII File Remote Code Execution (1)
ProFTPd 1.2.9 rc2 - .ASCII File Remote Code Execution 1 / proftpd 1.2.7/1.2.9rc2 remote root exploit by bkbll bkbllcnhonker.net, 2003/10/1 for FTPProFTPDTranslateOverflow found by X-force happy birthday, China. this code is dirty, there are more beautiful exploits of proftpd for this vuln in the...
Microsoft Windows - RPC DCOM Scanner (MS03-039)
Microsoft Windows - RPC DCOM Scanner MS03-039 / dcom2scanner.c scan for second dcom vulnerability MS03-039 by Doke Scott, doke at udel.edu, 10 Sep 2003 based on work by: buildtheb0x presents : dcom/rpc scanner --------------------------------------- by: kid and farp and on packet sniffs of MS's...
Postfix 1.1.x - Denial of Service (2)
Postfix 1.1.x - Denial of Service 2 source: https://www.securityfocus.com/bid/8333/info Debian has reported two vulnerabilities in the Postfix mail transfer agent. The first vulnerability, CAN-2003-0468, can allow for an adversary to "bounce-scan" a private network. It has also been reported that...
Apache 2.x - Memory Leak
Apache 2.x - Memory Leak / apache-massacre.c Test code for Apache 2.x Memory Leak By Matthew Murphy DISCLAIMER: This exploit tool is provided only to test networks for a known vulnerability. Do not use this tool on systems you do not control, and do not use this tool on networks you do not own...
Apache mod_ssl OpenSSL 0.9.6d 0.9.7-beta2 - openssl-too-open.c SSL2 KEY_ARG Overflow
Apache modssl OpenSSL 0.9.6d 0.9.7-beta2 - openssl-too-open.c SSL2 KEYARG Overflow / openssl-too-open.c - OpenSSL remote exploit Spawns a nobody/apache shell on Apache, root on other servers. by Solar Eclipse Thanks to Core, HD Moore, Zillion, Dvorak and Black Berry for their help. This code or a...
Phusion WebServer 1.0 - Directory Traversal (1)
Phusion WebServer 1.0 - Directory Traversal 1 source: https://www.securityfocus.com/bid/4117/info Phusion Webserver is a commercial HTTP server that runs on Microsoft Windows 9x/NT/2000 operating systems. Phusion Webserver is prone to directory traversal attacks. It is possible to break out of...
Microsoft SQL Server 7.02000 Data Engine 1.02000 - xp_displayparamstmt Buffer Overflow
Microsoft SQL Server 7.02000 Data Engine 1.02000 - xpdisplayparamstmt Buffer Overflow // source: https://www.securityfocus.com/bid/2030/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow...
Canna Canna 3.5 b2 - Remote Buffer Overflow
Canna Canna 3.5 b2 - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/1445/info A vulnerability exists in the 'canna' package, as distributed with a number of free operating systems, and available for other systems. Version 3.5b2 is vulnerable. It is assumed versions prior to...
Sun Solaris 7.0 - rpc.ttdbserver Denial of Service
Sun Solaris 7.0 - rpc.ttdbserver Denial of Service // source: https://www.securityfocus.com/bid/811/info It is possible to crash rpc.ttdbserver by using the old tddbserver buffer overflow exploit. This problem is caused by a NULL pointer being dereferenced when rpc function 15 is called with...
Trend Micro Interscan VirusWall 3.2.33.3 - HELO Remote Buffer Overflow (2)
Trend Micro Interscan VirusWall 3.2.33.3 - HELO Remote Buffer Overflow 2 source: https://www.securityfocus.com/bid/787/info There is a buffer overflow in the HELO command of the smtp gateway which ships as part of the VirusWall product. This buffer overflow could be used to launch arbitrary code ...