Open ConferenceJournalHarvester Systems 2.3.x - Multiple Remote Code Execution Vulnerabilities

Open ConferenceJournalHarvester Systems 2.3.x - Multiple Remote Code Execution Vulnerabilities !/usr/bin/python Open Conference/Journal/Harvester Systems = 2.3.X multiple remote code execution vulnerabilities vendor: Public Knowledge Project pkp -http://pkp.sfu.ca/ software link:...

Oracle DataDirect ODBC Drivers - HOST Attribute arsqls24.dll Stack Buffer Overflow (PoC)

Oracle DataDirect ODBC Drivers - HOST Attribute arsqls24.dll Stack Buffer Overflow PoC g 208.152c: Access violation - code c0000005 first chance First chance exceptions are reported before any exception ha...

Sagem Router Fast 330434643504 - Telnet Authentication Bypass

Sagem Router Fast 330434643504 - Telnet Authentication Bypass !/home/bin/python Remote Exploit: SAGEM ROUTER FAST 3304/3464/3504 - Telnet Authentication bypass Date: 15-August-2011 Author: Elouafiq Ali Version: 3304-V1 / 3304-V2 / 3464 / 3504 Tested on: Linux Ubuntu 11.04, Linux Backtrack 5 Teste...

HP Network Automation 9.10 - SQL Injection

HP Network Automation 9.10 - SQL Injection source: https://www.securityfocus.com/bid/48924/info HP Network Automation is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow...

Adobe Reader X 10.0.0 10.0.1 - Atom Type Confusion

Adobe Reader X 10.0.0 10.0.1 - Atom Type Confusion Exploit Title: Adobe Reader X Atom Type Confusion Vulnerability Exploit Date: 7/3/2011 Author: Snake Shahriyar.j gmail Version: Adobe Reader X It work reliably on IE9/FF4 and other browsers. The Arashi : http://abysssec.com/files/TheArashi.pdf...

Black Ice Cover Page SDK - Insecure Method DownloadImageFileURL() (Metasploit)

Black Ice Cover Page SDK - Insecure Method DownloadImageFileURL Metasploit Blackice Cover Page SDK insecure method DownloadImageFileURL exploit arg1="http://www.google.com/robots.txt" arg2="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\robots.txt" target.DownloadImageFileURL arg...

WordPress Plugin PHP Speedy 0.5.2 - admin_container.php Remote Code Execution

WordPress Plugin PHP Speedy 0.5.2 - admincontainer.php Remote Code Execution -d OPTIONS host: target s...

Camtron CMNC-200 IP Camera - Undocumented Default Accounts

Camtron CMNC-200 IP Camera - Undocumented Default Accounts Finding 4: Undocumented Default Accounts CVE: CVE-2010-4233 The CMNC-200 IP Camera has undocumented default accounts on its Linux operating system. These accounts can be used to login via the cameras telnet interface, which cannot be...

SmarterMail 7.2.3925 - Persistent Cross-Site Scripting

SmarterMail 7.2.3925 - Persistent Cross-Site Scripting Source URL http://cloudscan.blogspot.com/2010/10/vendor-smartertoolscom-smartermail-7x.html Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home :...

Zendesk - Multiple Vulnerabilities

Zendesk - Multiple Vulnerabilities /¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯\ :Zendesk Multiple Vulnerabilities : / /Discovered By: \ |Luis Santana | / Overview ¯¯¯¯¯¯¯¯¯¯ Luis Santana of the HackTalk Security team has found multiple vulnerabilities in Zendesk. Product Information ¯¯¯¯¯¯¯¯¯¯...

Struts2XWork 2.2.0 - Remote Command Execution

Struts2XWork 2.2.0 - Remote Command Execution Friday, July 9, 2010 CVE-2010-1870: Struts2/XWork remote command execution Update Tue Jul 13 2010: Added proof of concept Apache Struts team has announced uploaded but has not released, due to an unreasonably prolonged voting process, the 2.2.0 releas...

Esoftpro Online Photo Pro 2 - Multiple Vulnerabilities

Esoftpro Online Photo Pro 2 - Multiple Vulnerabilities Exploit Title: Esoftpro Online Photo Pro Multiple Vulnerability Vendor url:http://www.esoftpro.com/ Version:2 Author: L0rd CrusAd3r aka VSN [email protected] Published: 2010-07-4 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201,...

Joomla! Component Phoca Gallery 2.7.3 - SQL Injection

Joomla! Component Phoca Gallery 2.7.3 - SQL Injection --------------------------------------------------------------------------- Founded by RoAdKiLlEr Team: Albanian Hacking Crew Contact: RoAdKiLlEratKhg-CrewdotWs Home: http://a-h-crew.net Download...

Asset Manager - Arbitrary File Upload

Asset Manager - Arbitrary File Upload Asset Manager Remote File upload Vulnerability Prodcut: Asset Manager Home : N/A Vunlerability : Remote File upload Risk : High Dork : inurl:Editor/assetmanager/assetmanager.asp Discovred by: Ra3cH From : Algeria Contact : [email protected] Exploit:...

3Com* iMC (Intelligent Management Center) - Cross-Site Scripting Information Disclosure Flaws

3Com iMC Intelligent Management Center - Cross-Site Scripting Information Disclosure Flaws PR10-02: Various XSS and information disclosure flaws within 3Com iMC Intelligent Management Center On the 12th April 2010 Hewlett Packard completed its acquisition of 3Com Vulnerability found: 29th January...

Fiomental Coolsis Backoffice - Multiple Vulnerabilities

Fiomental Coolsis Backoffice - Multiple Vulnerabilities | \ | | | | | |/ / | | | | | // \ \ / / | | | | | | |/ | ' \ | |\ \ /\ V / | | || | || | | | | | | \| / /||,|||/|| || | | | || | | | | |/' || || | | |/ / | ' \ | /| |\ | | | / | | | | | | | \ |/ /./ / /|,|| || || / / DEFACEMENT...

Webthaiapp - detail.php?cat Blind SQL Injection

Webthaiapp - detail.php?cat Blind SQL Injection --==+==================================================+==-- --==+ Webthaiapp detail.phpcat Blind Sql injection Vulnerability +==-- --==+==================================================+==-- Date : 30-04-2010...

AJ Shopping Cart 1.0 (maincatid) - SQL Injection

AJ Shopping Cart 1.0 maincatid - SQL Injection / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID...

Joomla! Component mv_restaurantmenumanager - SQL Injection

Joomla! Component mvrestaurantmenumanager - SQL Injection ========================================================= Joomla component mvrestaurantmenumanager SQL injection Vulnerability ========================================================= Exploit Title : joomla component mvrestaurantmenumanag...

Liquid XML Studio 2010 8.061970 - LtXmlComHelp8.dll OpenFile() Remote Overflow

Liquid XML Studio 2010 8.061970 - LtXmlComHelp8.dll OpenFile Remote Overflow !-- |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | |...

DA Mailing List System 2 - Multiple Vulnerabilities

DA Mailing List System 2 - Multiple Vulnerabilities DA Mailing List System V2 Remote Admin Login Exploit Author : Phenom Dork: DA Mailing List System V2 Powered by DigitalArakan.Net Version : 2 Exploit : 1- http://server/path/admincp.asp 2- login with "admin" as user name and 'or' as password...

XOOPS Module dictionary 2.0.18 - detail.php SQL Injection

XOOPS Module dictionary 2.0.18 - detail.php SQL Injection XOOPS Module dictionary 2.0.18 detail.php SQL Injection Vulnerability XOOPS Version: XOOPS 2.0.18 http://www.xoops.org/modules/repository/ AUTHOR : Palyo34 HOME : http://www.1923turk.biz DORK : allinurl: "modules/dictionary/detail.php?id"...

kooora 3.0 - AR Cross-Site Scripting

kooora 3.0 - AR Cross-Site Scripting ======================================================================================== | Title : kooora v 3.0 AR Cross Site Scripting Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi -...

iSupport 1.8 - Cross-Site Scripting Local File Inclusion

iSupport 1.8 - Cross-Site Scripting Local File Inclusion --------------------------------------------- ++ iSupport $ ////////////////////////////////////////////////////////////////////// + Vulnerability and Exploitation Dork : "Powered by iSupport 1.8 " --XSS--...

PhpLinkExchange 1.02 - Cross-Site Scripting Upload

PhpLinkExchange 1.02 - Cross-Site Scripting Upload PhpLinkExchange v1.02 - XSS/Upload Vulerability Discovered by : Stink' Date : 2009-12-16 Dork : "PhpLinkExchange v1.02" Website Publisher : http://www.idevspot.com/PhpLinkExchange.php -- XSS in URL --...

Invision Power Board 2.3.63.0.4 - Local File Inclusion SQL Injection

Invision Power Board 2.3.63.0.4 - Local File Inclusion SQL Injection ============================================= - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- Invision Power Board = 3.0.4 Local PHP File Inclusion and SQL...

WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting Authentication Bypass Vulnerabilities (2)

WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting Authentication Bypass Vulnerabilities 2 source: https://www.securityfocus.com/bid/37099/info The FireStats plugin for WordPress is prone to multiple cross-site scripting vulnerabilities and an authentication-bypass vulnerability. An...

Adobe Reader Acrobat - .U3D File Invalid Array Index Overflow

Adobe Reader Acrobat - .U3D File Invalid Array Index Overflow Felipe Andres Manzano [email protected] http://twitter/feliam doc=''' Title: U3D CLODProgressiveMeshContinuation Split Position Index arbitrary dereference. Product: Adobe Acrobat Reader Version: =8.1.6, =9.1.3 Product...

Advanced Comment System 1.0 - Multiple Remote File Inclusions

Advanced Comment System 1.0 - Multiple Remote File Inclusions ====================================================== Advanced comment system1.0 Remote File Inclusion Vulnerability Found by : kurdish hackers team C0ntact : pshela at YaHoo .com Groups : Kurd-Team site : www.kurdteam.org...

Mozilla Firefox 3.5 (OSX) - Font Tags Remote Buffer Overflow

Mozilla Firefox 3.5 OSX - Font Tags Remote Buffer Overflow !/usr/bin/env python FireFox 3.5 Heap Spray OS X Exploit Modified by: DrIDE Originally Discovered by: Simon Berry-Bryne Pythonized by: David Kennedy ReL1K @ SecureState Thanks to HDM Tested on OS X 10.5.7 from BaseHTTPServer import...

Multiple HTTP Server - slowloris.pl Low Bandwidth Denial of Service

Multiple HTTP Server - slowloris.pl Low Bandwidth Denial of Service !/usr/bin/perl -w use strict; use IO::Socket::INET; use IO::Socket::SSL; use Getopt::Long; use Config; $SIG'PIPE' = 'IGNORE'; Ignore broken pipe errors print EOTEXT;...

Oracle RDBms 10.2.0.311.1.0.6 - TNS Listener (PoC)

Oracle RDBms 10.2.0.311.1.0.6 - TNS Listener PoC TNS Listener Oracle RDBMS exploit, cause trap in Listener process more precisely: in function memcpy called from ncrfintn function which is located in oranro11.dll Successfully working with Oracle RDBMS Win32 11.1.0.6.0 and Oracle RDBMS Win32...

pam-krb5 3.13 - Local Privilege Escalation

pam-krb5 3.13 - Local Privilege Escalation / cve-2009-0360.c pam-krb5 http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0360 pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which...

eVision CMS 2.0 - Remote Code Execution

eVision CMS 2.0 - Remote Code Execution !/usr/bin/perl ----------------------------------------------------------------------------- INFORMATIONS ----------------------------------------------------------------------------- eVision CMS 2.0...

Joomla! Component mDigg 2.2.8 - category SQL Injection

Joomla! Component mDigg 2.2.8 - category SQL Injection Joomla Component commdiggcategory SQL-injection vulnerability Author : boom3rang Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1. Vulnerability : SQL injection Google Dork : inurl:commdigg...

Barracuda Spam Firewall 3.5.11.020 Model 600 - SQL Injection

Barracuda Spam Firewall 3.5.11.020 Model 600 - SQL Injection CVE Number: CVE-2008-1094 Vulnerability: SQL Injection Risk: Medium Attack vector: From Remote Vulnerability Discovered: 16th June 2008 Vendor Notified: 16th June 2008 Advisory Released: 15th December 2008 Abstract Barracuda Networks Sp...

Microsoft Visual Basic - ActiveX Controls mscomct2.ocx Buffer Overflow (PoC)

Microsoft Visual Basic - ActiveX Controls mscomct2.ocx Buffer Overflow PoC !/usr/bin/perl Microsoft Visual Basic ActiveX Controls mscomct2.ocx Animation Object Buffer Overflow CVE-2008-4255 PoC You'll need Debugging Tools for Windows http://www.microsoft.com/whdc/devtools/debugging/default.mspx /...

Vinagre 2.24.2 - show_error() Remote Format String (PoC)

Vinagre 2.24.2 - showerror Remote Format String PoC -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Vinagre showerror format string vulnerability 1. Advisory Information Title: Vinagre showerror format string...

Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection

Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection GulfTech Security Research July 30, 2008 Vendor : Pligg LLC URL : http://www.pligg.com/ Version : Pligg alertdocument.cookie; The above example link would display the end users cookie to them. Of course this can also be use...

Claroline 1.8.9 - clarolineredirector.php?url Arbitrary Site Redirect

Claroline 1.8.9 - clarolineredirector.php?url Arbitrary Site Redirect source: https://www.securityfocus.com/bid/30269/info Claroline is prone to multiple input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities. 2. A remote URI-redirection vulnerability. An attacker may...

CA-ArcServe

CA ArcServe is prone to a remote buffer overflow because it fails to perform adequate boundary-checks on user-supplied data. Successfully exploiting will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a...

IPTBB 0.5.6 - Arbitrary Add Admin

IPTBB 0.5.6 - Arbitrary Add Admin ========================================= IPTBB 0.5.6 Arbitrary Add-Admin Exploit ========================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...

XOOPS Module wfdownloads - cid SQL Injection

XOOPS Module wfdownloads - cid SQL Injection XOOPS module wfdownloads SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAiL : [email protected] DORK 1 : allinurl: "modules/wfdownloads/viewcat.php?cid" DORK 2 : allinurl: "modules/wfdownloads" EXPLOIT :...

CandyPress eCommerce suite 4.1.1.26 - Multiple Vulnerabilities

CandyPress eCommerce suite 4.1.1.26 - Multiple Vulnerabilities WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: CandyPress eCommerce suite Vendor: http://www.candypress.com/ Bugs: SQL Injection + XSS + Path Disclosure in CandyPress Vulnerable Version: 4.1.1.26...

Content Injector 1.53 - index.php SQL Injection

Content Injector 1.53 - index.php SQL Injection --==+================================================================================+==-- --==+ Content Injector V1.53 SQL Injection Vulnerbility +==-- --==+================================================================================+==-- AUTHO...

wpQuiz 2.7 - Multiple SQL Injections

wpQuiz 2.7 - Multiple SQL Injections Tytul: wpQuiz 2.7 Remote SQL Injection Vulnerability http://wireplastik.com/projects.php Autor: Kacper E-Mail: [email protected] Strona: devilteam.eu Irc: irc.myg0t.com devilteam Blad:...

Joomla! Component mp3 allopass 1.0 - Remote File Inclusion

Joomla! Component mp3 allopass 1.0 - Remote File Inclusion commp3allopass joomla component Remote File Include Vulnerability Component : commp3allopass Download file : http://www.joomlaratings.com Dicovered by : NoGe Contact : [email protected]...

Microsoft Visual Basic Enterprise 6.0 SP6 - Code Execution

Microsoft Visual Basic Enterprise 6.0 SP6 - Code Execution usage: vbexploit.py FileName.vbp import sys print "--------------------------------------------------------------------------" print " PoC2 Microsoft Visual Basic Enterprise Edition 6.0 SP6 Code Execution " print " author: shinnai" print ...

Live for Speed S1S2Demo - .ply Local Buffer Overflow

Live for Speed S1S2Demo - .ply Local Buffer Overflow / 0day Live for speed patch x s2 /s1 and demo local .ply File buffer over flow Live for speed .ply file is a set up file,This file is shared amongst user's Who want stylish number plate's on there car's the buffer over flow happened with An...

SAP DB 7.4 - WebTools Remote Overwrite (SEH)

SAP DB 7.4 - WebTools Remote Overwrite SEH / Dreatica-FXP crew ---------------------------------------- Target : SAP DB 7.4 WebTools Site : http://www.sapdb.org Found by : NGSSoftware Insight Security Research ---------------------------------------- Exploit : SAP DB 7.4 WebTools Remote SEH...