Websense Email Security - Cross-Site Scripting

Websense Email Security - Cross-Site Scripting Security Advisory NSOADV-2009-003 Title: Websense Email Security Cross Site Scripting Severity: Low Advisory ID: NSOADV-2009-003 Found Date: 28.09.2009 Date Reported: 01.10.2009 Release Date: 20.10.2009 Author: Nikolas Sotiriu Mail: nso-research at...

Achievo 1.3.4 - Cross-Site Scripting

Achievo 1.3.4 - Cross-Site Scripting Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ Multiple XSS in Achievo 1. Advisory Information Title: Multiple XSS in Achievo Advisory ID: BONSAI-2009-0101 Advisory URL:...

redcat media - SQL Injection

redcat media - SQL Injection x==========================================x | AntiSecuritydotorg | x==========================================x x==========================================x | Title : redcat media inurl:index.php?contentId= SQL Injection Vulnerability | Vendor :...

Cisco ACE XML Gateway 6.0 - Internal IP Disclosure

Cisco ACE XML Gateway 6.0 - Internal IP Disclosure +----------------------------------------------------------------------- -+ | ....... | | ..''xxxxxxxxxxxxxxx'... | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx.. | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. | | .'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'''.......'. | |...

Elite Gaming Ladders 3.2 - platform SQL Injection

Elite Gaming Ladders 3.2 - platform SQL Injection -------------------------------------------------------- Elite Gaming Ladders v3.2 Remote SQL Injection Vulnerability -------------------------------------------------------- Discovered By: Snakespc ALGERIAN HaCkEr Mail: [email protected]...

Open Auto Classifieds 1.5.9 - Multiple Vulnerabilities

Open Auto Classifieds 1.5.9 - Multiple Vulnerabilities MorningStar Security - Advisory http://www.morningstarsecurity.com/ Multiple security issues in Open Auto Classifieds 1. Advisory Information ---------------------------------------------------------------------------------------------- Title...

AlumniServer 1.0.1 - resetpwemail Blind SQL Injection

AlumniServer 1.0.1 - resetpwemail Blind SQL Injection !/usr/bin/python || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ VIVA SPAIN!... GANAREMOS EL MUNDIAL!...o.O PROUD TO BE SPANISH!...

XOOPS 2.3.3 - .htaccess Remote File Disclosure

XOOPS 2.3.3 - .htaccess Remote File Disclosure ======================================================================== XOOPS = 2.3.3 Remote Arbitrary File Retrieval ======================================================================== Affected Software : XOOPS = 2.3.3 Author : Luca "daath" De...

Joomla! Component Akobook 2.3 - gbid SQL Injection

Joomla! Component Akobook 2.3 - gbid SQL Injection Joomla Component comakobook Vulnerability ---------------------------------------------------------------------- + Author : Ab1i + Email : [email protected] + Dork : inurl:index.php?option=comakobook Example:...

kloxo 5.75 - Multiple Vulnerabilities

kloxo 5.75 - Multiple Vulnerabilities Who : http://lxlabs.com What : kloxo "Kloxo Previously Lxadmin The most flexible software on this planet. From Kloxo HostInaBox, World's lightest and the most efficient webhosting platform, to Kloxo Enterprise, which can manage 100s of thousands of domains on...

Apple Safari - RSS feed: Buffer Overflow via libxml2 (PoC)

Apple Safari - RSS feed: Buffer Overflow via libxml2 PoC !/usr/bin/ruby Quick-n-dirty PoC for APPLE-SA-2009-05-12 ala CVE-2008-3529 Safari RSS feed:// buffer overflow via libxml2 by KF of Digitalmunition and Netragard http://www.digitalmunition.com , http://www.netragard.com The application...

BolinTech DreamFTP Server 1.02 - users.dat Arbitrary File Disclosure

BolinTech DreamFTP Server 1.02 - users.dat Arbitrary File Disclosure !/usr/bin/perl -w This Bug Similar to others found By My Friend : Stack = so special Thanx So You Can Exploit Arbitrary File Disclosure From The Server == You can use Stack's Exploit To do That But This Exploit i will get Users ...

Joomla! Component rsmonials - Cross-Site Scripting

Joomla! Component rsmonials - Cross-Site Scripting / RSMonials XSS Exploit http://www.rswebsols.com/downloads/category/14-download-rsmonials-all?download=23%3Adownload-rsmonials-component Google Dork: allinurl:option=comrsmonials Anything entered into the form gets rendered as HTML, so you can ad...

ablespace 1.0 - Cross-Site Scripting Blind SQL Injection

ablespace 1.0 - Cross-Site Scripting Blind SQL Injection riginal advisory: http://dsecrg.com/pages/vul/show.php?id=137 Digital Security Research Group DSecRG Advisory DSECRG-09-037 Application: AbleSpace Versions Affected: 1.0 Vendor URL: http://abk-soft.com/ Bugs: Multiple Blind SQL Injections,...

net2ftp 0.97 - Cross-Site Scripting Request Forgery

net2ftp 0.97 - Cross-Site Scripting Request Forgery =cicatriz ==advisories= / / / / // / / // / o / / .-/ =net2ftp = 0.97 Cross-Site Scripting/Request Forgery==/= == =Advisory & Vulnerability Information=== Title: net2ftp = 0.97 Cross-Site Scripting/Request Forgery Advisory ID: VUDO-2009-0804...

Sun Calendar Express Web Server - Denial of Service Cross-Site Scripting

Sun Calendar Express Web Server - Denial of Service Cross-Site Scripting Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple vulnerabilities in Sun Calendar Express Web Server 1. Advisory Information Title: Multiple vulnerabilities in Sun Calendar Express...

PHPizabi 0.8 - notepad_body SQL Injection

PHPizabi 0.8 - notepadbody SQL Injection source: https://www.securityfocus.com/bid/34223/info PHPizabi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromi...

POP Peeper 3.4.0.0 - UIDL Remote Buffer Overflow (SEH)

POP Peeper 3.4.0.0 - UIDL Remote Buffer Overflow SEH !/usr/bin/perl KL0209EXP-poppeeperuidl-bof.pl 02.27.2009 Krakow Labs Development www.krakowlabs.com POP Peeper 3.4.0.0 UIDL Remote Buffer Overflow Exploit SEH overwrite exploitation, uses Imap.dll included with POP Peeper for universal...

w3bcms 3.5.0 - Multiple Vulnerabilities

w3bcms 3.5.0 - Multiple Vulnerabilities !/usr/bin/perl use LWP::UserAgent; use HTTP::Request::Common qwPOST; use Getopt::Long; '/ -.- -------------------oOO------OOo------------------ | | | / / / / | | / / / / / / / / / / / | | // // / / / // / // / // | | ///,// /./,/, // | | Security...

DMXReady Member Directory Manager 1.1 - SQL Injection

DMXReady Member Directory Manager 1.1 - SQL Injection Title : DMXReady Member Directory Manager http://target/path/applications/MemberDirectoryManager/incmemberdirectorymanager.asp Edit - http://target/path/admin/MemberDirectoryManager/components/CategoryManager/uploadimagecategory.asp?cid=SQL...

w3blabor CMS 3.0.5 - Arbitrary File Upload Local File Inclusion

w3blabor CMS 3.0.5 - Arbitrary File Upload Local File Inclusion !/usr/bin/perl use LWP::UserAgent; use HTTP::Request::Common qwPOST; use Getopt::Long; '/ -.- ------------------oOO------OOo----------------- | | | / / / / | | / / / / / / / / / / / | | // // / / / // / // / // | | ///,// /./,/,...

Booking Centre 2.01 - HotelID SQL Injection

Booking Centre 2.01 - HotelID SQL Injection ----------------------------بسم الله الرحمن الرحيم------------------------------ Tybe: hotelhabitaciones.php HotelID Remote SQL Injection Vulnerability Vendor: www.bookingcentre.eu Software: Hotels Group author: я3d D3v!L Date:...

Simple Machines Forum (SMF) 1.1.6 - Code Execution

Simple Machines Forum SMF 1.1.6 - Code Execution URL: http://real.olympe-network.com/ Note: other versions are maybe vulnerable, not tested. SMF suffers from multiples vulnerabilities. Combining some of them, we can obtain a remote code execution on the remote host. I won't talk here about all of...

Absolute File Send 1.0 - Remote Insecure Cookie Handling

Absolute File Send 1.0 - Remote Insecure Cookie Handling | | / | \ \ / / / | / | | | | \ | | | | \ V / | | | | | | | | | | | | | || | | | | | | | | | | | | | | || | / || | || \ | Author : Hakxer Home : Www.educ-up.com Type Gap : Insecure cookie handling script : Absloute File Send see script...

YDC - cat SQL Injection

YDC - cat SQL Injection || | | YDC cat Remote SQL Injection Vulnerability | | |-------------------- Hussin X -------------------| | | Author: Hussin X | | Home : WwW.IQ-ty.CoM | | email: darkangelg85atYahooDoTcom | | | | | | script : http://www.ydc.ir/ | | DorK : "Powered by YDC" || Exploit:...

Postfix 2.6-20080814 - symlink Local Privilege Escalation

Postfix 2.6-20080814 - symlink Local Privilege Escalation !/bin/sh "rspocfix.sh" PoC for Postfix local root vulnerability: CVE-2008-2936 by Roman Medina-Heigl Hernandez a.k.a. RoMaNSoFt Tested: Ubuntu / Debian Madrid, 30.Aug.2008 Config writabledir=/tmp spooldir=/var/mail Use "postconf...

Coppermine Photo Gallery 1.4.18 - Local File Inclusion Remote Code Execution

Coppermine Photo Gallery 1.4.18 - Local File Inclusion Remote Code Execution authenticate; ... 301. // Process language selection if present in URI or in user profile or try 302. // autodetection if default charset is utf-8 303. if !empty$GET'lang' 304. 305. $USER'lang' = ereg"^a-z0-9-$",...

Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution

Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution Felipe Andres Manzano [email protected] updates in http://felipe.andres.manzano.googlepages.com/home ''' Sumary: ======= The libpoppler pdf rendering library, can free uninitialized pointers, leading to arbitrary code...

phpAuction 3.2.1 - item.php SQL Injection

phpAuction 3.2.1 - item.php SQL Injection phpauction-gpl Version3.2 Version SQL Injection Vulnerability ======================================================== Author: Hussin X = = Home : www.tryag.cc/cc = = email: darkangelg85atYahooDoTcom = hussin.xathotmailDoTcom = =...

ActiveKB 1.5 - Insecure Cookie HandlingArbitrary Admin Access

ActiveKB 1.5 - Insecure Cookie HandlingArbitrary Admin Access --==+================================================================================+==-- --==+ ActiveKB = 1.5 Insecure Cookie Handling/Arbitrary Admin Access +==--...

Drake CMS 0.4.11 - Blind SQL Injection

Drake CMS 0.4.11 - Blind SQL Injection gid 17. if '' === $gbname = in'gbname', SQL | NOHTML, $POST, '', 50 18. || '' === $gbemail = in'gbemail', SQL | NOHTML, $POST, '', 50 19. || !isemail$gbemail 20. 21. CMSResponse::BackFORMNC; 22. else 23. $gbname = $my-name; 24. $gbemail = $my-email; 25. 26...

WebcamXP 3.72.4404.05.280 Beta - pocketpc?camnum Arbitrary Memory Disclosure

WebcamXP 3.72.4404.05.280 Beta - pocketpc?camnum Arbitrary Memory Disclosure source: https://www.securityfocus.com/bid/27875/info webcamXP is prone to multiple information-disclosure and denial-of-service vulnerabilities because it fails to check user-supplied input data. Attackers can exploit...

Mambo Component Ricette 1.0 - SQL Injection

Mambo Component Ricette 1.0 - SQL Injection joomla SQL Injectioncomricette AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAÄ°L : [email protected] DORK 1 : allinurl: comricette DORK 2 : allinurl: "comricette"id EXPLOIT :...

Vantage Linguistics AnswerWorks 4 - API ActiveX Control Buffer Overflow

Vantage Linguistics AnswerWorks 4 - API ActiveX Control Buffer Overflow Vantage Linguistics AnswerWorks 4 API ActiveX Control Buffer Overflow Exploit function Check var buf = 'A'; while buf.length = 214 buf = buf + 'A'; // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378...

RunCMS 1.6 - Blind SQL Injection (IDS Evasion)

RunCMS 1.6 - Blind SQL Injection IDS Evasion // / RUNCMS 1.6 BLIND SQL Injection Exploit + IDS evasion / // / exploit get hash of admin password / / / / Exploit is invisible for / / RUNCMS sql injection detecting mechanism / // // / tested on RUNCMS english version 1.6 / // // / Date of Public...

Viewpoint Media Player for IE 3.2 - Remote Stack Overflow (PoC)

Viewpoint Media Player for IE 3.2 - Remote Stack Overflow PoC ----------------------------------------------------------------------------- Viewpoint Media Player for IE 3.2 AxMetaStream.dll Remote Stack Overflow url: http://www.viewpoint.com Author: shinnai mail: shinnaiatautisticidotorg site:...

Oracle 10g - LT.FINDRICSET SQL Injection (IDS Evasion)

Oracle 10g - LT.FINDRICSET SQL Injection IDS Evasion // / Oracle 10g LT.FINDRICSET SQL Injection Exploit / // / sploit grant DBA to scott / / evil cursor injection / / No "create procedure" privileg needed! / / + Funny IDS evasion vith base64 / // / tested on oracle 10.1.0.2.0 / // // / Date of...

NovaSTOR NovaNET 12.0 - Remote Command Execution

NovaSTOR NovaNET 12.0 - Remote Command Execution / source: https://www.securityfocus.com/bid/39693/info NovaStor NovaNET is prone to code-execution, denial-of-service, and information-disclosure vulnerabilities. An attacker can exploit these issues to execute arbitrary code, access sensitive...

Boa 0.93.15 - Administrator Password Overwrite Authentication Bypass

Boa 0.93.15 - Administrator Password Overwrite Authentication Bypass source: https://www.securityfocus.com/bid/25676/info Boa is prone to an authentication-bypass vulnerability because the application fails to ensure that passwords are not overwritten by specially crafted HTTP Requests. An attack...

ProFTPd 1.x - mod_tls Remote Buffer Overflow

ProFTPd 1.x - modtls Remote Buffer Overflow / Anti-modTLS-0day version 2 ProFTPd .. + modtls remote-root-0day-exploit main advantages of this exploit: 1 No patched modtls versions yet 2 This is a preauthentication bug 3 Bruteforcing option eheheheee main disadvantages: 2 Target mechanism isn't ve...

PHP Blue Dragon CMS 3.0.0 - Remote Code Execution

PHP Blue Dragon CMS 3.0.0 - Remote Code Execution 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i;...

Live for Speed S1S2Demo - .mpr replay Local Buffer Overflow

Live for Speed S1S2Demo - .mpr replay Local Buffer Overflow / 0day Live for speed patch x s2 /s1 and demo local .mpr buffer over flow Credit's to n00b for finding bug and writing the exploit Lfs is a racing simulator with a huge player data-base with 100,000+ user's. I found a local buffer over...

e-Vision CMS 2.02 - SQL Injection Remote Code Execution

e-Vision CMS 2.02 - SQL Injection Remote Code Execution !/usr/bin/php -q -d shortopentag=on ...need i say more? Bug 2 admin/functions.php: if isset$COOKIE'adminlang' $languageselector = $COOKIE'adminlang'; else $languageselector = "en"; include"lang/".$languageselector.".php"; ...speaks for it se...

Weatimages 1.7.1 - ini[langpack] Remote File Inclusion

Weatimages 1.7.1 - inilangpack Remote File Inclusion RFI Weatimages Hack Script name : Weatimages Script Download Adress:http://www.hotscripts.com/jump.php?listingid=52592&jumptype=1 Demo site:http://www.nazarkin.name/projects/weatimages/demo/index.php?inilangpack=shelladress Google Dork : inurl:...

AOL SuperBuddy - ActiveX Control Remote Code Execution (Metasploit)

AOL SuperBuddy - ActiveX Control Remote Code Execution Metasploit require 'msf/core' module Msf class Exploits::Windows::Browser::AOLSuperBuddyLinkSBIcons 'AOL Sb.Superbuddy vulnerability', 'Description' = %q This module exploits a flaw in AOL Sb.SuperBuddy. We stole this code from a pre-existing...

XOOPS Module Tiny Event 1.01 - id SQL Injection

XOOPS Module Tiny Event 1.01 - id SQL Injection !/usr/bin/perl Script Name: XOOPS Module Tiny Event : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; print "User ID uid: "; $id = ; chop $id;...

XOOPS Module Friendfinder 3.3 - view.php?id SQL Injection

XOOPS Module Friendfinder 3.3 - view.php?id SQL Injection !/usr/bin/perl Script Name: Xoops Module Friendfinder : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; print "User ID uid: "; $id = ;...

Xero Portal - phpbb_root_path Remote File Inclusion

Xero Portal - phpbbrootpath Remote File Inclusion C XORON - 2007 Bug name: Xero Portal v1.2 phpbbrootpath Local File Include Vulnerablity Script Name: Xero Portal v1.2 Wrong Codes: require$phpbbrootpath . 'includes/bbcode.'.$phpEx; Exploit:...

Opera 9.10 - .jpg Image DHT Marker Heap Corruption

Opera 9.10 - .jpg Image DHT Marker Heap Corruption Opera JPEG processing - Heap corruption vulnerabilities ======================================================= Date..: 8th September 2006 31th October 2006 update 3rd November 2006 update 5th January 2007 public release...

KDPics 1.111.16 - index.php3?categories Cross-Site Scripting

KDPics 1.111.16 - index.php3?categories Cross-Site Scripting source: https://www.securityfocus.com/bid/21515/info KDPics is prone to multiple input-validation vulnerabilities, including cross-site scripting and remote file-include issues, because the application fails to sanitize user-supplied...