41207 matches found
WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting Authentication Bypass Vulnerabilities (2)
WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting Authentication Bypass Vulnerabilities 2 source: https://www.securityfocus.com/bid/37099/info The FireStats plugin for WordPress is prone to multiple cross-site scripting vulnerabilities and an authentication-bypass vulnerability. An...
Websense Email Security - Cross-Site Scripting
Websense Email Security - Cross-Site Scripting Security Advisory NSOADV-2009-003 Title: Websense Email Security Cross Site Scripting Severity: Low Advisory ID: NSOADV-2009-003 Found Date: 28.09.2009 Date Reported: 01.10.2009 Release Date: 20.10.2009 Author: Nikolas Sotiriu Mail: nso-research at...
Achievo 1.3.4 - Cross-Site Scripting
Achievo 1.3.4 - Cross-Site Scripting Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ Multiple XSS in Achievo 1. Advisory Information Title: Multiple XSS in Achievo Advisory ID: BONSAI-2009-0101 Advisory URL:...
Elite Gaming Ladders 3.2 - platform SQL Injection
Elite Gaming Ladders 3.2 - platform SQL Injection -------------------------------------------------------- Elite Gaming Ladders v3.2 Remote SQL Injection Vulnerability -------------------------------------------------------- Discovered By: Snakespc ALGERIAN HaCkEr Mail: [email protected]...
Joomla! Component com_digifolio 1.52 - id SQL Injection
Joomla! Component comdigifolio 1.52 - id SQL Injection Joomla Component comdigifolio 1.52 id SQL Injection Vulnerability --== Author ==-- + Author : v3n0m + Contact : v3n0m666atlivedotcom + Blog : http://0wnage.wordpress.com/ + Group : YOGYACARDERLINK + Site : http://yogyacarderlink.web.id/ + Dat...
PHP Live! 3.2.2 - questid SQL Injection (2)
PHP Live! 3.2.2 - questid SQL Injection 2 Original author: Found by Xar of h4ck-y0u, Greets to Don & ViSiOn Modified version: skys Contact: skysbsbatgmail.com !Info! PHP Live! © OSI Codes Inc. enables live help and live customer support communication directly from your website. With PHP Live!, y...
XOOPS Celepar Module Qas - codigo SQL Injection
XOOPS Celepar Module Qas - codigo SQL Injection Xoops Celepar Module Qas Donwload of Xoops Celepar : http://www.xoops.pr.gov.br/uploads/core/xoopscelepar.tar.gz Author: s4r4d0 mail:[email protected] A Sql Injection has been found on modules Quas of Xoops Celepar in file Aviso.php . Source code:...
SguilPADS - Remote Server Crash
SguilPADS - Remote Server Crash Sguil/PADS Denial of Service exploit by Ataraxia Benjamin Rose Public announcement made 7/15/09. Please visit http://allmybase.com/ my blog for more up-to-date information, and a quick patch. More in-depth article available at: http://allmybase.com/?p=72 This more...
AlumniServer 1.0.1 - resetpwemail Blind SQL Injection
AlumniServer 1.0.1 - resetpwemail Blind SQL Injection !/usr/bin/python || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ VIVA SPAIN!... GANAREMOS EL MUNDIAL!...o.O PROUD TO BE SPANISH!...
Oracle 9i10g Database - Remote Network Authentication
Oracle 9i10g Database - Remote Network Authentication source: https://www.securityfocus.com/bid/35680/info Oracle Database is prone to a remote vulnerability in Network Authentication. The vulnerability can be exploited over the 'Oracle Net' protocol. An attacker doesn't require privileges to...
Joomla! Component rsmonials - Cross-Site Scripting
Joomla! Component rsmonials - Cross-Site Scripting / RSMonials XSS Exploit http://www.rswebsols.com/downloads/category/14-download-rsmonials-all?download=23%3Adownload-rsmonials-component Google Dork: allinurl:option=comrsmonials Anything entered into the form gets rendered as HTML, so you can ad...
w3bcms 3.5.0 - Multiple Vulnerabilities
w3bcms 3.5.0 - Multiple Vulnerabilities !/usr/bin/perl use LWP::UserAgent; use HTTP::Request::Common qwPOST; use Getopt::Long; '/ -.- -------------------oOO------OOo------------------ | | | / / / / | | / / / / / / / / / / / | | // // / / / // / // / // | | ///,// /./,/, // | | Security...
eVision CMS 2.0 - Remote Code Execution
eVision CMS 2.0 - Remote Code Execution !/usr/bin/perl ----------------------------------------------------------------------------- INFORMATIONS ----------------------------------------------------------------------------- eVision CMS 2.0...
DMXReady Member Directory Manager 1.1 - SQL Injection
DMXReady Member Directory Manager 1.1 - SQL Injection Title : DMXReady Member Directory Manager http://target/path/applications/MemberDirectoryManager/incmemberdirectorymanager.asp Edit - http://target/path/admin/MemberDirectoryManager/components/CategoryManager/uploadimagecategory.asp?cid=SQL...
Joomla! Component gigCalendar 1.0 - SQL Injection
Joomla! Component gigCalendar 1.0 - SQL Injection Joomla Component comgigcalgigcalgigsid SQL-injection Author : boom3rang Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1. Vulnerability : SQL injection Google Dork : inurl:comgigcal...
Joomla! Component mDigg 2.2.8 - category SQL Injection
Joomla! Component mDigg 2.2.8 - category SQL Injection Joomla Component commdiggcategory SQL-injection vulnerability Author : boom3rang Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1. Vulnerability : SQL injection Google Dork : inurl:commdigg...
Barracuda Spam Firewall 3.5.11.020 Model 600 - SQL Injection
Barracuda Spam Firewall 3.5.11.020 Model 600 - SQL Injection CVE Number: CVE-2008-1094 Vulnerability: SQL Injection Risk: Medium Attack vector: From Remote Vulnerability Discovered: 16th June 2008 Vendor Notified: 16th June 2008 Advisory Released: 15th December 2008 Abstract Barracuda Networks Sp...
w3blabor CMS 3.0.5 - Arbitrary File Upload Local File Inclusion
w3blabor CMS 3.0.5 - Arbitrary File Upload Local File Inclusion !/usr/bin/perl use LWP::UserAgent; use HTTP::Request::Common qwPOST; use Getopt::Long; '/ -.- ------------------oOO------OOo----------------- | | | / / / / | | / / / / / / / / / / / | | // // / / / // / // / // | | ///,// /./,/,...
Alstrasoft SendIt Pro - Arbitrary File Upload
Alstrasoft SendIt Pro - Arbitrary File Upload AlstraSoft SendIt Pro Remote File Upload ---------------------------------------------------------- Discovered By: ZoRLu Date: 12.11.2008 Home: www.z0rlu.blogspot.com contact: [email protected] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : dork:...
MySQL Quick Admin 1.5.5 - Local File Inclusion
MySQL Quick Admin 1.5.5 - Local File Inclusion Author: Vinod Sharma Email: [email protected] Date: 05th Nov, 2008 Note: This information is only for educational purpose, author will not bear responsibility for any damages. Directory traversal vulnerability in MySQL Quick Admin 1.5.5...
Coupon Script 4.0 - id SQL Injection
Coupon Script 4.0 - id SQL Injection || | | Coupon Script 4.0 id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : WwW.Hussin-X.CoM | WwW.tryag.CoM | | email: darkangelg85atYahooDoTcom | | | | | | | script :...
1024 CMS 1.4.4 - Multiple LocalRemote File Inclusions
1024 CMS 1.4.4 - Multiple LocalRemote File Inclusions Digital Security Research Group DSecRG Advisory DSECRG-08-027 Application: 1024 CMS Versions Affected: 1.4.3, 1.4.4 RFC Vendor URL: http://www.1024cms.com/ Bug: Multiple Remote/Local File Include Exploits: YES Reported: 18.06.2008 Second repor...
Pre News Manager 1.0 - id SQL Injection
Pre News Manager 1.0 - id SQL Injection \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV97$2008 ----------------------------------------------------------------------------------------- ECHOADV97$2008 Pre News Manager = 1.0 index.php id Sql Injection...
CA-ArcServe
CA ArcServe is prone to a remote buffer overflow because it fails to perform adequate boundary-checks on user-supplied data. Successfully exploiting will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a...
IPTBB 0.5.6 - Arbitrary Add Admin
IPTBB 0.5.6 - Arbitrary Add Admin ========================================= IPTBB 0.5.6 Arbitrary Add-Admin Exploit ========================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...
Softbiz Web Host Directory Script - host_id SQL Injection
Softbiz Web Host Directory Script - hostid SQL Injection \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV89$2008 ----------------------------------------------------------------------------------------- ECHOADV89$2008 Softbiz Web Host Directory Script...
HP OpenView Network Node Manager (OV NNM) 7.5.1 - OVAS.exe Overflow (SEH)
HP OpenView Network Node Manager OV NNM 7.5.1 - OVAS.exe Overflow SEH !/usr/bin/python HP OpenView NNM 7.5.1 OVAS.EXE Pre Authentication SEH Overflow Tested on Windows 2003 Server SP1. Coded by Mati Aharoni muts..at..offensive-security.com http://www.offensive-security.com/0day/hp-nnm-ov.py.txt...
XOOPS Module wfdownloads - cid SQL Injection
XOOPS Module wfdownloads - cid SQL Injection XOOPS module wfdownloads SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAiL : [email protected] DORK 1 : allinurl: "modules/wfdownloads/viewcat.php?cid" DORK 2 : allinurl: "modules/wfdownloads" EXPLOIT :...
CandyPress eCommerce suite 4.1.1.26 - Multiple Vulnerabilities
CandyPress eCommerce suite 4.1.1.26 - Multiple Vulnerabilities WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: CandyPress eCommerce suite Vendor: http://www.candypress.com/ Bugs: SQL Injection + XSS + Path Disclosure in CandyPress Vulnerable Version: 4.1.1.26...
wpQuiz 2.7 - Multiple SQL Injections
wpQuiz 2.7 - Multiple SQL Injections Tytul: wpQuiz 2.7 Remote SQL Injection Vulnerability http://wireplastik.com/projects.php Autor: Kacper E-Mail: [email protected] Strona: devilteam.eu Irc: irc.myg0t.com devilteam Blad:...
Joomla! Component mp3 allopass 1.0 - Remote File Inclusion
Joomla! Component mp3 allopass 1.0 - Remote File Inclusion commp3allopass joomla component Remote File Include Vulnerability Component : commp3allopass Download file : http://www.joomlaratings.com Dicovered by : NoGe Contact : [email protected]...
Trend Micro ServerProtect - eng50.dll Remote Stack Overflow
Trend Micro ServerProtect - eng50.dll Remote Stack Overflow / Copyright c 2007 devcode ^^ D E V C O D E ^^ Trend Micro ServerProtect eng50.dll Stack Overflow CVE-2007-1070 Description: A boundary error within a function in eng50.dll can be exploited to cause a stack-based buffer overflow via a...
PHP Blue Dragon CMS 3.0.0 - Remote Code Execution
PHP Blue Dragon CMS 3.0.0 - Remote Code Execution 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i;...
Live for Speed S1S2Demo - .ply Local Buffer Overflow
Live for Speed S1S2Demo - .ply Local Buffer Overflow / 0day Live for speed patch x s2 /s1 and demo local .ply File buffer over flow Live for speed .ply file is a set up file,This file is shared amongst user's Who want stylish number plate's on there car's the buffer over flow happened with An...
CA BrightStor Backup 11.5.2.0 - Mediasvr.exe Denial of Service
CA BrightStor Backup 11.5.2.0 - Mediasvr.exe Denial of Service !/usr/bin/python Computer Associates CA Brightstor Backup Mediasvr.exe DoS catirpc.dll/rwxdr.dll Previously Unknown There is an issue with RPC operation 126 and the imported cactirpc.dll and rwxdr.dll. It looks as if Mediasvr.exe...
MyBulletinBoard (MyBB) 1.2.2 - CLIENT-IP SQL Injection
MyBulletinBoard MyBB 1.2.2 - CLIENT-IP SQL Injection !/usr/bin/perl LOGO Mybb = 4.1 wwork: blind sql-inj ggoogle: Powered By MyBB coded by Elekt antichat.ru Coments ОпиÑание: Работа ÑкÑплойта оÑнована на sql-инъекции в HTTPCLIENTIP...
MangoBery CMS 0.5.5 - quotes.php Remote File Inclusion
MangoBery CMS 0.5.5 - quotes.php Remote File Inclusion Mangobery-0.5.5 Found by kezzap66345 Script Page:http://mangobery.sourceforge.net/ Demo Site:http://mangobery.beryllium.ca/ Script Download:http://sourceforge.net/project/showfiles.php?groupid=63834&packageid=60858...
C-Arbre 0.6PR7 - ROOT_PATH Remote File Inclusion
C-Arbre 0.6PR7 - ROOTPATH Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV78$2007 ----------------------------------------------------------------------------------------- ECHOADV78$2007 C-Arbre = 0.6PR7 rootpath Remote File Inclusion...
Mozilla Firefox 2.0.0.2 - Document.Cookie Path Argument Denial of Service
Mozilla Firefox 2.0.0.2 - Document.Cookie Path Argument Denial of Service source: https://www.securityfocus.com/bid/22879/info Mozilla Firefox is prone to a remote denial-of-service vulnerability. An attacker may exploit this vulnerability to cause Mozilla Firefox to crash, resulting in...
Opera 9.10 - .jpg Image DHT Marker Heap Corruption
Opera 9.10 - .jpg Image DHT Marker Heap Corruption Opera JPEG processing - Heap corruption vulnerabilities ======================================================= Date..: 8th September 2006 31th October 2006 update 3rd November 2006 update 5th January 2007 public release...
Madwifi 0.9.2.1 - SIOCGIWSCAN Buffer Overflow (Metasploit)
Madwifi 0.9.2.1 - SIOCGIWSCAN Buffer Overflow Metasploit Madwifi remote kernel exploit 100% reliable, does'nt crash wifi stack, can exploit same target multiple times Julien TINNES Laurent BUTTI vuln in giwscancb, here's the path: ieee80211ioctlgiwscan - ieee80211scaniterate - staiterate -...
Teamtek Universal FTP Server - Multiple Commands Remote Denial of Service Vulnerabilities
Teamtek Universal FTP Server - Multiple Commands Remote Denial of Service Vulnerabilities source: https://www.securityfocus.com/bid/21085/info Universal FTP Server is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle exceptional conditions. An...
D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit)
D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow Metasploit $Id: dlinkwifirates.rb 9670 2010-07-03 03:19:07Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more...
Coppermine Photo Gallery 1.4.9 - SQL Injection
Coppermine Photo Gallery 1.4.9 - SQL Injection !/usr/bin/php ?php / Coppermine Photo Gallery 1.4.9 Remote SQL Injection Vulnerability Note: Requires a valid user account. Usage: php script.php host path table prefix user id username password Usage Example: php script.php domain.com /coppermine/...
QK SMTP 3.01 - RCPT TO Remote Buffer Overflow (1)
QK SMTP 3.01 - RCPT TO Remote Buffer Overflow 1 / . \ \ \ \ | | / | | | | \ / / /\ \ / \ | \ / / / / 25\10\06 / || / / mm. dM8 YMMMb. dMM8 YMMMMb dMMM' YMMMb dMMMP There are doors I have yet to open YMMM MMM' windows I have yet to look through "MbdMP Going forward may not be the answer...
LoCal Calendar 1.1 - lcUser.php Remote File Inclusion
LoCal Calendar 1.1 - lcUser.php Remote File Inclusion +------------------------------------------------------------------------------------------- local Calendar System v1.1 lcUser.php Remote File Include --------------------------------------------------------------------------------------------...
Solaris 10 libnspr - LD_PRELOAD Arbitrary File Creation Privilege Escalation (1)
Solaris 10 libnspr - LDPRELOAD Arbitrary File Creation Privilege Escalation 1 !/bin/sh $Id: raptorlibnspr,v 1.1 2006/10/13 19:12:12 raptor Exp $ raptorlibnspr - Solaris 10 libnspr oldschool local root Copyright c 2006 Marco Ivaldi Local exploitation of a design error vulnerability in version 4.6....
n@board 3.1.9e - naboard_pnr.php Remote File Inclusion
n@board 3.1.9e - naboardpnr.php Remote File Inclusion n@board v3.1.9e, 3.1.8cgb ,3.1.8tc skin Remote File Include Vulnerability Turkish Hacker's Discovered By : mdx and TheBatHacker ------------------------------------------------------ Cyber-Warrior TIM Ay ve Y.ld.zlar Geceye Yak...r... the moon...
phpQuiz 0.1 - pagename Remote File Inclusion
phpQuiz 0.1 - pagename Remote File Inclusion SolpotCrew Community phpQuiz v0.01 design and coding byJule Slootbeek pagename Remote File Inclusion Download file : http://www.furor-normannicus.de/phpQuiz/download/phpQuiz.zip Bug Found By :Solpot a.k.a k. Hasibuan 14-09-2006 contact:...
phpBB Shadow Premod 2.7.1 - Remote File Inclusion
phpBB Shadow Premod 2.7.1 - Remote File Inclusion --------------------------------------------------------------------------- Shadow Prémod = 2.7.1 phpbbrootpath Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn...