Online Grades Attendance 3.2.6 - Blind SQL Injection

Online Grades Attendance 3.2.6 - Blind SQL Injection !/usr/bin/perl || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH!...

SiteX 0.7.4.418 - THEME_FOLDER Local File Inclusion

SiteX 0.7.4.418 - THEMEFOLDER Local File Inclusion =-=-local file include-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-= script:SiteX074build418.zip ------------------------------------------------- Author: ahmadbady my site :Coming Soon =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=...

vBulletin vbBuxvbPlaza 2.x - vbplaza.php Blind SQL Injection

vBulletin vbBuxvbPlaza 2.x - vbplaza.php Blind SQL Injection --==+======================================================================================================================+==-- --==+ vBulletin vbBux/vbPlaza : 48 = 0 120 = x NOTE: You'll need to be logged into the forum to exploit...

projectCMS 1.1b - Multiple Vulnerabilities

projectCMS 1.1b - Multiple Vulnerabilities || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH!...

Joomla! Component com_bookJoomlas 0.1 - SQL Injection

Joomla! Component combookJoomlas 0.1 - SQL Injection Salvatore "drosophila" Fresta + Application: Joomla Component combookjoomlas + Version: 0.1 + Website: http://www.alikonweb.it + Bugs: A SQL Injection + Exploitation: Remote + Dork: inurl:"index.php?option=combookjoomlas" + Date: 06 Apr 2009 +...

taifajobs 1.0 - jobid SQL Injection

taifajobs 1.0 - jobid SQL Injection \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV103$2009 ----------------------------------------------------------------------------------------- ECHOADV103$2009 taifajobs = 1.0 jobid Remote SQL Injection Vulnerability...

BusinessSpace 1.2 - id SQL Injection

BusinessSpace 1.2 - id SQL Injection \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV102$2009 ----------------------------------------------------------------------------------------- ECHOADV102$2009 BusinessSpace = 1.2 id Remote SQL Injection Vulnerability...

Ghostscript 8.64 - gdevpdtb.c Local Buffer Overflow

Ghostscript 8.64 - gdevpdtb.c Local Buffer Overflow Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer. Exploiting this issue allows remote attackers to overwrite a sensitive...

GNUBoard 4.31.04 (09.01.30) - Multiple LocalRemote Vulnerabilities

GNUBoard 4.31.04 09.01.30 - Multiple LocalRemote Vulnerabilities GNUBoard V4.31.04 09.01.30 Multiple Local/Remote Vulnerability bY [email protected] / SIR GNUBoard VERSION 4.31.04 09.01.30is a widely used bulletin board system of Korea. It is freely available for all platforms that supports PHP...

D-Bus Daemon 1.2.4 - libdbus Denial of Service

D-Bus Daemon 1.2.4 - libdbus Denial of Service / cve-2008-3834.c D-Bus Daemon Denial of Service http://jon.oberheide.org Usage: $ gcc pkg-config dbus-1 --cflags cve-2008-3834.c pkg-config dbus-1 --libs -o cve-2008-3834 $ ./cve-2008-3834 Information:...

DMXReady Secure Document Library 1.1 - SQL Injection

DMXReady Secure Document Library 1.1 - SQL Injection Title : DMXReady Secure Document Library http://target/path/applications/SecureDocumentLibrary/incsecuredocumentlibrary.asp Edit -...

Viart shopping cart 3.5 - Multiple Vulnerabilities

Viart shopping cart 3.5 - Multiple Vulnerabilities =============================================================== !vuln ViArt Shopping Cart v3.5 is prone to multiple remote vulnerabilities. Earlier versions may also be affected. ===============================================================...

Linux Kernel 2.6.26.4 - SCTP Kernel Memory Disclosure

Linux Kernel 2.6.26.4 - SCTP Kernel Memory Disclosure / cve-2008-4113.c Linux Kernel http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4113 The sctpgetsockopthmacident function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp...

Linux Kernel 2.6.27.8 - ATMSVC Local Denial of Service

Linux Kernel 2.6.27.8 - ATMSVC Local Denial of Service / cve-2008-5079.c Linux Kernel http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5079: net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service kernel infinite loop b...

Net-SNMP 5.1.45.2.45.4.1 Perl Module - Buffer Overflow (PoC)

Net-SNMP 5.1.45.2.45.4.1 Perl Module - Buffer Overflow PoC !usr/bin/perl -w Buffer overflow in the snprintvalue function in snmpget in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via ...

SFS EZ BIZ PRO - SQL Injection

SFS EZ BIZ PRO - SQL Injection | | | EZ BIZ PRO track.php id Remote SQL Injection Vulnerability | | |-------------------- IQ-SecuritY ------------------- | | Author: Hussin X | | Home : WwW.IQ-ty.CoM | | email: darkangelg85atYahooDoTcom | | | | script :...

CJ Ultra Plus 1.0.4 - Cookie SQL Injection

CJ Ultra Plus 1.0.4 - Cookie SQL Injection !/usr/bin/perl CJ Ultra Plus GretzZz 2: pronoobz.org - Wesker, China Sun and all other memberZz "SID='UNION SELECT b12 from settings/"; $ua = LWP::UserAgent-new; $ua-timeout10; $ua-envproxy; $ua-agent"Mozilla/5.0 Windows; U; Windows NT 5.1; nl; rv:1.8.1....

Postfix 2.4.92.5.52.6-20080902 - .forward Local Denial of Service

Postfix 2.4.92.5.52.6-20080902 - .forward Local Denial of Service / http://www.wekk.net/research/CVE-2008-4042/CVE-2008-4042-exploit.c http://www.wekk.net/research/CVE-2008-3889/CVE-2008-3889-exploit.c Exploit for Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used...

CitectSCADA ODBC Server - Remote Stack Buffer Overflow (Metasploit)

CitectSCADA ODBC Server - Remote Stack Buffer Overflow Metasploit $Id: citectscadaodbc.rb This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Affiliate Directory - id SQL Injection

Affiliate Directory - id SQL Injection || | | Affiliate Directory id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | | script :...

Coppermine Photo Gallery 1.4.18 - Local File Inclusion Remote Code Execution

Coppermine Photo Gallery 1.4.18 - Local File Inclusion Remote Code Execution authenticate; ... 301. // Process language selection if present in URI or in user profile or try 302. // autodetection if default charset is utf-8 303. if !empty$GET'lang' 304. 305. $USER'lang' = ereg"^a-z0-9-$",...

WordPress Plugin Download Manager 0.2 - Arbitrary File Upload

WordPress Plugin Download Manager 0.2 - Arbitrary File Upload WORDPRESS PLUGIN DOWNLOAD MANAGER 0.2 REMOTE FILE UPLOAD SaO BiyoSecurityTeam || www.biyosecurity.com Plugin URI: http://giulioganci.netsons.org/downloads-manager Local File milw0rm.com 2008-07-24...

Oracle Internet Directory 10.1.4 - Remote Denial of Service

Oracle Internet Directory 10.1.4 - Remote Denial of Service !/usr/bin/python """ Oracle Internet Directory 10.1.4 preauthentication Denial Of Service NOTES: Under 32 bits platforms it crashes immediately. Under 64 bits it may take even hours. Sometimes you need 2 shoots to crash OID completely. T...

Aprox CMS Engine 5.1.0.4 - index.php SQL Injection

Aprox CMS Engine 5.1.0.4 - index.php SQL Injection Viva IslaM Viva IslaM Remote SQL injection Vulnerability Aprox CMS Engine V5.1.0.4 index.php page AuTh0r : Mr.SQL H0ME : WwW.PaL-HaCkEr.CoM && WwW.AtsDp.CoM/f Email : [email protected] SYRIAN Arab HACkErS -: Exploite :-...

Pluck CMS 4.5.1 (Windows) - blogpost Local File Inclusion

Pluck CMS 4.5.1 Windows - blogpost Local File Inclusion www.BugReport.ir AmnPardaz Security Research Team Title: Pluck Local File inclusion Vendor: http://www.pluck-cms.org Bug: Local File Inclusion Vulnerable Version: 4.5.1 prior versions also may be affected Exploitation: Remote with browser Fi...

facebook newsroom CMS 0.5.0 Beta 1 - Remote File Inclusion

facebook newsroom CMS 0.5.0 Beta 1 - Remote File Inclusion Facebook Newsroom Application Remote File Inclusion Vulnerability Discovered by : Ciph3r MAIL : [email protected] SP tanx4: Iranian hacker & Kurdish security TEAM sp TANX2: milw0rm.com & google.com & sourceforge.net CMS download :...

Linksys WRT54G Firmware 1.00.9 - Security Bypass (2)

Linksys WRT54G Firmware 1.00.9 - Security Bypass 2 | l/ l j| \ / \ | \l j| \ | T l j| \ | | / \ | ' / | T | YY Y| o | T | Yl/ | | T | Y| jY Y | \ | | | | || Q || / | | | | || j | | | | || l | O | | Y | | | | || || | | | | | || / | | | | | || | | | . | j l | | |l || | j l | | || || T j l | | || T ...

FubarForum 1.5 - index.php Local File Inclusion

FubarForum 1.5 - index.php Local File Inclusion Name : FubarForum v1.5 Local File Inclusion Vulnerability Author : cOndemned Dork : for ex. "Powered by FubarForum v1.5" Greetz : TBH, GregStar, ZaBeaTy, irk4z, Hawk, Sandtalker & Avantura ; Source : // index.php 5. if !empty$GET'page' $page =...

Pre News Manager 1.0 - id SQL Injection

Pre News Manager 1.0 - id SQL Injection \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV97$2008 ----------------------------------------------------------------------------------------- ECHOADV97$2008 Pre News Manager = 1.0 index.php id Sql Injection...

AppServ Open Project 2.5.10 - appservlang Cross-Site Scripting

AppServ Open Project 2.5.10 - appservlang Cross-Site Scripting source: https://www.securityfocus.com/bid/29291/info AppServ Open Project is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

MPlayer 1.0 rc2 - sdpplin_parse() Array Indexing Buffer Overflow (PoC)

MPlayer 1.0 rc2 - sdpplinparse Array Indexing Buffer Overflow PoC !/usr/bin/perl Huston, mplayer got some vulns! : CVE-2008-0073 also apply to mplayer and vlc with some distinctions. Assuming kernel.varandomize=0 this overwrite EIP with a "stream" structure on my box. The first element of the...

WebcamXP 3.72.4404.05.280 Beta - pocketpc?camnum Arbitrary Memory Disclosure

WebcamXP 3.72.4404.05.280 Beta - pocketpc?camnum Arbitrary Memory Disclosure source: https://www.securityfocus.com/bid/27875/info webcamXP is prone to multiple information-disclosure and denial-of-service vulnerabilities because it fails to check user-supplied input data. Attackers can exploit...

PortalApp 4.0 - SQL Injection Cross-Site Scripting Authentication Bypass

PortalApp 4.0 - SQL Injection Cross-Site Scripting Authentication Bypass Title: PortalApp 4.0 Multiple vulnerabilities Discovered By: r3dm0v3 http://r3dm0v3.persianblog.ir r3dm0v3 4t yahoodotcom Tehran - Iran Vendor: http://www.portalapp.com Vulnerable Version: 4.0, prior versions maybe vulnerabl...

Vantage Linguistics AnswerWorks 4 - API ActiveX Control Buffer Overflow

Vantage Linguistics AnswerWorks 4 - API ActiveX Control Buffer Overflow Vantage Linguistics AnswerWorks 4 API ActiveX Control Buffer Overflow Exploit function Check var buf = 'A'; while buf.length = 214 buf = buf + 'A'; // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378...

PHP 5.x COM - Safe Mode Disable Functions Bypass

PHP 5.x COM - Safe Mode Disable Functions Bypass sounds good //The windows version of PHP has built in support for this extension. You do not need to //load any additional extension in order to use these functions. //You are responsible for installing support for the various COM objects that you...

Joomla! Component JContentSubscription 1.5.8 - Multiple Remote File Inclusions

Joomla! Component JContentSubscription 1.5.8 - Multiple Remote File Inclusions JContentSubscription Joomla Component 1.5.8 Multiply Remote File Include Vulnerability Component : comjcs version 1.5.8 - payable component Dicovered by : NoGe Contact : [email protected]...

Airsensor M520 - HTTPd Remote Denial of Service Buffer Overflow (PoC)

Airsensor M520 - HTTPd Remote Denial of Service Buffer Overflow PoC !/usr/bin/perl -w Airsensor M520 HTTPD Remote Preauth Denial Of Service and Buffer Overflow PoC The vulnerability is caused due to an unspecified error in the cgis files filter used for configure propierties. This can be exploite...

RW::Download 2.0.3 lite - index.php?dlid SQL Injection

RW::Download 2.0.3 lite - index.php?dlid SQL Injection RW::Download v2.0.3 lite - Remote SQL Injection Vendor : http://www.rwscripts.com/ Ditemukan oleh : k1tk4t - k1tk4t4tnewhack.org Lokasi : Indonesia -- newhackdotorg @ irc.dal.net Dork : "Powered by RW::Download v2.0.3 lite"...

Coppermine Photo Gallery 1.31.4 - YABBSE.INC.php Remote File Inclusion

Coppermine Photo Gallery 1.31.4 - YABBSE.INC.php Remote File Inclusion source: https://www.securityfocus.com/bid/25243/info Coppermine Photo Gallery is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an...

Oracle 9i10g - Evil Views Change Passwords

Oracle 9i10g - Evil Views Change Passwords -- -- bunkerview.sql -- -- Oracle 9i/10g - evil view exploit CVE-2007-3855 -- Uses evil view to perform unauthorized password update -- -- by Andrea "bunker" Purificato - http://rawlab.mindcreations.com -- 37F1 A7A1 BB94 89DB A920 3105 9F74 7349 AF4C BFA...

eMeeting Online Dating Software 5.2 - SQL Injection

eMeeting Online Dating Software 5.2 - SQL Injection --==+================================================================================+==-- --==+ eMeeting Online Dating Software 5.2 SQL Injection Vulnerbilitys +==--...

e-Vision CMS 2.02 - SQL Injection Remote Code Execution

e-Vision CMS 2.02 - SQL Injection Remote Code Execution !/usr/bin/php -q -d shortopentag=on ...need i say more? Bug 2 admin/functions.php: if isset$COOKIE'adminlang' $languageselector = $COOKIE'adminlang'; else $languageselector = "en"; include"lang/".$languageselector.".php"; ...speaks for it se...

Jetbox CMS 2.1 - viewsupplynews Multiple Cross-Site Scripting Vulnerabilities

Jetbox CMS 2.1 - viewsupplynews Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/23999/info Jetbox CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow...

XOOPS Module MyConference 1.0 - index.php SQL Injection

XOOPS Module MyConference 1.0 - index.php SQL Injection !/usr/bin/perl Script Name: XOOPS Module MyConference 1.0 index.php Remote BLIND SQL Injection Exploit Coded by : ajann Author : ajann Contact : : Dork : "inurl:/modules/myconference/" S.Page :...

XOOPS Module WF-Section 1.01 - articleId SQL Injection

XOOPS Module WF-Section 1.01 - articleId SQL Injection !/usr/bin/perl Script Name: XOOPS Module WF-Section : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; print "User ID uid: "; $id = ; chop...

PHP 5.1.6 - Imap_Mail_Compose() Remote Buffer Overflow

PHP 5.1.6 - ImapMailCompose Remote Buffer Overflow source: https://www.securityfocus.com/bid/23234/info PHP is prone to a buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. An attacker ca...

MangoBery CMS 0.5.5 - quotes.php Remote File Inclusion

MangoBery CMS 0.5.5 - quotes.php Remote File Inclusion Mangobery-0.5.5 Found by kezzap66345 Script Page:http://mangobery.sourceforge.net/ Demo Site:http://mangobery.beryllium.ca/ Script Download:http://sourceforge.net/project/showfiles.php?groupid=63834&packageid=60858...

WarFTP 1.65 - USER Remote Buffer Overflow

WarFTP 1.65 - USER Remote Buffer Overflow include include include define VULNSERVER "WAR-FTPD 1.65" define VULNCMD "\x55\x53\x45\x52\x20" define ZERO '\x00' define NOP '\x90' define VULNBUFF 485 define BUFFREAD 128 define PORT 21 define LENJMPESP 4 / WARFTP - VERSION 1.65 WarFTP Username...

McGallery 0.5b - download.php Arbitrary File Download

McGallery 0.5b - download.php Arbitrary File Download Piker McGallery 0.5b Arbitrary File Download Vulnerability Affected software: McGallery 0.5b Vendor: http://sourceforge.net/projects/mcgallery/ Dork: allintitle: "MCgallery 0.5b" http://target/path/download.php?filename=main.php Found by Piker...

Premod SubDog 2 - includesthemen_portal_mitte.php?phpbb_root_path Remote File Inclusion

Premod SubDog 2 - includesthemenportalmitte.php?phpbbrootpath Remote File Inclusion source: https://www.securityfocus.com/bid/22912/info Premod SubDog 2 is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing...