Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2007/08/05 12:0 a.m.3700 views

Vulnerability in coWiki

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в coWiki. XSS: Уязвимость в главном скрипте в параметре q. http://site/?cmd=srchdoc&q=223E3Cscript3Ealertdocument.cookie3C/script3E Дополнительная информация о данной уязвимости у меня на сайте:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/04/25 12:0 a.m.3689 views

Ahhp(php)-Portal Remote File Inclusion

Ahhp-Portal Remote File Inclusion SЭTE:www.ahhope.org Demo:http://xinan.ahtcm.edu.cn Demo2http://www.hfspaq.gov.cn Vul Code: ? if $sc=='' include$fp.".php"; else include$sc."/".$fp.".php"; ? ------------------------------------------------ example: http://site/page.php?fp=r57shell?...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2008/08/15 12:0 a.m.3631 views

Step-by-step instructions for debugging Cisco IOS using gdb

Step-by-step instructions for debugging IOS using gdb - Andy Davis, 2008 iosftpexploit "at" googlemail dot com: I have been asked by many people for a simple step-by-step guide for setting up an IOS exploit development environment, which includes connecting to a Cisco router using gdb, so here...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2009/07/18 12:0 a.m.3628 views

PulseAudio local race condition privilege escalation vulnerability

------------------------------------------------------------------------ PulseAudio local race condition privilege escalation vulnerability ------------------------------------------------------------------------ Yorick Koster, June 2009...

7.2CVSS6.5AI score0.00736EPSS
Exploits6
securityvulns
securityvulns
added 2009/04/03 12:0 a.m.3231 views

glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit

?php / glFusion = 1.1.2 COMapplyFilter/cookies remote blind sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.glfusion.org/ google dork: "Page created in" "seconds by glFusion" +RSS Found another vector of injection in...

7.9AI score
Exploits0
securityvulns
securityvulns
added 2006/09/12 12:0 a.m.3136 views

уязвимости во многих популярных движках из за некоректной работы файловых функций языка PHP

уязвимость например имеет место быть в таких популярных форумах как phpBB и punBB, удачная эксплуатация происходит при подмене пути загрузки аватары, и загрузки аватары с PHP кодом например в EXIF заголовке. КОД: copy'1.jpg', "./dirforupload/1.php0"."/2.jpg"; или copy'1.jpg',...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/01/02 12:0 a.m.2996 views

SEC Consult SA-20111230-0 :: Critical authentication bypass in Microsoft ASP.NET Forms - CVE-2011-3416

SEC Consult Vulnerability Lab Security Advisory 20111230-0 ======================================================================= title: Microsoft ASP.NET Forms Authentication Bypass product: Microsoft .NET Framework vulnerable version: Microsoft .NET Framework Version:4.0.30319; ASP.NET...

8.5CVSS6.3AI score0.45576EPSS
Exploits2
securityvulns
securityvulns
added 2009/03/24 12:0 a.m.2872 views

PHPizabi v0.848b C1 HFP1 proc.inc.php remote privilege escalation (php.ini independent)

-------------------------------------------------------------------------------- PHPizabi v0.848b C1 HFP1 proc.inc.php remote privilege escalation php.ini independent by Nine:Situations:Group::bookoo -------------------------------------------------------------------------------- our site:...

8AI score
Exploits0
securityvulns
securityvulns
added 2007/01/04 12:0 a.m.2764 views

Hacking AJAX DWR Applications

By Guy Karlebach & Amichai Shulman Introduction The introduction of AJAX into a web application improves the user experience significantly. However, the complexity of some AJAX frameworks and the limited field experience with them requires a careful examination of potential vulnerabilities. DWR i...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/10/16 12:0 a.m.2684 views

многочисленные уязвимости в WoltLab Burning Book <=1.1.2

сайт прозводителя: woltlab.de уязвима версия 1.1.2 и возможно более раннии уязвимость носит критический характер файл addentry.php движка содержит код: whilelist$key,$val=each$POST $$key=$val; данные переданные методом POST не проверяются, в результате чего имеется возможность подменить глобальны...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2003/06/05 12:0 a.m.2622 views

PHP XSS exploit in phpinfo()

PHP XSS exploit in phpinfo by Silent Needle A: BACKGROUNDfrom php.net int phpinfo int what Outputs a large amount of information about the current state of PHP. This includes information about PHP compilation options and extensions, the PHP version, server information and environment if compiled ...

5.6AI score
Exploits0
securityvulns
securityvulns
added 2008/02/12 12:0 a.m.2500 views

Simple Machines Forum "SMF Shoutbox" Mod Persistent XSS

Simple Machines Forum "SMF Shoutbox" Mod 1.16b-1.14 Reference: http://custom.simplemachines.org/mods/index.php?mod=412 Bug:Persistent XSS SMF Shoutbox is a popular shoutbox mod for Simple Machines Forum.The content of a post variable used to hold the user shout is stored in the database and then...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2000/11/21 12:0 a.m.2388 views

En: ubb hole

----- Original Message ----- From: tdf To: [email protected] Sent: Monday, November 20, 2000 2:46 PM Subject: ubb hole ----------------------------------------------------------------------------------- Ultimate Bulletin Board - Private forums security hole, by tdf [email protected]...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/12/01 12:0 a.m.2315 views

contentserv 4.x

ContentServ again still features remote reading of arbitrary files ==================================================================== ContentServ is a cms and "cross media publishing" software. Let me quote from their website: "At ContentServ, there is always something happening. We continously...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2008/03/19 12:0 a.m.2189 views

CORE-2008-0123: Leopard Server Remote Path Traversal

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Leopard Server Remote Path Traversal Advisory Information Title: Leopard Server Remote Path Traversal Advisory ID: CORE-2008-0123 Advisory URL:...

8.5CVSS9.4AI score0.03134EPSS
Exploits3
securityvulns
securityvulns
added 2005/07/25 12:0 a.m.2188 views

ECI router login bypass

Title: ECI router verification bypass and DoS Date: 24/07/2005 Impact: Log in verification bypass Vendors Status: Not contacted they were mean to me Overview: The B-FOCuS Router 312+ provides users with a reliable and secured ADSL2+ connection to the Internet. The 312+ has a single Ethernet port...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/12/23 12:0 a.m.2159 views

Multiple Remote Vulnerabilities in KISGB

Advisory 15 Title: Multiple Remote Vulnerabilities in KISGB Author: 0ozeuso0 Arturo Z. Contact: [email protected] Website: www.diosdelared.com Date: 22/12/06 Risk: critical Vendor Url: http://sourceforge.net/projects/kisgb, http://ravenphpscripts.com Affected Software: Keep It Simple Guest Boo...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.2145 views

TORNADO Computer Trading CMS - SQL Injection Vulnerability

Document Title: =============== TORNADO Computer Trading CMS - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1489 Release Date: ============= 2015-05-05 Vulnerability Laboratory ID VL-ID: ====================================...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2002/08/16 12:0 a.m.2130 views

CERN Proxy Server: Cross-Site Scripting Vulnerability

CERN Proxy Server: Cross-Site Scripting Vulnerability ===================================================== Affected: CERN HTTPD 3.0A http://www.w3.org/Daemon/Activity.html Vendor Status: CERN httpd team [email protected] was notified on Aug 10, 2001 but they did not respond. Exploit:...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2012/08/13 12:0 a.m.2105 views

iAuto Mobile Application 2012 - Multiple Web Vulnerabilities

Title: ====== iAuto Mobile Application 2012 - Multiple Web Vulnerabilities Date: ===== 2012-07-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=658 VL-ID: ===== 658 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ===========...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/10/19 12:0 a.m.2073 views

CS-Forum 0.82 (ajouter.php) Remote File Include Vulnerability

CS-Forum 0.82 ajouter.php Remote File Include Vulnerability Source Code: http://www.comscripts.com/jump.php?action=script&id=643 Vulnerable Code: include"$include/footer.php"; Exploit : http://www.vicTim.com/CS-Forum/ajouter.php?include=shell.txt? Discoverd By : Mahmoodali Conatact : mahk2000 at...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2012/05/01 12:0 a.m.2069 views

mysqldumper1.24.4_LFI_XSS_CSRF_PHPEXEC_TRAVERSAL_INFO_DISCLOS

================================================================================================ Vulnerable Software: MySQLDumper Version 1.24.4 Downloaded from: http://sourceforge.net/projects/mysqldumper/files/ MD5 SUM: b62357a0d5bbb43779d16427c30966a1 MySQLDumper1.24.4.zip...

8.2AI score
Exploits0
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.2001 views

POC & exploit for Apache mod_rewrite off-by-one

Public release date of POC/Exploit: 2006-08-20 Author: Jacobo Avariento Gimeno CVE id: CVE-2006-3747 Bugtraq id: 19204 CERT advisory: VU395412 Severity: high Introduction ---- On July 28 2006 Mark Dowd McAfee Avert Labs reported a vulnerability found in modrewrite apache module to the bugtraq...

7.6CVSS9.6AI score0.96436EPSS
Exploits20
securityvulns
securityvulns
added 2006/06/02 12:0 a.m.1955 views

ASP Discussion Forum Like the one on FreeVBCode.com Remote XSS Exploit

----------------------------------------------------------------------------- - ASP Discussion Forum Like the one on FreeVBCode.com Remote XSS Exploit - -= http://colander.altervista.org/advisory/ASPDisc.txt =- ----------------------------------------------------------------------------- -= ASP...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2006/12/01 12:0 a.m.1906 views

[Full-disclosure] deV!L`z Clanportal - Arbitrary File Upload [061124b]

/ -061124b- | deV!Lz Clanportal - Arbitrary File Upload | / S Y N O P S I S / =================' - access: remote severity: high - deV!Lz Clanportal allows nearly arbitrary files to be uploaded and stored on the server's filesystem, which enables anyone, even without a user account, to upload PHP...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2015/05/12 12:0 a.m.1903 views

Encaps PHP/Flash Gallery 2.3.22s Database Puffing Up Exploit

Hi guys, ref: http://www.milw00rm.com/exploits/5179 !/usr/bin/perl -w Title : Encaps PHP/Flash Gallery 2.3.22s Database Puffing Up Exploit Vendor : http://www.encaps.net Download : http://sourceforge.net/projects/encapsnet/files/ Author : ZoRLu / [email protected] Website : milw00rm.com /...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2009/04/01 12:0 a.m.1880 views

glFusion <= 1.1.2 COM_applyFilter()/order sql injection exploit

?php / glFusion = 1.1.2 COMapplyFilter/order sql injection exploit by Nine:Situations:Group::bookoo working against Mysql = 4.1 php.ini independent our site: http://retrogod.altervista.org/ software site: http://www.glfusion.org/ google dork: "Page created in" "seconds by glFusion" +RSS...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2006/06/02 12:0 a.m.1878 views

abarcar Realty Portal SQL Injection Vulnerability

abarcar Realty Portal SQL Injection Vulnerability SpC-x Credit : SpC-X Site : http://www.Cyber-security.org Code : http://www.target.com/path/content.php?cat=SQL Example : http://www.abarcar.com/content.php?cat=SQL /SpC-x -- Get your free email from http://mymail.bsdmail.com...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/09/05 12:0 a.m.1859 views

Sana Net (viewnews.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Sana Net viewnews.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.sana-net.com/ Persian Gulf 4 Ever! Dork : "inurl:viewnews.php?id=" " " Exploite:...

2.9AI score
Exploits0
securityvulns
securityvulns
added 2006/11/02 12:0 a.m.1849 views

tikiwiki 1.9.5 mysql password disclosure & xss

/==========================================/ //tikiwiki version 1.9.5 CVS -Sirius- PoC // Product: Tikiwiki // URL: http://tikiwiki.org/ // RISK: critical /==========================================/ there's a critical security bug in tikiwiki version 1.9.5 CVS -Sirius- a anonymous user , can dum...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2007/11/25 12:0 a.m.1803 views

vBTube v1.1 - Beta ( Vbulletin Tube) Xss Vulnerable

-------------------------------------------------------------------------------------- title : vBTube v1.1 - Beta Vbulletin Tube Xss Vulnerable Author : CrackersChild [email protected] Exploit : vBTube.php?do=search&search=scriptalertdocument.cookie/script Dork : inurl:vBTube.php...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2013/12/30 12:0 a.m.1752 views

iOS applications multiple seucrity vulnereabilities

Multiple application with remote data access are vulnerable...

5CVSS2.4AI score0.01072EPSS
Exploits4References43Affected Software39
securityvulns
securityvulns
added 2006/06/02 12:0 a.m.1746 views

Squirrelmail local file inclusion

Squirrelmail local file inclusion bug in functions/plugin.php . Tested on the latest 1.4.x version. No authentication needed. if isset$plugins && isarray$plugins foreach $plugins as $name useplugin$name; ... function useplugin $name if fileexistsSMPATH . "plugins/$name/setup.php" includeonceSMPAT...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2005/11/04 12:0 a.m.1706 views

[SA17409] Serv-U FTP Server Potential Denial of Service Vulnerability

TITLE: Serv-U FTP Server Potential Denial of Service Vulnerability SECUNIA ADVISORY ID: SA17409 VERIFY ADVISORY: http://secunia.com/advisories/17409/ CRITICAL: Moderately critical IMPACT: DoS WHERE: From remote SOFTWARE: Serv-U FTP Server 6.x http://secunia.com/product/5878/ DESCRIPTION: A...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2015/05/17 12:0 a.m.1671 views

Web India Solutions CMS 2015 - SQL Injection Vulnerability

Document Title: =============== Web India Solutions CMS 2015 - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1495 Release Date: ============= 2015-05-13 Vulnerability Laboratory ID VL-ID: ====================================...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2003/11/05 12:0 a.m.1633 views

Advisories: CSS in PHP Photo Album by John Beatty ver. 1.0

+-----------------------------+ Advisories: CSS in PHP Photo Album by John Beatty ver. 1.0 Author: nimber [email protected] Date: 4.11.2003 +-----------------------------+ Vendor: John Beatty Version: 1.0 and older versions? +-----------------------------+ Problem: There is a danger of performance...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2009/06/30 12:0 a.m.1625 views

SIPS v0.2.2 Remote File Inclusion Vulnerability

/=============================================================================================================================================== | | o SIPS v0.2.2 Remote File Inclusion Vulnerability | | Software : SIPS v0.2.2 | Vendor : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip |...

1AI score
Exploits0
securityvulns
securityvulns
added 2007/09/19 12:0 a.m.1618 views

OpenSSH privilege escalation

Invalid usage of X11 cookies...

7.5CVSS3.2AI score0.02374EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2008/03/20 12:0 a.m.1591 views

CA BrightStor ARCserve Backup r11.5 AddColumn() 0day ActiveX Remote Buffer Overflow Exploit

HTML !-- CA BrightStor ARCserve Backup r11.5 AddColumn 0day ActiveX Remote Buffer Overflow Exploit Bug discovered by Krystian Kloskowski h07 [email protected] Tested on: - CA BrightStor ARCserve Backup r11.5 ftp://ftp.ca.com/priv/trial/BABr11/BABLDr115/BABLDr115.zip - IE 6 - XP SP2 Polish Details:...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2005/06/24 12:0 a.m.1587 views

Local Root exploit (Fedora Core 4)

Local Root Exploit under Fedora Core 4 stable Advisory Florian Strankowski [email protected] www.bildunxxluecke.de/usr/florian/advisory/advisory-05-048.txt Vulnerable System : This vulnerability affects Fedora Core 4.0 stable with the kernelversion 2.6.11-1.1369FC4 1 Thu Jun 2 22:53:35...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2014/06/02 12:0 a.m.1575 views

JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001]

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: JavaMail Vendor: Oracle CSNC ID: CSNC-2014-001 CVD ID: none Subject: SMTP Header Injection via method setSubject Risk: Medium Effect: Remotely exploitable Author: Alexandre Herzog [email protected] Date:...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2008/09/30 12:0 a.m.1569 views

Novell ZENWorks for Desktops Version 6.5 Remote (Heap-Based) PoC

tested on IE 6 and IE 7 IE 8 Beta1 is up to urself :P worked well but no shell ! cuz its just a PoC stupid u may do some research and put the shell in the hell, anyway, have fun ------------------------------------ [email protected] ------------------------------------ html head titleNovell...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2009/11/22 12:0 a.m.1562 views

IE7

!-- securitylab.ir [email protected] -- !DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" HTML xmlns="http://www.w3.org/1999/xhtml" HEAD script function load var e; e=document.getElementsByTagName"STYLE"0; e.outerHTML="1";...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/08/10 12:0 a.m.1541 views

Web Design Sydney (news-item.php?id) (news-item.php?newsid) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Web Design Sydney news-item.php?id news-item.php?newsid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.milkdigital.com.au/ Persian Gulf 4 Ever! Dork : "web design sydney...

2.9AI score
Exploits0
securityvulns
securityvulns
added 2006/10/30 12:0 a.m.1518 views

ArticleBeach Script <= 2.0 Remote File Inclusion Vulnerability

------------------------------------------------------------------------------ ArticleBeach Script = 2.0 page Remote File Inclusion Vulnerability ------------------------------------------------------------------------------ Author : Zeni Susanto a.k.a Bithedz Date Found : October, 22th 2006...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/02/27 12:0 a.m.1516 views

Удаленный отказ в обслуживании сетевого оборудования Compex

Удаленный отказ в обслуживании сетевого оборудования Compex Класс уязвимости: Удаленный DOS Описание: Удаленный пользователь может вызвать отказ в обслуживании сетевого оборудования Compex с установленным и активированным агентом UConfig активирован по-умолчанию. Уязвимость присутствует в дизайне...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2009/11/09 12:0 a.m.1510 views

ToutVirtual VirtualIQ Multiple Vulnerabilities

Secure Network - Security Research Advisory Vuln name: ToutVirtual VirtualIQ Pro Multiple Vulnerabilities Systems affected: ToutVirtual VirtualIQ Professional 3.2 build 7882 Systems not affected: -- Severity: High Local/Remote: Remote Vendor URL: http://www.toutvirtual.com Authors: Alberto Triver...

5CVSS0.4AI score0.99708EPSS
Exploits23
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.1490 views

SEC Consult SA-20130311-0 :: Persistent cross-site scripting in jforum

SEC Consult Vulnerability Lab Security Advisory 20130311-0 ======================================================================= title: Persistent cross-site scripting vulnerability product: jforum vulnerable version: 2.1.9 fixed version: - impact: medium homepage: http://jforum.net/ found:...

6.5AI score
Exploits0
securityvulns
securityvulns
added 2009/07/09 12:0 a.m.1488 views

CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures 1. Advisory Information Title: WordPress Privileges Unchecked in admin.php and Multip...

5CVSS6.6AI score0.85EPSS
Exploits18
securityvulns
securityvulns
added 2009/05/25 12:0 a.m.1481 views

ChinaGames (CGAgent.dll) ActiveX Remote Code Execution Exploit

function test var shellcode =...

3.3AI score
Exploits0
Total number of security vulnerabilities5000