WordPress 2.x PHP_Self Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23027/info WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

Joomla Component JA Voice com_javoice LFI vulnerability

No description provided by source. !===========================================================================! Joomla Component JA Voice LFI vulnerability Author : kaMtiEz [email protected] Homepage : http://www.indonesiancoder.com Date : 9 april, 2010...

phpCMS 1.1.7 include/class.cache_phpcms.php PHPCMS_INCLUDEPATH Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...

GeeCarts - show.php id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/28470/info GeeCarts is prone to multiple input-validation vulnerabilities, including remote file-include and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issu...

Atomix MP3 Malformed MP3 File Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23756/info Atomix MP3 is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issu...

FormMail-Clone Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6570/info FormMail-clone is allegedly prone to cross-site scripting attacks. The FormMail-clone script does not sufficiently sanitize HTML tags and script code. As a result, a remote attacker may construct a malicious lin...

win32/PerfectXp-pc1/sp3 (Tr) Add Admin Shellcode 112 bytes

No description provided by source. Title : win32/PerfectXp-pc1/sp3 Tr Add Admin Shellcode 112 bytes Author : KaHPeSeSe Screenshot : http://i53.tinypic.com/289yamq.jpg Desc. : usr: kpss , pass: 12345 , localgroup: Administrator Tested on : PERFECT XP PC1 / SP3 Date : 18/07/2011 Not : a.q kpss :...

jetAudio 7.1.9.4030 plus vx - (.m3u) Local Stack Overflow (SEH)

No description provided by source. + Vulnerability : jetAudio v 7.1.9.4030 plus vx .m3u Local Stack Overflow + Detected by : HACK4LOVE http://www.milw0rm.com/exploits/9359 + Product : jetAudio + Versions affected : 7.1.9.4030 plus vx +...

Web Wiz Forums 9.68 SQLi Vulnerability

No description provided by source. ========================================= Web Wiz Forums 9.68 SQLi Vulnerability ========================================= Name : Web Wiz Forums 9.68 SQLi Vulnerability Date : june, 9 2010 Vendor url :http://www.webwiz.co.uk/webwizforums/ Platform: Windows...

S.u.S.E 6.4/7.0/7.1/7.2 Berkeley Parallel Make Shell Definition Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3572/info Parallel Make pmake is a freely available version of the make program, originally distributed with Berkeley Unix. It is designed to execute Makefiles and build programs. pmake is not typically setuid root,...

Xine-Lib 0.99 Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10890/info It is reported that the xine media library is affected by a remote buffer overflow vulnerability. This issue can allow a remote attacker to gain unauthorized access to a vulnerable computer. xine-lib rc-5 and...

InterScan Web Security Virtual Appliance 5.0 - Arbitrary File Download

No description provided by source...

DCP-Portal <= 6.11 Remote SQL Injection Exploit

No description provided by source. !/usr/bin/php -q ?php echo DCP Portal = 6.11 Remote SQL Injection Exploit\r\n; echo Coded by x0kster -x0ksterATgmailDOTcom - \r\n; / Note : Magic Quotes = 0 Script Download : http://www.dcp-portal.org/ Bug in index.php : ?php //index.php ... 60. $sql = SELECT id...

Adobe Reader 9.3.2 (CoolType.dll) Remote Memory Corruption / DoS Vulnerability

No description provided by source. / Title: Adobe Reader 9.3.2 CoolType.dll Remote Memory Corruption / DoS Vulnerability Summary: Adobe Reader software is the global standard for electronic document sharing. It is the only PDF file viewer that can open and interact with all PDF documents. Use Ado...

MyBB Forum Userbar Plugin (Userbar 2.2) - SQL Injection

No description provided by source. ?--------------------------------------------------------------------- Exploit Title : MyBB Forum Userbar Plugin Userbar v2.2 --------------------------------------------------------------------- Author : MarioVs Date : 10/10/2011 Site : http://mariovs.pl/ @ :...

PHP-Fusion Local File Inclusion Vulnerability

No description provided by source. Exploit Title: PHP-Fusion Local File Includes Vulnerability Date: 2010/08/15 Author: MoDaMeR Email: [email protected] My Sites : www.v4-team.com & www.hackteach.org Script home: http://www.phpfusion-ar.com download Script:...

Elite Gaming Ladders 3.5 - SQL Injection Vulnerability (ladder[id])

No description provided by source. - Elite Gaming Ladders v3.5 SQL Injection Vulnerability - ---Date : 2010-06-19 ---Author : ahwak2000 ---Email : z.u5athotmail.com - Script Info - ---Home : http://eliteladders.com/ - Vulnerability - http://site.com/path/standings.php?ladderid=SQL INj...

Dokeos LMS <= 1.6.4 (authldap.php) Remote File Include Exploit

No description provided by source...

Webvizyon SayfalaAltList.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18899/info Webvizyon is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...

Dell Kace 1000 SMA 5.4.70402 - Persistent XSS Vulnerabilities

No description provided by source...

Windows 98/XP/ME UPnP NOTIFY Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/3723/info Universal Plug and Play, or UPnP, is a service that allows for hosts to locate and use devices on the local network. UPnP support ships with Windows XP and ME. For Windows 98 and 98SE, it is available with Windo...

WinRAR 2.90/3.0/3.10 Archive File Extension Buffer Overrun Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6664/info A vulnerability has been discovered in WinRAR. The problem occurs when the affected application opens an archive containing a file with an overly long file extension. It has been reported that it is possible for...

All to All Audio Convertor 2.0 - Files Stack Overflow PoC

No description provided by source. ! /usr/bin/python All to All Audio Convertor files stack overflow poc Credit : ItSecTeam mail : [email protected] Web: WwW.ITSecTeam.com Forum: WwW.forum.itsecteam.com Special Tanks : PLATEN - [email protected] - B3hz4d - Cdef3nder EAX 10624DD3 ECX 00000000 EDX 012200C0...

Destiny Media Player 1.61 - (lst File) Local Buffer Overflow PoC

No description provided by source. Destiny Media Player lst file Buffer overflow PoC By:Encrypt3d.M!nd I'am Iraqian...Not Arabian Well,i've tried to write an exploit for this shit but i couldn't the address after the NEW eip will over written,if anyone knows how to exploit this,be my guest chars ...

Jasmine CMS 1.0 - SQL Injection/Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ?php errorreporting0; inisetmaxexecutiontime,0; inisetdefaultsockettimeout,5; if $argc4 print -------------------------------------------------------------------------\r\n; print Jasmine CMS 1.0 SQL Injection/Remote Code...

Gentoo Webapp-Config 1.10 Insecure File Creation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13780/info Gentoo webapp-config is prone to an insecure file creation vulnerability. This issue is due to a design error that causes the application to fail to verify the existence of a file before writing to it. An...

Tekno.Portal Bolum.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18216/info Tekno.Portal is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could...

WiFiles HD 1.3 iOS - File Inclusion Vulnerability

No description provided by source. Document Title: =============== WiFiles HD v1.3 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1214 Release Date: ============= 2014-02-22 Vulnerability Laboratory ID VL-ID:...

PHPMyAdmin 2.x Convcharset Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12982/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the 'convcharset' parameter. phpMyAdmin versions prior to 2.6.2-rc1 are affected by this...

kawf <= 1.0 (main.php) Remote File Include Vulnerability

No description provided by source. kawf config Remote File Include --------------------------------------------------------------------------------------------- Kawf is a web forum written in PHP4 using MySQL v. 1.0 and all below...

LinkPal 1.0 - SQL Injection Vulnerability

No description provided by source. Tybe: Auth Bypass Remote SQL Injection Vulnerability Vendor:www.datachecknh.com ? ? Software:LinkPal v1.0 ? Price $$9.95 One-time fee ? author: R3d-D3v!L ? ? Date: 15.d3c.2009 ?T!ME: 08:14 p//\ ? Home: www.Xp10.Me ? ? E-MaiL : [email protected]...

Matt Wright FormMail 1.x Cross-Site Request Forgery Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2080/info FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user. A web server can use a remote site's FormMail script without authorization, using remote syste...

CLUB Nuke 2.0 - Multiple SQL-Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19442/info CLUB-Nuke is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise...

ImgSvr 0.6 Template Parameter Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24853/info ImgSvr is prone to a local file-include vulnerability because it fails to sanitize user-supplied input. Attackers may exploit this issue to access files that may contain sensitive information. UPDATE December 2...

WebWiz Forums Search_form.ASP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16196/info WebWiz Forums is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...

QPopper 4.0.x PopAuth Trace File Shell Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3710/info Qpopper is a freely available, open source Post Office Protocol server. It is maintained and distributed by Qualcomm. When popauth is executed with the trace option, it does not correctly handle user-supplied...

CommuniCrypt Mail 1.16 SMTP ActiveX Stack Buffer Overflow

No description provided by source. $Id: communicryptmailactivex.rb 9933 2010-07-26 19:30:02Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

ForumJBC 4.0 Haut.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19992/info ForumJBC is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverge this issue to have arbitrary script code execute in the browser of...

Mercur 5.0 - IMAP SP3 SELECT Buffer Overflow

No description provided by source. $Id: mercurimapselectoverflow.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

Claroline <= 1.8.3 $_SERVER['PHP_SELF'] Parameter Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/24742/info Claroline is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the brows...

AlefMentor 2.0 <= 5.0 - (id) Remote SQL Injection Vulnerability

No description provided by source...

Yahoo! Messenger 8.1 KDU_V32M.DLL - Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25330/info Yahoo! Messenger is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. This issue affects Yahoo!...

NewLife Blogger <= 3.0 Insecure Cookie Handling / SQL Injection Vuln

No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= NewLife Blogger = v3.0 / Insecure Cookie Handling & SQL Injection Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= $ Program: NewLife...

Rhythmbox (.m3u) Local Crash PoC

No description provided by source...

Apache Tomcat Remote Exploit (PUT Request) and Account Scanner

No description provided by source. ISOWAREZ RELEASE By KINGCOPE - YEAR 2012 -== Apache Tomcat Remote Exploit and Account Scanner ==- the modified pnscan scanner utility scans a range of IPs to find open apache tomcat servers by trying the following login access combinations: tomcat:tomcat...

sonicwall email security 7.3.5 - Multiple Vulnerabilities

No description provided by source...

Orenosv HTTP/FTP Server 0.5.9 HTTP GET Denial of Service Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/10420/info Orenosv HTTP/FTP server is prone to a denial of service vulnerability that may occur when an overly long HTTP GET request is sent to the server. When the malicious request is handled, it is reported that both t...

PHP Poll Creator 1.0.1 Poll_Vote.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13760/info PHP Poll Creator is affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side...

WebText <= 0.4.5.2 - Remote Code Execution Exploit

No description provided by source. ? //Kacper Settings $exploitname = WebText = 0.4.5.2 Remote Code Execution Exploit; $scriptname = WebText 0.4.5.2; $scriptsite = http://www.webtext.pl/?go=download; $dork = 'Powered by WebText'; // print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+:...

X10Media Mp3 Search Engine < 1.6.2 Admin Access Vulnerability

No description provided by source. THUNDER Product: X10media Mp3 Search Engine v1.x Admin Access Vulnerability Author : THUNDER t4hathotmail.fr File : admin/admin.php Vulnerable Code / User not an administrator, redirect to main page automatically. / if!$session-isAdmin headerLocation: ../main.ph...