SendCard <= 3.4.0 Unauthorized Administrative Access Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo SendCard = 3.4.0 unauthorized administrative access / remote commands\n; echo execution exploit\n; echo by rgod [email protected]\n; echo site: http://retrogod.altervista.org\n; echo dork: \Powered by sendcard - an...

ArcadeBuilder Game Portal Manager 1.7 - Remote SQL Injection Vuln

No description provided by source. --==+================================================================================+==-- --==+ Game Portal Manager v1.7 SQL Injection Vulnerability +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZ...

E-Uploader Pro <= 1.0 Image Upload with Code Execution Vulnerability

No description provided by source. ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+ +:+:+ +:+ ++...

BolinTech Dream FTP Server 1.0 User Name Format String Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/9600/info It has been reported that Dream FTP Server may be prone to a remote format string vulnerability when processing a malicious request from a client for a username during FTP authentication. The issue could crash t...

ONECMS 2.5 - SQL Injection Vulnerability

No description provided by source. Exploit Title: ONECMS v2.5 SQL INJECTION Date: 05.03.2010 Author: Ctacok and .:melkiy:. Software Link: http://sourceforge.net/projects/onecms/ Version: 2.5 Tested on: Ubuntu 9.10 Apache2+PHP5 !/usr/bin/perl use LWP::Simple; print \n; print \n; print ONECMS v2.5...

DigitalHive <= 2.0 RC2 (user_id) Remote SQL Injection Exploit

No description provided by source. !-- Hive v2.0 RC2 Remote SQL Injection c0ded by j0j0 -- html head style type=text/css body margin:3%; font-size:10px; color:FFFFFF; font-family:Verdana,Arial; background-color:1a1a1a; text-align: center; input background:303030; color:FFFFFF;...

Sourcebans <= 1.4.2 Arbitrary Change Admin Email Vulnerability

No description provided by source. Sourcebans PHP sb-callback.php Author: Mr. Anonymous ------ Vendor:http://www.sourcebans.com Affected Versions: = 1.4.2 ----- Exploit sb-callback lines 185-204: ------------- function ChangeEmail$aid, $email ...SNIP... $GLOBALS'db'-ExecuteUPDATE .DBPREFIX.admins...

aradblog - Multiple Vulnerabilities

No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub10-aradblog-multiple-remote-vulnerabilities/ ''' Abysssec Inc Public Advisory Title : aradBlog Multiple...

WAnewsletter 2.1.2 - SQL Injection Vulnerability

No description provided by source. ================================================ WAnewsletter v 2.1.2 SQL Injection Vulnerability ================================================ Exploit Title: WAnewsletter v 2.1.2 SQL Injection Vulnerabilitie Date: 23/09/2010 Author: BrOx-Dz Author:...

Billwerx RC 3.1 - Multiple Vulnerabilities

No description provided by source. Billwerx RC v3.1 Multiple Vulnerabilities Found By: mrme Download: http://www.billwerx.com/download.php Tested On: Windows Vista Note: For educational purposes only XSS POC: A regular employee can embed javascript code that could be executed within the context o...

easycms <= 0.4.2 - Multiple Vulnerabilities

No description provided by source. --==+================================================================================+==-- --==+ easyCMS = 0.4.2 Multiple Remote Vulnerabilitys +==-- --==+================================================================================+==-- Discovered By: t0pP8u...

freediscussionforums 1.0 - Multiple Vulnerabilities

No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-14-freediscussionforums-multiple-remote-vulnerabilities/ ''' Abysssec Inc Public Advisory Title :...

SCO Open Server <= 5.0.5 'userOsa' symlink Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/701/info Under certain versions of SCO OpenServer there exists a symlink vulnerability which can be exploited to overwrite any file which is group writable by the 'auth' group. The problem in particular is in the the...

PHP-Nuke 7.x Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/18186/info PHP-Nuke is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include...

ActiveKB <= 1.5 Insecure Cookie Handling/Arbitrary Admin Access

No description provided by source. --==+================================================================================+==-- --==+ ActiveKB = 1.5 Insecure Cookie Handling/Arbitrary Admin Access +==-- --==+================================================================================+==--...

Greatclone GC Auction Platinum 'category.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30389/info GC Auction Platinum is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

PHPortfolio SQL Injection Vulnerbility

No description provided by source. Exploit Title: SQL Injection Vulnerbility in PHP Portfolio Google Dork: Powered by PHPortfolio Date: 23/5/2011 Author: lionaneesh Software Link: http://outshine.com/phportfolio/ http://www.outshine.com/software/phportfolio/intro.php Risk Level : High A hacker ca...

XtremeASP PhotoGallery 2.0 Adminlogin.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9438/info XtremeASP PhotoGallery is prone to an SQL injection vulnerability. The issue is reported to exist in the administration login interface, which does not sufficiently sanitize user-supplied input for username and...

statcountex 3.1 - Multiple Vulnerabilities

No description provided by source. Software Link: http://www.2enetworx.com/dev/projects/download.asp?pid=4&rid=34 Version: 3.1 Tested on: Windows xp sp3 ------------------------------------------------------ | | | | | | | | /| ' \ / \ ' \ / /| ' \ | | | | | | / | | | | | | | | | || || ||||...

Ruby on Rails <= 2.3.5 'protect_from_forgery' Cross Site Request Forgery Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37322/info Ruby on Rails is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions, gain unauthorized access to the affected...

realm cms <= 2.3 - Multiple Vulnerabilities

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: Realm CMS Multiple Vulnerabilities Lead to Admin Access. Vendor: www.realmproject.com Vulnerable Version: 2.3 and prior versions Exploit: Available Impact: High Fix: N/A Original Advisory:...

Philboard 1.14 philboard_admin.ASP Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7739/info A vulnerability has been discovered in the 'philboardadmin.asp' script used by Philboard. The problem occurs during authentication and may allow an attacker to gain unauthorized administrative access. The issue...

Solaris in.telnetd TTYPROMPT - Buffer Overflow

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

KDPics <= 1.11 (exif.php lib_path) Remote File Include Vulnerability

No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- KDPics = Remote File Include Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Discovered by AsTrex Rif Hackers Team...

Talkie Bluetooth Video iFiles 2.0 iOS - Multiple Vulnerabilities

No description provided by source. Title: ====== Talkie Bluetooth Video iFiles 2.0 iOS - Multiple Vulnerabilities Date: ===== 2013-08-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1062 VL-ID: ===== 1063 Common Vulnerability Scoring System:...

SimpGB 1.46.2 admin/emoticonlist.php l_emoticonlist Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/25808/info SimpGB is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script cod...

Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/1780/info Share level password protection for the File and Print Sharing service in Windows 95/98/ME can be bypassed. Share level access provides peer to peer networking capabilities in the Windows 9x/ME environment. It...

Grayscale BandSite CMS 1.1 help_merch.php the_band Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive informatio...

Sun JDK 1.1.x,Sun JRE 1.1.x Listening Socket Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1545/info A set of flaws in multiple vendors' Java implementation allows a malicious applet to open a listening socket to accept network connections against the security policy. Java applications use the...

OpenBB 1.0.x member.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. The SQL issues may...

PowerDVD 8.0 '.m3u' and '.pls' File Multiple Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/30341/info PowerDVD is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting these issues may allow remote attackers to...

HP-UX <= 11.11 lpd Remote Command Execution Exploit (meta)

No description provided by source. This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artisti...

Microsoft ASP.NET 1.0/1.1 RPC/Encoded Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14217/info ASP.NET is susceptible to a remote denial of service vulnerability. This issue is due to the possibility of causing an infinite loop on the server when handling RPC/encoded requests. This issue presents itself...

ftp admin 0.1.0 (lfi/xss/ab) Multiple Vulnerabilities

No description provided by source. FTP Admin v0.1.0 - MULTIPLE VULNERABILITIES by Omni 1 Infos --------- Date : 2007-11-28 Product : FTP Admin Version : v0.1.0 Vendor : http://sourceforge.net/projects/ftpadmin/ Vendor Status : 2007-11-30 Informed! Description : FTP admin is a web-based user...

Cyclope Internet Filtering Proxy 4.0 - Stored XSS Vuln.

No description provided by source. !/usr/bin/python Title: Cyclope Internet Filtering Proxy 4.0 - Stored XSS Vuln. From: The eh?-Team || The Great White Fuzz we're not sure yet Found by: loneferret Software link: http://www.cyclope-series.com/download/index.aspx?p=2 Date Found: Oct 20th 2011 Test...

OmniHTTPd 1.1/2.0.x/2.4 test.shtml Sample Application XSS

No description provided by source. source: http://www.securityfocus.com/bid/5568/info Cross site scripting vulnerabilities have been reported in multiple sample scripts including with OmniHTTPD. In particular, test.shtml and test.php contain errors. This type of vulnerability may be used to steal...

Symphony CMS 2.1.2 - Blind SQL Injection

No description provided by source. -------------------------------------------------------------------------------------------- 20110424 - Justanotherhacker.com : Symphony-cms blind sql injection JAHx111 - http://www.justanotherhacker.com/advisories/JAHx111.txt...

Multiple Stored XSS in Mayan-EDMS web-based document management OS system

No description provided by source. Exploit Title: Multiple Stored XSS Software: Maya EDMS Software Link: http://www.mayan-edms.com/downloads/Mayan%20EDMS%20v0.13.ova Version: 0.13 - latest Author: Dolev Farhi, email: dolevatopenflaredotorg @f1nhack Date: 21.5.2014 Tested on: Kali Linux Vendor...

Achievo <= 1.3.4 - SQL Injection

No description provided by source. Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ SQL Injection in Achievo 1. Advisory Information Title: SQL Injection in Achievo Advisory ID: BONSAI-2009-0102 Advisory URL:...

PostNuke 0.72 Modules.PHP Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5809/info A cross site scripting vulnerability has been reported for PostNuke. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied HTML and script code may be...

PHP-Nuke 5.x/6.0/6.5 BETA 1 Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/6244/info everal cross site scripting vulnerabilities have been reported for PHP-Nuke. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied HTML and script cod...

LinBit Technologies LINBOX Officeserver Remote Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10010/info It has been reported that LINBOX is prone to a remote authentication bypass vulnerability. This issue is due to a design error that would allow access to web based administration scripts without proper...

Xerver HTTP Server <= 4.32 - Remote Denial of Service

No description provided by source. Xerver HTTP Server = v4.32 Remote Denial of Service Found By: DrIDE Download: http://www.javascript.nu/xerver Tested On: Windows XPSP3 - Description - Xerver v4.32 is a Windows based HTTP server. This is the latest version of the application available. Xerver...

Compaq Web-Based Management Agent Access Violation Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8015/info Compaq Web-Based Management Agent has been reported prone to a remote denial of service vulnerability when handling malformed GET requests. The resulting error reports an access violation, effectively causing th...

Fujitsu Web-Based Admin View 2.1.2 - Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30780/info Fujitsu Web-Based Admin View is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the application's HTTP server...

interactive story 1.3 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3028/info Interactive Story is a web-based application written in Perl and is distributed as freeware. Interactive Story does not filter '../' sequences from user input submitted to a hidden file called 'next'. Remote...

phpPgAdmin <= 4.2.1 (_language) Local File Inclusion Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ dunatstrcpy.pl phpPgAdmin = 4.2.1 Local File Inclusion Vulnerability Script: phpPgAdmin is a web-based administratio...

DNSTools 2.0 Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4617/info DNSTools is a web based managment tool for DNS information. It is implemented in PHP, and available for Linux and Solaris. A vulnerability has been reported in some versions of DNSTools which allows any remote...

Webmin 0.x Script Code Input Validation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4329/info Webmin is a web-based interface for system administration of Unix and Linux operating systems. Webmin does not filter script code from output that may be displayed by the web interface, such as log files, etc...

eXtropia bbs_forum.cgi 1.0 - Remote Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2177/info bbsforum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and maintenance of web-based threaded discussion forums. Version 1.0 of bbsforum.cgi fails to properly validate user-supplied...