SurfControl SuperScout Email Filter 3.5 User Credential Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5929/info SurfControl SuperScout Email Filter comes with a web-based interface to provide remote access to administrative facilities. One of the files userlist.asp that comes with the web interface contains a listing of...

SurfControl SuperScout Email Filter 3.5 MsgError.ASP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5928/info SurfControl SuperScout Email Filter comes with a web-based interface to provide remote access to administrative facilities. The web-based admin interface is prone to cross-site scripting attacks. It is possible ...

Aigaion <= 1.2.1 (DIR) Remote File Include Vulnerabilities

No description provided by source. Software:Web based bibliography management system Download link: http://sourceforge.net/projects/aigaion/ script:basicfunctions.php author: navairum...

Comersus Cart 7.0.7 comersus_customerAuthenticateForm.asp redirectUrl XSS

No description provided by source. source: http://www.securityfocus.com/bid/24562/info Comersus Cart is affected by multiple input validation vulnerabilities. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the...

CMScout 2.08 SQL Injection Vulnerability

No description provided by source...

Jax Guestbook 3.50 Page Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17560/info Jax Guestbook is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browse...

UltraISO <= 8.6.2.2011 (Cue/Bin Files) Local Buffer Overflow PoC

No description provided by source. !/usr/bin/perl Credit:To n00b for finding this bug and writing poc. Ultra ISO stack over flow poc code. Ultra iso is exploitable via opening a specially crafted Cue file..There is A limitation that the user must have the bin file in the same dir as the cue file...

Mobius <= 1.4.4.1 (browse.php id) Remote SQL Injection Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ dunatstrcpy.pl Mobius = 1.4.4.1 Remote SQL Injection Vulnerability Script: Mobius Web Publishing Software Script sit...

Sun/Oracle GlassFish Server Authenticated Code Execution

No description provided by source. $Id: glassfishdeployer.rb 13485 2011-08-04 17:36:01Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

PHPNuke Splatt Forum 4.0 Module HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7484/info A problem with Splatt Forum could allow remote users to execute arbitrary code in the context of the web site running the Splatt Forum module. The problem occurs due to the lack of sanitization performed on...

Py-Membres 4.x Secure.PHP Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8499/info A vulnerability has been reported for Py-Membres that allows remote attackers to obtain administrative privileges on vulnerable installations. Reportedly, Py-Membres does not fully check some URI parameters. Thu...

MyVideoConverter 2.15 - Local DoS

No description provided by source. Exploit Title: MyVideoConverter Local DoS Date: April 5, 2010 Software Link: http://www.ivideogo.com/ Version: 2.15 Tested on: Windows XP SP3 Author: anonymous !/usr/bin/perl my $file = hmm.vro; my $null = \x00; open FILE, $file; print FILE $null; print Done...

John Donoghue Knapster 0.9/1.3.8 File Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1186/info Various open source clones of the Napster software package have a vulnerability by which users may view files on a machine running a vulnerable Napster clone client. The file access is limited to files accessibl...

Bee-hive 1.2 - Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/18654/info Bee-hive is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to have an arbitrary remote...

TikiWiki 1.9 tiki-lastchanges.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/18143/info TikiWiki is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

AIX 5.1 Bellmail Local Race Condition Exploit Exploit

No description provided by source. -bash-2.05b$ -bash-2.05b$ cat xaix5bellmail.pl !/usr/bin/perl FileName: xaix5bellmail.pl Exploit Race condition vulnerability BUGTRAQ ID: 8805 of /usr/bin/bellmail command on Aix5 to change any file owner to current user. Usage : xaix5bellmail.pl aimfile aimfile...

MySQL 5.0.x - IF Query Handling Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23911/info MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain specially crafted queries. An attacker can exploit this issue to crash the application, denying access to legitimate...

BSDI 3.0/3.1 Possible Local Kernel Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3220/info It has been reported that there is a locally exploitable vulnerability in BSDI. It is allegedly possible for a userland process to cause the kernel to halt. This may be due to a bad system call. / BSDiv3.0/3.1...

PumpKIN TFTP Server 2.7.2.0 - Denial of Service Exploit (meta)

No description provided by source. require 'msf/core' class Metasploit3 Msf::Auxiliary include Msf::Exploit::Remote::Udp def initializeinfo = superupdateinfoinfo, 'Name' = 'PumpKIN TFTP Server DoS', 'Description' = %q PumpKIN TFTP Server 2.7.2.0 eventually reaches a DoS condition when provided wi...

Trawler Web CMS <= 1.8.1 - Multiple Remote File Include Vulnerabilities

No description provided by source. trawler = 1.8.1 Remote File Inclusion Download Source : http://harald-kampen.de/trawler1.8.1.zip Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg @irc.dal.net exploit;...

Mambo Open Source 4.6 Itemid Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9588/info It has been reported that Mambo Open Source may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in a user's browser. The issue exists in...

Plain Old Webserver 0.0.7/0.0.8 Firefox Extension Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22502/info Plain Old Webserver is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue may allow an attacker to access sensitive informatio...

GetSimple 2.01 LFI

No description provided by source. Exploit Title: GetSimple 2.01 LFI Date: 4/5/2010 Author: Batch Software Link: http://www.box.net/get-simple Version: 2.01 Special Conditions: Must be admin. Code : ... get file if fileexists$GET'file' readfile$GET'file', 'r'; exit;...

FarsiNews 2.1 Loginout.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16440/info FarsiNews is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary...

Oracle 8i TNS Listener Local Command Parameter Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4413/info Oracle 8i is a powerful relational database product. It is available for Windows, Linux, and a wide range of Unix operating systems. A vulnerability has been reported with some versions of Oracle 8i for Linux. A...

Vestel TV 42pf9322 - Denial of Service

No description provided by source. !/usr/bin/python Exploit Title: Vestel TV Denial of Service DoS Attack Exploit Author: HackerSofi - [email protected] Date: 12/09/2013 CVE Number: Vendor Homepage: http://www.vestel.com/ Description: Some TV's Has Communication Port. Vestel 42pf9322 Models TV...

SimpGB 1.0 Guestbook.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12801/info SimpGB is reportedly affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input passed to the 'guestbook.php' script before using it in a S...

ZipItFast PRO 3.0 - Heap Overflow Exploit

No description provided by source. !/usr/bin/perl --------------------------------------------------------------------------- Exploit: ZipItFast PRO v3.0 Heap-Overflow Author: b33f - http://www.fuzzysecurity.com/ OS: Windows XP SP1 DOS POC: C4SS!0 G0M3S = http://www.exploit-db.com/exploits/17512/...

WinAmp 5.63 - Invalid Pointer Dereference

No description provided by source. Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: WinAmp Vendor URL: www.winamp.com Type: Pointer Issues CWE-465 Date found: 2013-06-05 Date published: 2013-07-01 CVSSv2 Score: 4,4 AV:L/AC:M/Au:N/C:P/I:P/A:...

Kingsoft WebShield KAVSafe.sys <= 2010.4.14.609 (2010.5.23) - Kernel Mode Local Priv. Escalation

No description provided by source. / Kingsoft WebShield KAVSafe.sys = 2010.4.14.6092010.5.23 Kernel Mode Local Privilege Escalation Vulnerability VULNERABLE PRODUCTS Kingsoft WebShield = 3.5.1.2 2010.5.23 Signature Date: 2010-5-23 2:33:54 And KAVSafe.sys = 2010.4.14.609 Signature Date2010-4-14...

ddrLPD 1.0 Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/39904/info ddrLPD is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. ddrLPD 1.0 is vulnerable; other versions m...

phpCoupon Remote Payment Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25116/info phpCoupon is prone to a remote payment-bypass vulnerability because the application fails to properly secure PayPal payment transactions. Successfully exploiting this issue allows remote attackers to perform...

DigitalHive 'mt' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37697/info DigitalHive is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

KDE 3.0.x KPF Icon Option File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5951/info A vulnerability has been discovered in the kpf file sharing utility. KDE is available for the Linux operating system. It has been reported that by passing a malicious file request to kpf, it is possible for a...

Astaro Security Linux 6.0 01 HTTP CONNECT Unauthorized Access Weakness

No description provided by source. source: http://www.securityfocus.com/bid/14665/info Astaro Security Linux is prone to a weakness that may allow remote attackers to connect to arbitrary ports on a vulnerable computer. This weakness may be combined with other attacks to exploit latent...

Easy Icon Maker 5.01 - Crash PoC

No description provided by source. Exploit Title: Easy Icon Maker Version 5.01 Crash Poc vulnerability Date: 28-04-2013 Exploit Author: Asesino04 Vendor Homepage: link Software Link: http://www.icon-maker.com/iconmaker.exe Version: 5.01 & old versions Tested on: Windows 7 Introduction :...

Oracle 10g Secure Enterprise Search 'search_p_groups' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35681/info Oracle Database is prone to a cross-site scripting vulnerability that affects the Secure Enterprise Search component. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

DelphiTurk CodeBank 3.1 - Local Username and Password Disclosure

No description provided by source. / DelphiTurk CodeBank Local Exploit Application: DelphiTurk CodeBank 3.1 and previous versions Procuder: Delphiturk.com Vulnerable Description: Delhiturk CodeBank discloses username and password to local users. Coded by: Kozan Web: www.netmagister.com Mail:...

EVA-Web 2.1.2 article-album.php3 debut_image Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/18161/info EVA-Web is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

Pine <= 4.56 Remote Buffer Overflow Exploit

No description provided by source. / Mon Sep 15 09:35:01 CEST 2003 remote? Pine = 4.56 exploit by sorbo sorbox yahoo com darkirco Ok won't talk much about the bug since as usual idefense advisories are proper advisories and explain everything... exploiting the bug is trivial after reading the adv...

Blue Coat Reporter 7.0/7.1 License HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13725/info Blue Coat Reporter is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...

Interactivefx.ie CMS SQL Injection Vulnerability

No description provided by source. ================================================ Interactivefx.ie CMS SQL Injection Vulnerability ================================================ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ ...

HP-UX FTPD <= 1.1.214.4 "REST" Remote Brute Force Exploit

No description provided by source. / Author: phased /str0ke / include sys/types.h include sys/socket.h include netinet/in.h include arpa/inet.h include netdb.h include stdio.h include unistd.h int main int argc, char argv int sock, rc; long int i; struct sockaddrin saddr; struct hostent h; char...

Horde Multiple Product - week.php timestamp Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/29365/info Horde Kronolith is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

EVA-Web 2.1.2 rubrique.php3 date Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/18161/info EVA-Web is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

News Module for Envolution modules.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/15857/info Envolution is prone to multiple input validation vulnerabilities. Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft ...

UBB.Threads 6.3 Showflat.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16520/info UBB.Threads is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...

celerbb 0.0.2 - Multiple Vulnerabilities

No description provided by source. Salvatore drosophila Fresta + Application: CelerBB + Version: 0.0.2 + Website: http://celerbb.sourceforge.net/ + Bugs: A Multiple SQL Injection B Information Disclosure C Authenticaion Bypass + Exploitation: Remote + Date: 05 Mar 2009 + Discovered by: Salvatore...

Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5786/info The servlet 'org.apache.catalina.servlets.DefaultServlet' is included with Apache Tomcat by default. It is possible to use this servlet to view contents of files within the webroot. This includes JSP source code...

Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)

No description provided by source. Palo Alto Network Vulnerability - Cross-Site Scripting XSS ------------------------------ Class: Cross-Site Scripting XSS Vulnerability CVE: CVE-2010-0475 Remote: Yes Local: Yes Published: May 11, 2010 08:30AM Timeline:Submission to MITRE: 1/18/2010 Vendor...