EmuMail 5.0 Web Root Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5823/info Emumail is an open source web mail application. It is available for the Unix, Linux, and Microsoft Windows operating systems. Under some conditions, Emumail may reveal sensitive configuration information. When...

php live helper <= 2.0.1 - Multiple Vulnerabilities

No description provided by source. GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper = 2.0.1 Risk : Multiple Vulnerabilities Description: PHP Live Helper is an online support system written in php that allows...

wwwstats 3.21 Clickstats.PHP Multiple HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/26759/info The 'wwwstats' program is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to execute HTML and...

Netsweeper WebAdmin Portal Multiple Vulnerabilities

No description provided by source...

Juniper Netscreen 5.0 VPN Username Enumeration Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14595/info The Juniper Netscreen VPN implementation will identify valid usernames in IKE aggressive mode, when pre-shared key authentication is used. This allows for attackers to obtain a list of valid VPN users. With a...

chCounter <= 3.1.3 - SQL Injection Vulnerability

No description provided by source. !/usr/bin/python Exploit Title: chCounter = 3.1.3 SQLInjection Date: 2010/11/18 Author: Matias [email protected]. Software Link: http://chcounter.org/chCounter3/getfile.php?id=5 Version: 3.1.3 Tested on: Ubuntu Server 10.04 with apache...

ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux)

No description provided by source. $Id: proftptelnetiac.rb 11525 2011-01-09 23:33:24Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

Kayako LiveResponse 2.0 index.php Calendar Feature Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14425/info Kayako LiveResponse is prone to multiple cross-site scripting, SQL injection, and HTML injection vulnerabilties. These issues are all related to input validation errors. The cross-site scripting and HTML...

Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5 RASMAN Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/645/info Any authenticated NT user ie domain user can modify the pathname for the RASMAN binary in the Registry. The next time the RAS Service is started, the trojan service referenced by the RASMAN pathname will be...

DewNewPHPLinks 2.1.0.1 LFI

No description provided by source. local file include Author: ItSecTeam download from:http://www.dew-code.com/components/comjooget/file/dew-newphplinks.v.2.1.0.1b.sef.zip script:DewNewPHPLinks 2.1.0.1 lfi vul1:/path/docs/add-cats.php $lang=$GET'lang'; if$lang!='' include ../include/lang/$lang.php...

Webutil 2.3/2.7 - 'webutil.pl' Multiple Remote Command Execution Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/28393/info Webutil is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately sanitize user-supplied input. Successful...

Audacity <= 1.2 (.gro File) Universal BOF Exploit (egg hunter)

No description provided by source. !/usr/bin/env python Audacity = 1.2 .gro universal buffer overflow exploit Author: mrme Download: http://audacity.sourceforge.net/download/ Tested on Wind0ws XP sp3 & Vist@ Greetz fly to Muts and the offensive-security team also to my wonderful partner Vanessa F...

PHP-Nuke 6.x/7.x Your_Account Module Avatarcategory Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13010/info It is reported that the PHP-Nuke 'YourAccount' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This...

Microsoft Internet Explorer 5/6 Cookie Disclosure/Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3513/info Internet Explorer contains a vulnerability, which could allow an attacker to construct a URL that would display or modify the cookie information associated with an arbitrary website. If a URL is composed in the...

Audacious Player 3.4.2/3.4.1 - (.mp3) Crash PoC

No description provided by source. Exploit Title: Audacious Player 3.4.2/3.4.1 Windows .mp3 - Crash POC Date: 26.11.2013 Exploit Author: Akin Tosunlar Software Link3.4.2: http://distfiles.audacious-media-player.org/audacious-3.4.2-win32.zip Software Link3.4.1:...

True North Software Internet Anywhere Mail Server 3.1.3 RETR DoS

No description provided by source. source: http://www.securityfocus.com/bid/982/info Submitting a RETR command with a message ID argument longer than 10 numeric characters will result in a crash of the Internet Anywhere Mail Server. A Doctor Watson error message will appear reporting an access...

FTP Now <= 2.6.14 Local Password Disclosure Exploit

No description provided by source. / FTP Now v2.6.14 Local Password Disclosure Exploit by Kozan Application: FTP Now v2.6.14 and prior versions Vendor:www.network-client.com Vulnerable Description: FTP Now v2.6.14 discloses passwords to local users. Discovered & Coded by: Kozan Credits to ATmaCA...

Rakkarsoft RakNet 2.33 Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13862/info Rakkarsoft RakNet is affected by a remote denial of service vulnerability. Reportedly, the vulnerability presents itself when the library handles an empty UDP packet. RakNet 2.33 and prior versions released...

VMware ESX 2.x Multiple Information Disclosure Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/19249/info VMware ESX is prone to multiple information-disclosure vulnerabilities. These issues are due to a design error in the application. The following issues were reported: 1. An information disclosure vulnerability...

SePortal 2.5 - SQL Injection Vulnerabilty

No description provided by source. Exploit: SePortal 2.5 Sql Injection Vulnerabilty Author: jsass Date : 19\03\2014 Contact Twitter: @Kwsecurity Script: http://www.seportal.org/ version: 2.5 Tested on: Linux Ubuntu 12.4 & Windows 7 Dork : Powered by SePortal 2.5 // Searching And Analysis By Kuwai...

Microsoft Visio 2010 Crash PoC

No description provided by source. Title : Microsoft Visio 2010 memory corruption Version : Microsoft Visio Premium 2010 SP1 Date : 2012-11-12 Vendor : http://office.microsoft.com Impact : Med/High Contact : coolkaveh at rocketmail.com Twitter : @coolkaveh tested : Windows XP SP3 ENG Bug : ----...

Novell eDirectory 8.8.5 DHost Weak Session Cookie Session Hijacking Vulnerability

source: http://www.securityfocus.com/bid/38782/info Novell eDirectory is prone to a session-hijacking vulnerability. An attacker can exploit this issue to gain access to the affected application. Novell eDirectory 8.8.5 is vulnerable; other versions may also be affected. $Id:...

True North Software Internet Anywhere Mail Server 2.3.x Mail Server Multiple Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/730/info True North Software's Internet Anywhere Mail Server has various weaknesses that could allow an attacker to remotely crash the server running this software.. The POP3 commands list, retr .uidl and user and the SMT...

Safari 5.0.1 - DLL Hijacking Exploit (dwmapi.dll)

No description provided by source. / Version: Safari 5.0.1 Tested on: Windows XP SP3 Author : Secfence Exploit By: Vinay Katoch, Secfence Technologies www.secfence.com http://twitter.com/secfence Place a .htm .mht .mhtml .xht .xhtm .xhtl file and dwmapi.dll in same folder and run file in safari...

php-ping Count Parameter Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9309/info It has been reported that php-ping may be prone to a remote command execution vulnerability that may allow remote attackers to execute commands on vulnerable systems. The problem exists due to insufficient...

CMS Openpage (index.php) SQL Injection Vulnerability

No description provided by source. ==================================================== CMS Openpage index.php SQL Injection Vulnerability ==================================================== + Discovered by: Phenom + My id: http://inj3ct0r.com/author/2157 + Original:...

Oracle 9i/10g Database TNS Command Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35683/info Oracle Database is prone to a remote vulnerability affecting the 'Listener' component. The vulnerability can be exploited over the 'Oracle Net' protocol. An attacker doesn't require privileges to exploit this...

Symantec Web Gateway 5.0.2.8 Command Execution Vulnerability

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

Visitor Logger (banned.php) Remote File Include Vulnerability

No description provided by source. - Visitor Logger banned.php Remote File Include Vulnerability - Date: 2010/05/31 - Vendor: http://www.graviton-mediatech.com - Download: http://www.graviton-mediatech.com/downloads/Visitor-Logger/Visitor-Logger.zip - Googledork: n/a - Discovered by bd0rk -...

PHP <= 5.4.3 (com_event_sink) Denial of Service

No description provided by source. ?php / PHP = 5.4.3 comeventsink Code Execution Proof of Concept Found by condis Website: http://cond.psychodela.pl Tested on: PHP 5.3.8 + Windows XP SP3 Professional PL PHP 5.3.10 + Windows XP SP3 Professional PL PHP 5.4.0 + Windows XP SP3 Professional PL PHP...

WordPress Super CAPTCHA plugin <= 2.2.4 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Super CAPTCHA plugin = 2.2.4 SQL Injection Vulnerability Date: 2011-08-26 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/super-capcha.2.2.4.zip Version: 2.2.4 tested...

Inmostore 4.0 Index.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24884/info Inmostore is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...

hp software update client 3.0.8.4 - Multiple Vulnerabilities

No description provided by source. Advisory: ///////// There is another remotely exploitable flaw within software preinstalled in HP notebook machines. This time, the culprit is automatic software update tool provided by the vendor.The Potential exploitation may lead to user files loss or alterin...

Web Template Management System 1.3 - Remote SQL Injection

No description provided by source. Nyubicrew Community deonixscripts id Remote Sql Injection vendor : http://www.deonixscripts.com/ Demo : http://www.deonixscripts.com/demo/tplmgt13/ Bug Found By :homeedition2001 a.k.a bius 31-08-2007 contact: [email protected] Website :...

nabopoll 1.2 - Remote Unprotected Admin Section Vulnerability

No description provided by source. nabopoll 1.1.2 sensitive file admin without password By : sn0oPy Risk : high site : http://nabocorp.com/ Dork : inurl:nabopoll/ exploit : acces without password to : http://target/nabopoll/admin/configedit.php http://target/nabopoll/admin/templateedit.php...

Netgear FM114P Wireless Firewall File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6807/info Netgear FM114P Wireless Firewalls allow directory traversal using escaped character sequences. It is possible for an unauthenticated user to retrieve the firewall's configuration file by escaping from the...

Cyclope Employee Surveillance Solution 6.0 6.1.0 6.2.0 - Multiple Vulnerabilities

No description provided by source. Author: loneferret of Offensive Security Product: Cyclope Employee Surveillance Solution v6.0 Version: 6.1.0 & 6.2.0 Vendor Site: http://www.cyclope-series.com/ Software Download: http://www.cyclope-series.com/download/index.html Software description: The employ...

phpDenora <= 1.4.6 - Multiple SQL Injection Vulnerabilities

No description provided by source. Title : phpDenora = 1.4.6 Multiple SQL Injection Vulnerabilities Author : P. de Brouwer - KnickLighter @knickz0r NLSecurity - www.nlsecurity.org [email protected] Dork : intext:Powered by phpDenora Software : phpDenora = 1.4.6...

TwonkyMedia Server <= 4.4.17 & <= 5.0.65 - XSS

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== Title: TwonkyMedia Server Multiple Cross-Site Scripting Vulnerabilities Product: TwonkyMedia Server Vendor: TwonkyMedia PacketVideo...

CMS (fckeditor) Remote Arbitrary File Upload Exploit

No description provided by source. Title: CMS fckeditor Remote Arbitrary File Upload Exploit Author: Mr.MLL Published: 2010-04-15 Verified: yes Download Exploit Code Download N/A ================================================================================================================== o C...

Limbo CMS Module event 1.0 - Remote File Include Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 import re from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class LimboCMSModuleeventRemoteFileIncludePOCBase: vulID = '64366' version = '1' vulDate = '2006-12-27' author ...

Spaw Editor 1.0 & 2.0 - Remote File Upload

No description provided by source. Tilte: Spaw Editor v1.0 & 2.0 Remote File Upload . Date....................: 20-05-2010 Author..................: Ma3sTr0-Dz Location ...............: Algeria Software ...............: Spaw Editor v1 & v2 Impact..................: Remote Site Software .............

Sun Solaris 7.0 procfs Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/448/info A nonpriviliged user can crash any 32 or 64 bit non-intel machine running Solaris 7 by executing the following: more /proc/self/psinfo This is due to a bug in the Solaris 7 procfs. %more /proc/self/psinfo crash...

NeoSys Neon Webmail for Java 5.06/5.07 downloadfile Servlet Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: - an arbitrary-file-upload vulnerability - an...

aeNovo /incs/searchdisplay.asp strSQL Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15036/info Aenovo, aeNovoShop and aeNovoWYSI are prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL...

SPIP 1.8.3 Spip_login.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17423/info SPIP is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remot...

Info-ZIP UnZip 5.50 Encoded Character Hostile Destination Path Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7550/info Info-ZIP UnZip contains a vulnerability during the handling of pathnames for archived files. Specifically, when certain encoded characters are inserted into '../' directory traversal sequences, the creator of th...

Working Resources BadBlue 1.7.x/2.x Unauthorized HTS Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7638/info BadBlue is prone to a vulnerability that could allow remote attackers to gain unauthorized access to administrative functions. It is possible to bypass BadBlue security checks when '.hts' files are requested by ...

SmartCMS (index.php, menuitem param) SQL Injection & Cross Site Scripting Vulnerabilities

No description provided by source. SmartCMS SQL Injection & Cross Site Scripting Vulnerabilities Bug discovered by Yakir Wizman AKA Pr0T3cT10n, [email protected] Date: 29/11/2012 Version: ALL Vendor Link: http://smartcms.nl/ ISRAEL Author will be not responsible for any damage. SQL Injection...

HP LoadRunner lrFileIOService ActiveX Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...