e-ticketing - SQL Injection

No description provided by source. 'e-ticketing' SQL Injection CVE-2012-1673 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in loginscript.php that allows for SQL injection of the 'username' and 'password' POST parameters. I...

MySQL Quick Admin <= 1.5.5 (COOKIE) Local File Inclusion Vulnerability

No description provided by source. MySQL Quick Admin = 1.5.5 COOKIE Local File Inclusion Vulnerability url: http://www.mysqlquickadmin.com/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use...

aBitWhizzy whizzypic.php d Variable Traversal Arbitrary Directory Listing

No description provided by source. source: http://www.securityfocus.com/bid/23167/info aBitWhizzy is prone to multiple cross-site scripting and directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker could exploit these...

Pre ASP Job Board 'emp_login.asp' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/32572/info Pre ASP Job Board is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the brows...

TikiWiki Project 1.8 tiki-read_article.php articleId Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting,...

Java Search Engine 0.9.34 Search.JSP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15687/info Java Search Engine is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

Wordpress Euclid Theme 1.x.x - CSRF Vulnerability

No description provided by source. Title : Wordpress Euclid V1 Themes CSRF File Upload Vulnerability Author : DevilScreaM Date : 11/17/2013 - 17 November 2013 Category : Web Applications Type : PHP Version : 1.x.x Vendor : http://freelancewp.com Download :...

Jax PHP Scripts 1.0/1.34/2.14/3.31 petitionbook Script User IP Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

PuterJam\'s Blog PJBlog3 3.0.6 \'action.asp\' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34701/info PJBlog3 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

Edit-X Edit_Address.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21974/info Edit-x is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying...

MKPortal 1.x Multiple Modules Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/36216/info Multiple modules of MKPortal are prone to cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the...

ActiveCampaign KnowledgeBuilder 2.2 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20020/info ActiveCampaign KnowledgeBuilder is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. This may allow an attacker to compromise the application and the...

LinPHA 0.9.x/1.0 install.php language Parameter Local File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in multiple scripts. The PHP...

ViArt CMS forum_topic_new.php forum_id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/36003/info ViArt CMS is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context ...

Adobe Photoshop CS6 PNG Parsing Heap Overflow

No description provided by source. Application: Adobe Photoshop CS6 PNG Parsing Heap Overflow Platforms: Windows & Macintosh Versions: 13.x Secunia: SA49141 PRL: 2012-27 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1...

WebSiteBaker 2.8.1 DataBase Backup Disclosure

No description provided by source...

GeekHelps ADMP 1.01 - Multiple Vulnerabilities

No description provided by source. local file include / sql injection Author: ItSecTeam download from:http://geekhelps.net/download.php script:ADMP remote:yes dork::D lfi vul1:/path/themes/colorvoid/footer.php include./themes/$style/info.php; ? line 3 vuls:themes/default-green/footer.php...

Joomla Webring Component <= 1.0 - Remote Include Vulnerability

No description provided by source. C Y BE R - W A R R i O R T I M Joomla Webring Component componentdir Remote File Inclusion Vulnerabilities Author: xoron Class : Remote cont@ct: x0r0nathotmaildotcom Code: in admin.webring.docs.php, line 12 requireonce $componentdir. mungdocs.class.php; Google...

PBLang <= 4.65 - Remote Command Execution Exploit (2)

No description provided by source. ?php | | | PBLang = 4.65 remote commands exec exploit | | tested on 4.65 | | coded by Pengo 2005 RST/GHC | | http://rst.void.ru | | http://ghc.ru | | | WARNING! This exploit is successfully work when magicquotesrpc off = D:\httpd\phpphp.exe ..\www\r57pblang465.p...

PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow

No description provided by source. / Exploit Title: Plib + flightgear 3dconvert exploit Date: 08/10/2012 Author: Andres Gomez Software Links: Plib: http://plib.sourceforge.net/ flightgear: http://www.flightgear.org/ 3dconvert: ftp://ftp.ihg.uni-duisburg.de/FlightGear/Win32/old/3dconvert-win32.zip...

Home FTP Server 1.11.1.149 - Post-Auth Directory Traversal

No description provided by source...

KISGB <= (tmp_theme) 5.1.1 - Local File Inclusion Vulnerability

No description provided by source. !/usr/bin/env python -- coding:utf-8 -- from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class TestPOCPOCBase: vulID = '65284' version = '1' vulDate = '1206806400' createDate = '1442937600' references =...

Wordpress Plugin Effective Lead Management 3.0.0 - Persistent XSS

No description provided by source. Exploit Title: WP Lead Management v3.0.0 Persistent XSS Date: 8/5/12 Exploit Author: Chris Kellum Software Link: http://downloads.wordpress.org/plugin/wp-effective-lead-management.3.0.1.zip Version: 3.0.0 ===================== Vulnerability Details...

XOOPS 'prayerlist' Module - 'cid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27934/info XOOPS 'prayerlist' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker t...

MyNewsGroups <= 0.6b (myng_root) Remote Inclusion Vulnerability

No description provided by source. +-------------------------------------------------------------------- + + MyNewsGroups : v. 0.6b = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: MyNewsGroups : v. 0.6b + Venedor ..............

Informix Webdriver 1.0 - Remote Administration Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2166/info Informix Webdriver, the web-to-DB interface used by Informix database products, may permit unauthorized remote access to the system's administration functions. Under very specific circumstances, if webdriver is...

atmail email server appliance 6.4 - Stored XSS - csrf - rce

No description provided by source. Exploit Title: Atmail Email Server Appliance 6.4 Remote Code Execution Date: Jul 21 2012 Author: muts Version: Atmail Email Server 6.4 By sending an email to a user with the Atmail administrative interface open, we can call a remote JavaScript file that will...

Atmail WebAdmin and Webmail Control Panel SQL Root Password Disclosure

No description provided by source. Vuln Title: Atmail WebAdmin and webmail Control Panel Remote Access SQL Root password Vulnerability Author: FaryadR a.k.a Ciph3r tested on : Atmail Email Server 6.20.8 Twitter : https://twitter.com/faryadR Mail : [email protected] Website :...

Rockliffe MailSite 5.3.4/6.1.22/7.0.3 HTTP Mail Management Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16330/info MailSite is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scrip...

Artmedic Event Index.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17736/info Artmedic Event is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an...

NexGen FTP Server 1.0/2.x Remote Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9970/info It has been reported that the Nexgen FTP server is prone to a remote directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize file request strings from...

AOL Desktop 9.6 RTX Buffer Overflow

No description provided by source. $Id: aoldesktoplinktag.rb 12284 2011-04-08 23:09:31Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...

Feindura File Manager 1.0(rc) - Remote File Upload

No description provided by source. =================================================== Feindura File Manager 1.0rc - Remote File Upload =================================================== My + Author : KnocKout Contact : [email protected] Software info Web App. : Feindura - Flat File Content...

Invision Power Board 1.x Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13802/info Invision Power Board is affected by an unauthorized access vulnerability. Reportedly, a moderator can edit forum posts owned by other moderators through an HTTP GET request without providing sufficient...

MS10-073 Windows Class Handling Vulnerability

No description provided by source. include windows.h / Source: http://mista.nu/blog/2010/12/01/windows-class-handling-gone-wrong/ / int mainint argc, char argv WNDCLASSA Class = 0; CREATESTRUCTA Cs = 0; FARPROC MenuWindowProcA; HMODULE hModule; HWND hWindow; Class.lpfnWndProc = DefWindowProc;...

Snowblind Web Server 1.0/1.1 HTTP GET Request Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7619/info Snowblind Web Server has been reported prone to a buffer overflow vulnerability. The vulnerability exists when the web server attempts to process HTTP requests of excessive length. Although unconfirmed, this...

SimpleAssets Authentication Bypass & XSS Vulnerability

No description provided by source. 1 1 0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:SimpleAssets Authentication Bypass & XSS Vulnerability Vendor...

VUPlayer 2.49 - .ASX File (HREF) Local Buffer Overflow PoC

No description provided by source. !/usr/bin/perl -w print Program : VUPlayer Version : 2.49 website : http://www.vuplayer.com/ Download : http://vuplayer.com/files/vuplayersetup.exe Type : .asx File local Stack Overflow PoC \n; print EAX 00000000 ECX 43434343 EDX 00C181A0 EBX 00000001 ESP 0012EA...

Loom Software SurfNow 1.x/2.x Remote HTTP GET Request Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9519/info A problem has been identified in the handling of specific types of requests by SurfNOW. Upon receiving specially crafted HTTP GET requests, it is possible for a remote attacker to crash a vulnerable...

MetaCart E-Shop ProductsByCategory.ASP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13639/info MetaCart e-Shop is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrar...

Zblast 1.2 - Local Username Buffer Overrun Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7836/info A vulnerability has been reported for zblast, an svgalib-based game. The problem occurs when copying data from a user-supplied environment variable into a static memory buffer. By storing excessive data within t...

MS Windows 2000/NT 4/XP Network Share Provider SMB Request Buffer Overflow (2)

No description provided by source. source: http://www.securityfocus.com/bid/5556/info Microsoft Windows operating systems use the Server Message Block SMB protocol to support services such as file and printer sharing. A buffer overflow vulnerability has been reporting in the handling of some...

BOINC Manager (Seti@home) 7.0.64 Field SEH based BOF

No description provided by source. Exploit Title: BOINC Manager 7.0.64 Field stack based buffer overflow Date: 26.05.2013 Exploit Author: xisone@STM Solutions Vendor Homepage: http://boinc.berkeley.edu/ Software Link: http://boinc.berkeley.edu/dl/boinc7.0.64windowsintelx86.exe Version: 7.0.64 for...

php weather 2.2.2 (lfi/xss) Multiple Vulnerabilities

No description provided by source. Lfi/xss script: phpweather-2.2.2 download from:http://downloads.sourceforge.net/phpweather/phpweather-2.2.2.zip?modtime=1087430400&bigmirror=0 vul: /test.php line 48: requirePHPWEATHERBASEDIR . /output/pwtext$language.php; xpl:...

Eduha Meeting Index.PHP Arbitrary File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18499/info Eduha Meeting is prone to an arbitrary file-upload vulnerability. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate...

Bloq 0.5.4 rss2.php page[path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/20512/info Bloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the application and the...

PG Portal Pro CSRF Vulnerability

No description provided by source...

PHP "multipart/form-data" Denial of Service Exploit (Python)

No description provided by source. !/usr/bin/python -- coding: utf-8 -- Author: Eren Turkay eren .-. pardus.org.tr, 2009/11/20 http://www.pardus.org.tr/eng/ Credits: Bogdan Calin from Acunetix Description: Exploit to cause denial of service on any host that runs PHP via temporary file exhaustion...

phpBB PJIRC Module 0.5 - 'irc.php' Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28446/info The PJIRC module for phpBB is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings ...

IPortalX forum/login_user.asp Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/27044/info iPortalX is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browse...