56796 matches found
e107 0.7.5 Subject field HTML injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18560/info The e107 CMS is prone to an HTML-injection vulnerability. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site whe...
ManageEngine Support Center Plus <= 7908 - Multiple Vulnerabilities
No description provided by source. +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : ManageEngine Support Center Plus =7908 Multiple Vulnerabilities Date : 06-03-2012 Author : xistence xistenceAT0x90....
NProtect Anti-Virus 2007 <= 2010.5.11.1 - Privilege Escalation Vulnerability
No description provided by source...
BB4 Big Brother Network Monitor 1.5 d2 bb-hist.sh HISTFILE Parameter File Existence Disclosure
No description provided by source. source : http://www.securityfocus.com/bid/1971/info Big Brother Network Monitor is a robust, feature rich network monitoring package produced by BB4 Technologies. A problem exists that can allow remote account guessing. The problem occurs in the Common Gateway...
Wireshark <= 1.4.4 packet-dect.c Stack Buffer Overflow
No description provided by source. $Id: wiresharkpacketdect.rb 12364 2011-04-19 07:53:58Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and ter...
Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution
No description provided by source. ?php / ------------------------------------------------------------------------------ Support Incident Tracker = 3.65 translate.php Remote Code Execution Exploit ------------------------------------------------------------------------------ author..................
Matt Wright FormMail 1.x Cross-Site Request Forgery Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2080/info FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user. A web server can use a remote site's FormMail script without authorization, using remote syste...
Simple PHP News 1.0 - Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl ----------------------------------------------------------------------------- INFORMATIONS ----------------------------------------------------------------------------- App = Simple PHP News 1.0 Final Downl =...
Fhimage 1.2.1 - Remote Command Execution Exploit (mq = off)
No description provided by source. !/usr/bin/perl ----------------------------------------------------------------------------------------------- INFORMATIONS ----------------------------------------------------------------------------------------------- Fhimage 1.2.1...
PHP 5.2.5 'mbstring.func_overload' Webserver Denial Of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/33542/info PHP is prone to a denial-of-service vulnerability because it fails to limit global scope for certain settings relating to Unicode text operations. Attackers can exploit this issue to crash the affected webserve...
Extreme Corporate 6.0 Extremesearch.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15675/info Extreme Search Corporate Edition is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue...
Sybergen SyGate 2.0/3.11 Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1420/info An exploit which causes a Denial of Service to Sybergen's Sygate when run from an internal machine has been released. The exploit sends a UDP packet to port 53 of the gateway. //Sygate Crash by: [email protected]...
JDownloader Webinterface Source Code Disclosure Vulnerability
No description provided by source. Exploit Title: JDownloader Webinterface Source Code Disclosure Date: 11/24/10 Author: Sil3ntDre4m Software Link: http://jdownloader.org Version: Latest 0.9.850 Tested on: Windows, Linux JDownloader WebInterface is vulnerable to a source code disclosure exploit t...
Wordpress Gallery Plugin 3.06 Arbitrary File Upload
No description provided by source. Description : Wordpress Plugins - Gallery Arbitrary File Upload Vulnerability Version : 3.06 Link : http://wordpress.org/extend/plugins/gallery-plugin/ Plugins : http://downloads.wordpress.org/plugin/gallery-plugin.3.06.zip Date : 01-06-2012 Google Dork :...
Pluxml-Blog 4.2 'core/admin/auth.php' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37384/info Pluxml-Blog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
Wordpress IndiaNIC Testimonial Plugin - Multiple Vulnerabilities
No description provided by source...
phpshop 0.8.1 - Multiple Vulnerabilities
No description provided by source. Vendor: http://www.phpshop.org/ Discovered By: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it SQL INJECTION http://server/phpshop-0.8.1/?page=admin/functionlist&moduleid=111111' union select...
fipsGallery <= 1.5 (index1.asp) Remote SQL Injection Vulnerability
No description provided by source. Title : fipsGallery = v1.5 index1.asp Remote SQL Injection Vulnerability Author : ajann Contact : : $$$ : 29 Euro http://target/path//index1.asp?what=artists&which=SQL Example:...
Ajax File Browser 3b (settings.inc.php approot) RFI Vulnerability
No description provided by source. Ajax File Browser 3 Beta Remote File Inclusion found by the arfis project http://arfis.wordpress.com/ Project Info: ------------- Name: Ajax File Browser Link: http://sourceforge.net/projects/ajaxfb/ DL:...
A-Blog 2.0 - (menu.php) Remote File Include Vulnerability
No description provided by source. ToXiC A-Blog Remote File Include BuG FounD by Drago84 Application Affect:A-Blog Source Code: http://prdownloads.sourceforge.net/a-blog/A-BlogV2.rar?download Problem: ?php include $navigationstart; ? ?php include$navigationmiddle; ? Soluction: Include in page...
ALPHA CMS Local File Inclusion Vulnerability
No description provided by source. fucking the Web Apps attack edition /\ \ /\ \ /\ /\ \ \ \ \L\ \ \ /'\ /\ \ \ ,\ \ \ \ \ /\ /\ \ /'\ \ , /\ \ /' \ /' \ \ \ /\ \ \ /'\ \ \ /\ \ \ /\ /\ \ \\ \ /\ /\ /\ \L\ \ \ \ \ \ \ \ /\ / \ \ \ /\ \\ \ \ \ \ \ \ \ \ \\ \ \ \ //...
blog system <= 1.5 - Multiple Vulnerabilities
No description provided by source. Exploit Title: Blog System = 1.5 Multiple Vulnerabilities Date: 04/04/10 Author: cp77fk4r | empty0pageSHIFT+2gmail.comhttp://gmail.com | www.DigitalWhisper.co.ilhttp://www.DigitalWhisper.co.il Software Link: http://www.netartmedia.net/blogsystem/ |...
thttpd <= 2.24 HTTP Request Escape Sequence Terminal Command Injection
No description provided by source. source: http://www.securityfocus.com/bid/37714/info Acme 'thttpd' and 'minihttpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary...
Inktomi Traffic Server 4.0/5.x Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7596/info Inktomi Traffic Server is prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of input passed to the proxy, which will be echoed back in error pages under some circumstances. ...
Datafeed Studio 1.6.2 'search.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30660/info Datafeed Studio is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the...
Bifrost 1.2.1 - Remote Buffer OverFlow
No description provided by source. !/usr/bin/python2.7 By : Mohamed Clay import socket from time import sleep from itertools import izip, cycle import base64 import sys def rc4cryptdata, key: x = 0 box = range256 for i in range256: x = x + boxi + ordkeyi % lenkey % 256 boxi, boxx = boxx, boxi x =...
IPsec-Tools Prior to 0.7.2 - Multiple Remote Denial of Service Vulnerabilities
No description provided by source. / racoon-isakmp-dos.c Copyright c 2009 by [email protected] ipsec-tools racoon frag-isakmp DoS POC by mu-b - Thu Apr 02 2009 - Tested on: ipsec-tools-0.7.1 - Private Source Code -DO NOT DISTRIBUTE - http://www.digit-labs.org/ -- Digit-Labs 2009!@$! / include...
GForge < 4.6b2 (skill_delete) Remote SQL Injection Vulnerability
No description provided by source. Sql Injection Vulnerability In GForge Portcullis Security Advisory 07-014 Vulnerable System: All current versions till 4.6b2 Vulnerability Title: Sql Injection Vulnerability Discovery and Development: Portcullis Security Testing Services. Credit for Discovery:...
blog ink Bypass Setting Vulnerability
No description provided by source...
Tux CMS 0.1 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source...
Red Hat TUX 2.1 .0-2 HTTP Server Oversized Host Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3506/info TUX is a kernel based HTTP server released under the GNU General Public License. It is able to serve static content, cache dynamic content, and coordinate with other HTTP servers to produce dynamic content. An...
makit news/blog poster 3.1 - DB Download Vulnerability
No description provided by source...
Sphera HostingDirector 1.0/2.0/3.0 VDS Control Panel Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/7899/info Sphera HostingDirector VDS Control Panel has been reported prone to several cross-site scripting attacks. The vulnerabilities exist due to insufficient sanitization of user-supplied input for certain URI...
Bitweaver CMS 1.3 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/17406/info Bitweaver CMS is prone to multiple cross-site scripting vulnerabilities. Thess issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to...
Cisco User-Changeable Password (UCP) 3.3.4.12.5 - 'CSuserCGI.exe' Multiple Remote Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/28222/info Cisco User-Changeable Password UCP is prone to multiple remote vulnerabilities, including cross-site scripting and buffer-overflow vulnerabilities. Exploiting the cross-site scripting issues may help the attack...
Microsoft Internet Explorer 5.0.1 Invalid Byte Cross-Frame Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/197/info On January 28, 1999, Georgi Guninski originally reported a vulnerability in Internet Explorer 4.x. Internet Explorer 4.x's implentation of Cross-frame security could be bypassed if %01 is appended to an arbitrary...
Symantec Remote Management Buffer Overflow
No description provided by source. $Id: symantecrtvscan.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
Data 1 Systems UltraBB 1.17 'view_post.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38097/info Data 1 Systems UltraBB is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
No description provided by source. / Exploit Title: Microsoft Windows Movie Maker = 2.6.4038.0 DLL Hijacking Exploit hhctrl.ocx Date: 24/08/2010 Author: TheLeader Email: gsog2009 a7 hotmail d0t com Software Link:...
SoftBiz Web Hosting Directory Script 1.1 browsecats.php cid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/15561/info Softbiz Web Host Directory Script is prone to multiple SQL injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input before using it in an SQL query...
Check Point Firewall-1 4 SecureRemote Network Information Leak Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3058/info SecureRemote is the proprietary VPN infrastructure designed by Check Point Software, and included with some versions of Firewall-1. A problem with the package allows remote users to gain information about intern...
Trend Micro Virus Control System 1.8 - Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6617/info A denial of service vulnerability has been reported for Trend Micro TVCS. The vulnerability occurs when numerous requests for 'activesupport.exe' are made. This will cause the web server to stop responding to...
iOS SideBooks 1.0 - Directory Traversal
No description provided by source. Exploit Title: SideBooks v1.0 for iPhone / iPod touch, Directory Traversal Date: 02/22/2011 Author: R3d@l3rt, Sp@2K, Sunlight, Hackkey Software Link: http://itunes.apple.com/kr/app/sidebooks/id409777225?mt=8 Version: 1.0 Tested on: iPhone, iPod 3GS with 4.2.1...
TFTP Server TFTPDWin 0.4.2 Unspecified Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23937/info TFTP Server TFTPDWIN is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to gain read/write access to...
ProSysInfo TFTP server TFTPDWIN <= 0.4.2 Univ. Remote BOF Exploit
No description provided by source. !/usr/bin/perl ProSysInfo TFTP server TFTPDWIN = 0.4.2 Universal Remote Buffer Overflow Exploit Works on all Windows versions. ---------------------------------------- Exploit by SkD [email protected] Let's take a description from their page at:...
CSSearch 2.3 - Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4368/info csSearch is a website search script, written in Perl. It will run on most Unix and Linux variants, as well as Microsoft operating systems. csSearch is prone to an issue which may enable an attacker to execute Pe...
MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
AwStats <= 6.4 - Denial of Service
No description provided by source. !/usr/bin/perl Summarized the advisory www.ghc.ru GHC: /str0ke 0 Exploitable example raw log plugin: Attacker can read sensitive information http://server/cgi-bin/awstats-6.4/awstats.pl?pluginmode=rawlog&loadplugin=rawlog 1 Perl code execution. This script...
Joomla Component com_software SQL Injection Vulnerability
No description provided by source. Title : Joomla Component comsoftware SQL Injection Vulnerability Author: DevilZ TM Data : 2010-03-24 InformatioN Title : Joomla Component comsoftware SQL Injection Vulnerability Author : DevilZ TM By D3v1l Homepage : http://www.DEVILZTM.com Email :...
Joomla Component com_ops SQL Injection Vulnerability
No description provided by source. Title : Joomla Component comops SQL Injection Vulnerability Author: DevilZ TM Data : 2010-04-02 InformatioN Title : Joomla Component comops SQL Injection Vulnerability Author : DevilZ TM By D3v1l Homepage : http://www.DEVILZTM.com Email : [email protected]...