56796 matches found
Multiple Routers (IRC Request) Disconnect Denial of Service Vulnerability
No description provided by source. It appears that various routers are prone to an IRC-only DoS attack. Particularly Netgear and Linksys routers have been shown vulnerable. If a client behind one of the vulnerable routers connects to an IRC server on port 6667 and only 6667, does not DoS with oth...
Chalk Creek Media Player 1.0.7 .mp3 and .wma Denial of Service Vulnerability
No description provided by source. Exploit Title: Chalk Creek Media Player 1.0.7 .mp3 and .wma DOS Date: September 16 2010 Author: Carlos Mario Penagos Hollmann Software Link: http://download.cnet.com/3001-21394-10526196.html?spi=a1e3adfe2f3af811074a43111c901f6c Version: 1.0.7 Tested on: Windows ...
WCMS 1.0b (news_detail.asp id) Remote SQL Injection Vulnerability
No description provided by source. ======================================================================= WCMS v.1.0b newsdetail.asp id Remote SQL Injection Vulnerability ======================================================================= ,--^----------,--------,-----,-------^--, | |||||||||...
Star Articles 6.0 - Remote File Upload Vulnerability
No description provided by source. Star Articles 6.0 Remote File Upload ---------------------------------------------------------- Discovered By: ZoRLu msn: [email protected] Home: www.z0rlu.blogspot.com N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : dork: allinurl:article.download.php baya ...
Microsoft Internet Explorer MHTML Protocol Handler XSS
No description provided by source. Hacking with mhtml protocol handler Author: www.80vul.com Email:5up3rh3igmail.com Release Date: 2011/1/15 References: http://www.80vul.com/mhtml/Hacking%20with%20mhtml%20protocol%20handler.txt Ph4nt0m Webzine 0x05 http://secinn.appspot.com/pstzine Was finally...
OpenDocMan 1.2.5 view_file.php XSS
No description provided by source. source: http://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...
Deep CMS 2.0 Index.PHP Remote File Include Vulnerability
No description provided by source...
Windows Internet Communication Settings DLL Hijacking Exploit (schannel.dll)
No description provided by source. / Exploit Title: Windows Internet Communication Settings DLL Hijacking Exploit schannel.dll Date: 25/08/2010 Author: ALPdaemon Email: ALPdaemon at yahoo dot com Software Link: N/A Tested on: Windows XP SP3 English Extension: .isp / include windows.h int alpdaemo...
CMS Mini 0.2.2 - Multiple Vulnerabilities
No description provided by source. ------------------------------------------------------------------------------------------ Exploit Title: CMSMini - Multiple Vulnerability Author: SANTHO @s4n7h0 Vendor Homepage: http://sourceforge.net/projects/cmsmini/ Download link:...
vBulletin 3.0.10 Portal.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18197/info vBulletin is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow...
Flat PHP Board <= 1.2 - Multiple Vulnerabilities
No description provided by source. --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org...
Bitweaver 1.x fisheye/index.php sort_mode Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal...
Ultimate PHP Board <= 2.0 (header_simple.php) File Include Exploit
No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...
paFaq beta4 question.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/12582/info paFaq is reportedly affected by an SQL injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation...
JBoss 3.0.8/3.2.1 HSQLDB Remote Command Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8773/info A remote command-injection vulnerability has been reported in JBoss. The issue is reportedly exposed via the HSQLDB component, which is a SQL database server that manages JMS connections. Because of a number of...
Baykus Yemek Tarifleri <= 2.1 - SQL Injection Vulnerability
No description provided by source...
OnePlug CMS /press/details.asp Press_Release_ID Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/16155/info OnePlug CMS is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...
U&M Software Signup 1.1 Auth Bypass Vulnerability
No description provided by source. ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || || ==============================================================================...
New5starRating 1.0 'admin/control_panel_sample.php' SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/34680/info New5starRating is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromis...
Bitrix Site Manager 6/7 Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/33689/info Bitrix Site Manager is prone to multiple input-validation vulnerabilities: - An authentication-bypass vulnerability - A cross-site scripting vulnerability An attacker may leverage these issues to gain...
Joomla Component com_tariff SQL Injection Vulnerability
No description provided by source. Title : Joomla Component comtariff SQL Injection Vulnerability Author: DevilZ TM Data : 2010-03-28 InformatioN Title : Joomla Component comtariff SQL Injection Vulnerability Author : DevilZ TM By D3v1l Homepage : http://www.DEVILZTM.com Email :...
Serendipity 1.6 Backend XSS And SQLi Vulnerability
No description provided by source. Advisory: Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability Advisory ID: KORAMIS-ADV2012-001 Contact: [email protected] Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.6 Vendor URL: http://www.s9y.org...
Simple E-Document Arbitrary File Upload
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...
WeBid <= 1.0.2 (converter.php) Remote Code Execution Exploit
No description provided by source. ?php / ------------------------------------------------------------ WeBid = 1.0.2 converter.php Remote Code Execution Exploit ------------------------------------------------------------ author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...
Lighthouse Development Squirrelcart 1.5.5 - SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12944/info Squirrelcart is affected by an SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attack...
Nuke ET <= 3.4 (fckeditor) Remote Arbitrary File Upload Exploit
No description provided by source. ?php / --------------------------------------------------------------- Nuke ET = 3.4 fckeditor Remote Arbitrary File Upload Exploit --------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...
RSA Security RSAREF 2.0 - Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/843/info A buffer overflow vulnerability exists in the RSAREF cryptographic library which may possibly make any software using the library vulnerable. The vulnerability exists in four functions in the rsa.c source file. T...
Freeway 1.4.1.171 templates/Freeway/boxes/whos_online.php language Parameter Traversal Local File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/30731/info Freeway is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities using directory-traversal strings to view...
IRIX 6.2/6.3/6.4 xfs truncate() Privilege Check Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1540/info The truncate system call on a number of versions of the IRIX operating system with the xfs file system does not properly check permissions before truncating a file, making it possible for unprivileged users to...
Theeta CMS (Cross Site Scripting,SQL Injection) Multiple Vulnerabilities
No description provided by source. / \ / | | | \ / | | | | | | | | | | || | | | | | | | | '| | | | | | | | | | |/ \ / |/ / / | | | | || | || | || || | / || | | | / | | || / / |/ || ,|\|,| +-+-+-+-+ |C|r|e|w| +-+-+-+-+ Theeta CMS Cross Site Scripting,SQL Injection Multiple Vulnerabilities...
1-Script 1-Search 1.8 1search.CGI Cross-Site Scripting Vulnerability
No description provided by source...
Reaver WiFi Protected Setup Exploit
No description provided by source. Exploit Title: Reaver WiFi Protected Setup Exploit Google Dork: Date: 28 December 2011 Author: [email protected] Software Link: http://www.tacnetsol.com/products/ Version: All 802.11 access points implementing WiFi Protected Setup and have it enabled. Teste...
Mediacoder (.lst) - SEH Buffer Overflow
No description provided by source. !/usr/bin/python import os import sys from struct import pack from time import sleep if os.name == nt: os.systemcls os.systemcolor 3f else: os.systemclear print +Exploit Title: All Mediacoder Product SEH Buffer Overflow +Download All Product:...
PHPWebSite 0.8.3 News Message HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5802/info Problems with phpWebSite could make it possible to execute arbitrary script code in a vulnerable client. phpWebSite does not sufficiently filter potentially malicious HTML code from news posts. As a result, when...
ImageFolio 2.2x/3.0/3.1 Admin.CGI Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7828/info ImageFolio 'admin.cgi' has been reported prone to a directory traversal vulnerability. By supplying directory traversal sequences, as a URI parameter, to the 'admin.cgi' script an attacker may break out of the w...
Short URL 1.01 - Local File Inclusion
No description provided by source. Securitylab.ir Application Info: Name: Short URL Version: 1.01 Vendor: http://www.phpkobo.com/shorturl.php Vulnerability Info: Type: Local File Inclusion Risk: Medium Vulnerability:...
GREEZLE - Global Real Estate Agent Site Auth SQL Injection
No description provided by source...
2daybiz Freelance Script SQL Injection Vulnerability Exploit
No description provided by source. ----------------------------Information------------------------------------------------ +Autor : Easy Laster +ICQ : 11-051-551 +Info : http://www.2daybiz.com/freelancescript.html +Discovered by Easy Laster 4004-security-project.com +Security Group...
Opera Denial of Service by <canvas> Element
No description provided by source. Opera.html html body onload=Opera script language=JavaScript function Opera canvas = document.getElementByIdcanvas; ctx = canvas.getContext2d; ctx.getImageData0,0,0x20000,0x20000; /script canvas id=canvas width=10 height=10/canvas /body /html Original Advisory:...
Netcut 2.0 - Denial of Service Vulnerability
No description provided by source. !/usr/bin/env python Exploit Title: Netcut Denial of Service Vulnerability Author: MaYaSeVeN Blog: http://mayaseven.blogspot.com PoC: Video http://www.youtube.com/user/mayaseven Picture...
AdaptCMS_Lite_1.5 2009-07-07
No description provided by source. =========================================================================== Topic : AdaptCMSLite1.5 2009-07-07 Bug type : change admin user,passwd & add new admin user exploit Download :...
LiveCart 1.0.1 category q Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/27087/info LiveCart is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browse...
Narcissus Remote Command Execution Vulnerability
No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ posdubatgmail.com 2012-11-13 Narcissus Remote Command Execution Vulnerability Script: Narcissus - Online image build...
Sun Solaris <= 2.6 power management Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/160/info A vulnerability exists in Sun's power management software under Solaris versions 2.4-2.6 although only 2.6 as part of the main distribution. The sys-suspend program is initiated when a user runs the program, or...
RaXnet Cacti 0.5/0.6/0.8 Top_Graph_Header.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14030/info RaXnet Cacti is prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the 'topgraphheader.php'...
KingView 6.5.3 SCADA HMI Heap Overflow PoC
No description provided by source. Exploit Title: KingView 6.53 SCADA HMI Heap Overflow PoC Date: 9/28/2010 Author: Dillon Beresford Software Link: http://download.kingview.com/software/kingview%20English%20Version/kingview6.53EN.rar Version: 6.53 English Tested on: Windows XP SP1 works on SP2 an...
Linux ARM - Local Root Exploit
No description provided by source. / Just a lame binder local root exploit stub. Somewhat messy but whatever. The bug was reported in CVE-2013-6282. Tested on Android 4.2.2 and 4.4. Kernels 3.0.57, 3.4.5 and few more. All up to 3.4.5 unpatched should be vulnerable. You need to customize the...
Software Index (Remote File Upload) Exploit
No description provided by source. Vendor: http://www.p30vel.ir/ Date: 2010-05-27 Author : indoushka Thanks to : Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com ! Contact : [email protected] Home : Bug : Up Tested on : windows SP2 Fran�ais V.Pnx2 2.0 Dork : Copyright 2010. Software...
Guppy <= 4.5.9 (REMOTE_ADDR) Remote Commands Execution Exploit
No description provided by source. ?php if magicquotesgpc is off you can inject arbitrary php code from rgod /str0ke ---guppy459xpl.php 17.30 28/11/2005 Guppy =4.5.9 SERVERREMOTEADDR overwrite / remote commands xctn coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in...
zervit Web Server 0.4 - Source Disclosure/Download
No description provided by source. zervit Web Server v0.4 Source Disclosure/Download Found By: DrIDE Date: May 12, 2010 Download: http://zervit.sourceforge.net/ Tested on: Windows 7 - Description - zervit HTTP Server v0.4 is a Windows based HTTP server. This is the latest version of the applicati...