56796 matches found
Tux CMS 0.1 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source...
Red Hat TUX 2.1 .0-2 HTTP Server Oversized Host Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3506/info TUX is a kernel based HTTP server released under the GNU General Public License. It is able to serve static content, cache dynamic content, and coordinate with other HTTP servers to produce dynamic content. An...
makit news/blog poster 3.1 - DB Download Vulnerability
No description provided by source...
Sphera HostingDirector 1.0/2.0/3.0 VDS Control Panel Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/7899/info Sphera HostingDirector VDS Control Panel has been reported prone to several cross-site scripting attacks. The vulnerabilities exist due to insufficient sanitization of user-supplied input for certain URI...
Bitweaver CMS 1.3 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/17406/info Bitweaver CMS is prone to multiple cross-site scripting vulnerabilities. Thess issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to...
Cisco User-Changeable Password (UCP) 3.3.4.12.5 - 'CSuserCGI.exe' Multiple Remote Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/28222/info Cisco User-Changeable Password UCP is prone to multiple remote vulnerabilities, including cross-site scripting and buffer-overflow vulnerabilities. Exploiting the cross-site scripting issues may help the attack...
Microsoft Internet Explorer 5.0.1 Invalid Byte Cross-Frame Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/197/info On January 28, 1999, Georgi Guninski originally reported a vulnerability in Internet Explorer 4.x. Internet Explorer 4.x's implentation of Cross-frame security could be bypassed if %01 is appended to an arbitrary...
e107 <= 0.7.15 - (extended_user_fields) Blind SQL Injection Exploit
No description provided by source. !/usr/bin/env perl e107 = 0.7.15 extendeduserfields Blind SQL Injection Exploit Description ------------------------------------------------------------------- e107 contains one flaw that allows an attacker to carry out an SQL injection attack. The issue is due ...
Symantec Remote Management Buffer Overflow
No description provided by source. $Id: symantecrtvscan.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
Data 1 Systems UltraBB 1.17 'view_post.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38097/info Data 1 Systems UltraBB is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
No description provided by source. / Exploit Title: Microsoft Windows Movie Maker = 2.6.4038.0 DLL Hijacking Exploit hhctrl.ocx Date: 24/08/2010 Author: TheLeader Email: gsog2009 a7 hotmail d0t com Software Link:...
SoftBiz Web Hosting Directory Script 1.1 browsecats.php cid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/15561/info Softbiz Web Host Directory Script is prone to multiple SQL injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input before using it in an SQL query...
Check Point Firewall-1 4 SecureRemote Network Information Leak Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3058/info SecureRemote is the proprietary VPN infrastructure designed by Check Point Software, and included with some versions of Firewall-1. A problem with the package allows remote users to gain information about intern...
Trend Micro Virus Control System 1.8 - Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6617/info A denial of service vulnerability has been reported for Trend Micro TVCS. The vulnerability occurs when numerous requests for 'activesupport.exe' are made. This will cause the web server to stop responding to...
iOS SideBooks 1.0 - Directory Traversal
No description provided by source. Exploit Title: SideBooks v1.0 for iPhone / iPod touch, Directory Traversal Date: 02/22/2011 Author: R3d@l3rt, Sp@2K, Sunlight, Hackkey Software Link: http://itunes.apple.com/kr/app/sidebooks/id409777225?mt=8 Version: 1.0 Tested on: iPhone, iPod 3GS with 4.2.1...
TFTP Server TFTPDWin 0.4.2 Unspecified Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23937/info TFTP Server TFTPDWIN is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to gain read/write access to...
ProSysInfo TFTP server TFTPDWIN <= 0.4.2 Univ. Remote BOF Exploit
No description provided by source. !/usr/bin/perl ProSysInfo TFTP server TFTPDWIN = 0.4.2 Universal Remote Buffer Overflow Exploit Works on all Windows versions. ---------------------------------------- Exploit by SkD [email protected] Let's take a description from their page at:...
CSSearch 2.3 - Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4368/info csSearch is a website search script, written in Perl. It will run on most Unix and Linux variants, as well as Microsoft operating systems. csSearch is prone to an issue which may enable an attacker to execute Pe...
MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
AwStats <= 6.4 - Denial of Service
No description provided by source. !/usr/bin/perl Summarized the advisory www.ghc.ru GHC: /str0ke 0 Exploitable example raw log plugin: Attacker can read sensitive information http://server/cgi-bin/awstats-6.4/awstats.pl?pluginmode=rawlog&loadplugin=rawlog 1 Perl code execution. This script...
Joomla Component com_software SQL Injection Vulnerability
No description provided by source. Title : Joomla Component comsoftware SQL Injection Vulnerability Author: DevilZ TM Data : 2010-03-24 InformatioN Title : Joomla Component comsoftware SQL Injection Vulnerability Author : DevilZ TM By D3v1l Homepage : http://www.DEVILZTM.com Email :...
Joomla Component com_ops SQL Injection Vulnerability
No description provided by source. Title : Joomla Component comops SQL Injection Vulnerability Author: DevilZ TM Data : 2010-04-02 InformatioN Title : Joomla Component comops SQL Injection Vulnerability Author : DevilZ TM By D3v1l Homepage : http://www.DEVILZTM.com Email : [email protected]...
Joomla Component com_sbsfile Local File Inclusion
No description provided by source. InformatioN Title : Joomla Component comsbsfile Local File Inclusion Author : DevilZ TM By D3v1l Homepage : http://www.DEVILZTM.com Contact : [email protected] & [email protected] ExploiT Vulnerable File :...
TaskTracker <= 1.5 (Customize.asp) Remote Add Administrator Exploit
No description provided by source. !-- Title : TaskTracker All Version Remote Add Admin Exploit Author : ajann Contact : : S.Page : http://www.geckovich.com $$ : $39.99 - $19.99 -- FORM NAME=AddUser METHOD=POST ACTION=http://target/path/Customize.asp?a=Add style=word-spacing: 0; margin-top: 0;...
AWStats (6.0-6.2) configdir Remote Command Execution Exploit (perl code)
No description provided by source. !/usr/bin/perl ---GHC--------------------------------- Remote command execution exploit Product: Advanced Web Statistics 6.0 - 6.2 URL:http://awstats.sourceforge.net Greets & respects to our friends: 1dt.w0lf and all rst.void.ru Special greets 2 d0G4 & cr0n for...
LANDesk Management Gateway 'gsb/drivers.php'代码注入漏洞
No description provided by source. 1. Advisory Information Title: Landesk OS command injection Advisory Id: CORE-2010-1018 Advisory URL: http://www.coresecurity.com/content/landesk-os-command-injection-vulnerability Date published: 2010-11-10 Date of last update: 2010-11-10 Vendors contacted:...
BlogPHP 2.0 - Persistent XSS Vulnerability
No description provided by source...
WSMP3 0.0.x Remote Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7642/info A vulnerability has been reported in WsMp3. The problem occurs due to insufficient sanitization of HTTP GET requests. As a result, an attacker may be capable of accessing the contents of sensitive system...
Microsoft MSHTML.DLL CTIMEOUTEVENTLIST::INSERTINTOTIMEOUTLIST Memory Leak (0day)
No description provided by source...
PHP-post Web Forum 0.x.1.0 pm.php replyuser Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/20061/info PHP-Post is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting, SQL-injection, and remote file-include issues, because the application fails to sanitize user-supplied...
Phorum <= 5.2.11 Permanent Cross Site Scripting Vulnerabilities
No description provided by source. //----- Advisory Program : Phorum 5.2.11 and prior Homepage : http://www.phorum.org/ Discovery : 2009/07/16 Author Contacted : 2009/07/17 Found by : CrashFr This Advisory : CrashFr //----- Application description Started in 1998, Phorum was the original PHP and...
PHP 5.2 FOpen Safe_Mode Restriction-Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22261/info PHP is prone to a 'safemode' restriction-bypass vulnerability. Successful exploits could allow an attacker to write files in unauthorized locations; other attacks may also be possible. This vulnerability would ...
cPanel 9.9.1 -R3 Front Page Extension Installation Information Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/11456/info It is reported that cPanel is susceptible to an information disclosure vulnerability in its function to enable Front Page extensions. This vulnerability reportedly allows attackers to gain access to the content...
Le Forum 'Fichier_Acceuil' Parameter - Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28423/info Le Forum is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute malicious PHP code in the context of the webserv...
Microsoft Paint Integer Overflow Vulnerability (DoS) MS10-005
No description provided by source. Date: 2010-05-04 Version: 5.1.2600.2180 Tested on: Windows XP SP2 Exploit-DB Notes: Tested under 32-bit Windows XP SP3 ENG, MS Paint crashes. However, please note this exploit might not actually be related to MS10-005. Thanks to Yaniv Miron. !/usr/bin/perl $PoC ...
phpMyAdmin <= 3.0.1 'pmd_pdf.php' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/31928/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of a...
Google Chrome 0.2.149 - ftp:// URL Multiple File Format Handling XSS
No description provided by source. source: http://www.securityfocus.com/bid/31855/info Google Chrome 0.2.149 is prone to a cross-site scripting weakness that arises because the software fails to handle specially crafted files served using the FTP protocol. Successfully exploiting this issue may...
PhpMyAdmin 2.x sql.php pos Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. An attacker could...
WordPress Trashbin Plugin 0.1 'mtb_undelete' Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37097/info The Trashbin plugin for WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrar...
CuteNews 1.4.6 editnews Module doeditnews Action Admin Moderation Bypass
No description provided by source. source: http://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that...
Kaspersky Internet Security 2013 - Denial of Service Vulnerability
No description provided by source. I usually do not write security advisories unless absolutely necessary. This time I should, however I have neither the time, nor the desire to do so. But Kaspersky did not react, so ... quick and dirty: Kaspersky Internet Security 2013 and any other Kaspersky...
FlashBB <= 1.1.8 (sendmsg.php) Remote File Inclusion Vulnerability
No description provided by source. !/usr/bin/perl Flashbb = 1.1.7 - Remote File Inclusion Exploit Url: http://rapidshare.com/files/41426468/FlashBBAaeDueHFcu.zip Exploit: http://site.com/path/phpbb/sendmsg.php?phpbbrootpath=EvilScript: coded and f0und3d by kw3rln officeatrosecuritygroupdotnet...
Foojan PHPWeblog Html Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14658/info Foojan PHPWeblog is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input. Attacker-supplied HTML and script code would be executed in the context of the...
Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability
No description provided by source. Exploit Title: ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability Date: 2010-04-08 Author: ZSploit.com Software Link: N/A Version: N/A Tested on: IBM Informix Dynamic Server 10.0 CVE : CVE-2009-2754 ! /usr/bin/env python...
Manic Web MWGuest 2.1 MWguest.PHP HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17630/info MWGuest is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script cod...
Gnat-TGP <= 1.2.20 Remote File Include Vulnerability
No description provided by source. !/usr/bin/env python coding: utf-8 import re from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class GnatTGPRemoteFileIncludePOCBase: vulID = '67834' version = '1' vulDate = '2010-03-03' author = ' '...
MoinMoin 1.5.x Index.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23676/info MoinMoin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
Microsoft Internet Explorer 6.0 Nested OBJECT Tag Memory Corruption Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17658/info Microsoft Internet Explorer is prone to a memory-corruption vulnerability. This issue is due to a flaw in the application in handling nested OBJECT tags in HTML content. An attacker could exploit this issue via...
Rapid Classified 3.1 search.asp SH1 Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21197/info Rapid Classified is prone to multiple input-validation issues, including multiple cross-site scripting issues and an SQL-injection issue, because the application fails to properly sanitize user-supplied input. ...
Asterisk Recording Interface 0.7.15 Audio.PHP Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17641/info Asterisk Recording Interface is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this...