Land Down Under 700/701/800/801 index.php c Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14685/info Land Down Under is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...

Alt-N MDaemon 2-8 Remote Pre-Authentication IMAP Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18129/info Alt-N MDaemon IMAP Server is susceptible to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to an...

SolarPay Index.PHP Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22722/info SolarPay is prone to a local file-include vulnerability because the utility fails to properly sanitize user-supplied input. Successfully exploiting this issue allows attackers to gain access to files located in...

Vilistextum 2.6.6 HTML Attribute Parsing Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11979/info Vilistextum is prone to a buffer overflow vulnerability. This issue is exposed when the application parses HTML attributes while converting an HTML file to text/ASCII. Since HTML files will likely originate fro...

FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (3)

No description provided by source. source: http://www.securityfocus.com/bid/2666/info A number of TCP/IP stacks are vulnerable to a loopback condition initiated by sending a TCP SYN packet with the source address and port spoofed to equal the destination source and port. When a packet of this sor...

InterAKT Online MX Shop 1.1.1 - SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12957/info MX Shop is reportedly affected by an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. This vulnerability...

Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

VBulletin 3.0.14 global.php Encoded URL XSS

No description provided by source. source: http://www.securityfocus.com/bid/19358/info vBulletin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the...

QuickDev 4 Php Database Disclosure Vulnerability

No description provided by source...

Inktomi Search Software 3.0 Source Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2061/info A vulnerability exists in version 3.0 of Ultrseek server aka Inktomi Search. Due to a failure to properly validate user-supplied input, URLs submitted by a remote user of the form:...

GNUnet <= 0.7.0d (Empty UDP Packet) Remote Denial of Service Exploit

No description provided by source. GNUnet = 0.7.0d Empty UDP Packet Remote Denial of Service Exploit http://www.exploit-db.com/sploits/05152006-udpsz.zip...

phpRPG 0.8 /tmp Directory PHPSESSID Cookie Session Hijacking

No description provided by source. source: http://www.securityfocus.com/bid/26884/info phpRPG is prone to two vulnerabilities: - An SQL-injection vulnerability - A vulnerability that lets remote attackers gain access to sessions. Exploiting these issues may allow an unauthorized user to steal...

Symantec AntiVirus IOCTL Kernel Privilege Escalation Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/20360/info Symantec AntiVirus is prone to a privilege-escalation vulnerability. Local attackers can exploit this issue to corrupt memory and execute arbitrary code with kernel-level privileges. Successful exploits may...

Hosting Controller 1.x Browse.ASP File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4778/info Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. The 'browse.asp' script is prone to an issue which ma...

MKPortal 1.0.1 Index.PHP Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18707/info MKPortal is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable...

Zimbra Collaboration Server - LFI

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit3 Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include...

WikiWebHelp <= 0.3.3 Insecure Cookie Handling Vulnerability

No description provided by source...

Kordil EDMS 2.2.60rc3 - Unauthenticated Arbitrary File Upload Vulnerability

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

Netwin SurgeFTP 1.0 b Malformed Request Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2442/info SurgeFTP is a FTP Server distributed and maintained by Netwin. SurgeFTP is a configurable, easily maintained ftp server, functional on both the UNIX and Windows platforms. A problem with the SurgeFTP program cou...

id Software Doom 3 Engine Console String Visualization Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25893/info id Software Doom 3 engine is prone to a format-string vulnerability. Exploiting this issue will allow attackers to execute arbitrary code with the permissions of a user running the application. Failed attacks...

Recipe Script 5.0 - Shell Upload/CSRF/XSS Multiple Vulnerabilities

No description provided by source. ----------------------------------------------------------------------------------------------- Title: Recipe Script v5.0 Shell Upload/XSRF/XSS Multiple Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 16. December 2009...

Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability

No description provided by source. Source: Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability Download: http://preproject.com/products.asp Dork: inurl:Powered by: PreProjects + detail.php?prodid=694 Author: [email protected] Exploit : http://server/detail.php?prodid=999999+UNION...

Limny 1.01 - Remote File Upload Vulnerability

No description provided by source. ----------exploit Debut Remote File Upload Vulnerability ----------Script Info Moi : JIKO Site : No-exploit.Com Email : : ----------Script Info Site:http : limny.org ----------exploit Info 13 Action the first setup register if the register active...

ConvexSoft DJ Audio Mixer - Denial of Service Vulnerability

No description provided by source. Exploit Title :ConvexSoft DJ Audio Mixer Denial of Service Vulnerability Software : ConvexSoft DJ Audio Mixer Software link :...

cyberBB 0.6 - Multiple Remote SQL Injection Vulnerabilities

No description provided by source. Name : cyberBB v. 0.6 Multiply Remote SQL Injection Vulnerabilities Author : cOndemned Dark-Coders Greetz : Avantura, str0ke, ZaBeaTy, voo|doo, irk4z, and many, many more... Conditions : Magic quotes gpc = On & Off / User must be logged into source of...

myBloggie 2.1.1 - 2.1.2 - SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w SQL Injection Exploit for myBloggie 2.1.1 - 2.1.2 This exploit show the username of the administrator of the blog and his password crypted in MD5 Related advisories: Italian...

PolyPager 0.9.51/1.0 'nr' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29975/info PolyPager is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Auto Classifieds Script 2.0 - Add Admin CSRF Vulnerability

No description provided by source. Auto Classifieds Script v2.0 - CSRF Vulnerabilty Add Admin ==================================================================== .:. Author : HackXBack .:. Contact : [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script :...

Joomla Component Answers 2.3beta - Multiple Vulnerabilities

No description provided by source. Exploit Title: Joomla Component Answers v2.3beta Multiple Vulnerabilities Date: 25 May 2010 Author: jdc Software Link: http://extensions.joomla.org/extensions/communication/forum/12652 Version: 2.3beta Tested on: PHP5, MySQL5 Blind SQL Injection...

ilchClan <= 1.05g (tid) Remote SQL Injection Exploit

No description provided by source. ? errorreportingEERROR; function xssinit if !extensionloaded'phpcurl' if !dl'curl.so' and !dl'phpcurl.so' and !dl'phpcurl.dll' die oo error - cannot load curl extension!; function xssheader echo...

HappyMall E-Commerce Software 4.3/4.4 Normal_HTML.CGI Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7529/info It has been reported that a problem in the HappyMall E-Commerce software package could allow an attacker to pass arbitrary commands through the normalhtml.cgi script. This could lead to attacks against system...

HP OpenView Network Node Manager getnnmdata.exe (ICount) CGI Buffer Overflow

No description provided by source. $Id: hpnnmgetnnmdataicount.rb 12121 2011-03-24 00:49:33Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

Linux Kernel 2.6.x - 'make_indexed_dir()' Local Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/33618/info The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly handle malformed filesystem images. Attackers can exploit this issue to cause the kernel to crash, denying servi...

MySQLDumper 1.21 SQL.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20460/info MySQLDumper is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to execute attacker-supplied script code ...

memorial web site script - (id) SQL Injection Vulnerability

No description provided by source. / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID...

RTTucson Quotations Database - Multiple Vulnerabilities

No description provided by source. / / / \ / / / / / / / / / / / // / / / / / / // / // / / / / | // / / / / / // / / / // / /,// /////,// ///// , / // RTTucson Quotations Database Script, Multiple Vulnerabilities Software Page: http://www.rttucson.com/index.html Script Demo:...

Simple OS CMS 0.1c_beta 'login.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27589/info Simple OS CMS is prone to an SQL-injection vulnerability because it fails to adequately sanitize user-supplied data. A successful exploit may allow an attacker to compromise the application, access or modify...

AVerCaster Pro RS3400 Web Server Directory Traversal

No description provided by source. Exploit Title: AVerCaster Pro RS3400 web server directory traversal Date: 2012-10-06 Exploit Author: Patrick Saladino Vendor Homepage: http://www.avermedia.com/product/ProductDetail.aspx?Id=560 Version: v.3.1.20 Tested on: Not relevant CVE : none yet Hello, I ju...

Microsoft Windows Media Player 7.0 .ASX Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1980/info Windows Media Player is an application used for digital audio, and video content viewing. An unsafe buffer copy involving remotely-obtained data exists in the Active Stream Redirector ASX component in Windows...

GEDCOM_TO_MYSQL php/info.php - Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/29048/info GEDCOMtoMySQL2 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

Squid 2.0-4 Cache FTP Proxy URL Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4148/info A buffer overflow exists in the Squid proxy server's FTP URL handling. If a user has the ability to use the Squid process to proxy FTP requests, it may be possible for the user make a malicious request. By sendi...

CubeCart 3.0.x view_doc.php view_doc Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied...

Open Educational System 0.1 beta 'CONF_INCLUDE_PATH' Parameter Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/38449/info Open Educational System is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...

Photokorn 1.542 Cross Site Scripting and Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/37559/info Photokorn is prone to a cross-site scripting vulnerability and a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these issues to execute...

Adobe Illustrator CS5.5 Memory Corruption Exploit

No description provided by source. Felipe Andres Manzano [email protected] ''' The vulnerable function follows... ---------------------------------- .text:004A7200 ; =============== S U B R O U T I N E ======================================= .text:004A7200 .text:004A7200 ; Attribute...

Apple Quick Time Player (Windows) 7.7.3 - Out of Bound Read

No description provided by source. Title: Apple Quick Time Player WindowsVersion 7.7.3 Out of Bound Read Date: 28th January,2013 Author: Debasish Mandal https://twitter.com/debasishm89 Blog : http://www.debasish.in/ Vendor Homepage: http://www.apple.com/ Software Link:...

PHPTB Topic Board 2.0 dev_o.php absolutepath Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/14592/info PHPTB is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to...

MicroWorld eScan Antivirus < 3.x Remote Root Command Execution

No description provided by source. !/usr/bin/env python import sys from socket import auther: Mohammed almutairi [email protected] MicroWorld eScan Antivirus 3.x Remote Root Command Execution Package MWADMIN package vulnerabilities linux The Base Packages MWADMIN and MWAV must be installed...

IBM Tivoli Directory Server 6.0 Unspecified LDAP Memory Corruption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16593/info IBM Tivoli Directory Server is prone to an unspecified memory corruption. This issue may be triggered by malformed LDAP data. The exact impact of this vulnerability is not known at this time. Although the issue...

Eggblog 3.1 admin/comments.php edit Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21134/info Eggblog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the...