7Shop <= 1.1 - Remote Arbitrary File Upload Exploit

No description provided by source. !/usr/bin/perl use warnings; use strict; use LWP::UserAgent; use HTTP::Request::Common; my $fname = rand1000 . .php; int.. yes i know PU! print INTRO; +++++++++++++++++++++++++++++++++++++++++++++++++++++ + 7Shop = 1.1 Remote Arbitrary File Upload + + Content-Ty...

DeluxeBB <= 1.2 - Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl -------------------------------------------------- DeluxeBB = 1.2 Remote Blind SQL Injection Exploit -------------------------------------------------- by athos - stakerathotmaildotit download on http://deluxebb.com...

RXGoogle.CGI 1.0/2.5 Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9575/info The rxgoogle.cgi search script is prone to a cross-site scripting vulnerability because the software fails to sanitize user input and allows various metacharacters that may facilitate cross-site scripting attack...

phpBB <= 2.0.19 (user_sig_bbcode_uid) Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl r57phpbba2e2.pl - phpBB admin 2 exec exploit version 2 based on usersigbbcodeuid bug tested on 2.0.12 , 2.0.13 , 2.0.19 -------------------------------------------- screen r57phpbba2e2.pl -u http://192.168.0.2/phpBB-2.0.19/ -L admin -P password...

Joomla Component n-forms 1.01 - Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print \n; print \n; print Mambot Component n-forms Blind SQL Injection Exploit \n; print Author:The Moorish :D \n; print Greetz:Team-dz,His0k4,x.CJP.x,Kader11000,c02,piRAte DIgitAL\n; print...

Norton AntiSpam 2004 SymSpamHelper ActiveX Control Buffer Overflow

No description provided by source. $Id: nis2004antispam.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

Mac OS X xnu <= 1228.3.13 (profil) Kernel Memory Leak/DoS PoC

No description provided by source. / xnu-profil-leak.c Copyright c 2008 by [email protected] Apple MACOS X xnu = 1228.3.13 local kernel memory leak/DoS POC by mu-b - Sat 16 Feb 2008 - Tested on: Apple MACOS X 10.5.1 xnu-1228.0.21/RELEASEI386 Apple MACOS X 10.5.2 xnu-1228.3.131/RELEASEI386 -...

Wireshark 1.0.0 - Multiple DoS

No description provided by source. source: http://www.securityfocus.com/bid/30020/info Wireshark is prone to multiple vulnerabilities, including an information-disclosure issue and denial-of-service issues. Exploiting these issues may allow attackers to obtain potentially sensitive information,...

Multiple IBM Products Login Page Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38412/info Multiple IBM products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

Joomla Component com_races Blind SQL Injection Vulnerability

No description provided by source. !/usr/bin/php ?php inisetmaxexecutiontime,0; printr' xDork:inurl:index.php?option=comraces raceId xJoomla comraces raceId Blind SQL Injection Exploit x Usage: Cristal.php http://url/index.php?option=comraces&task=result&raceId=272 '; if $argc 1 $url = $argv1; $r...

Marty Bochane MDBMS 0.9 xbx Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1252/info A vulnerability exists in the MDBMS database, written by Marty Bochane. By supplying a line of sufficient length to the MDBMS server, containing machine executable code, it is possible for a remote attacker to...

Cisco EPC3925 - Cross Site Request Forgery

Cisco EPC3925是美国思科（Cisco）公司的一款家用无线路由器设备。 Cisco EPC3925路由器中存在跨站请求伪造漏洞，该漏洞源于goform/Quicksetup URL没有正确验证请求。远程攻击者可借助Password和PasswordReEnter参数利用该漏洞更改密码。 Exploit Title: Cisco EPC3925 ? Cross Site Request Forgery Google Dork: N/A Date: 12-11-2013 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage:...

Prishtina FTP Client 1.x Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7671/info Prishtina FTP client is allegedly prone to a denial of service vulnerability. The condition is reportedly triggered when processing FTP server banners of excessive length. As a result, a malicious...

DUware DUclassmate 1.x default.asp iState Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14036/info DUclassmate is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker...

WebBiblio Subject Gateway System LFI Vulnerability

No description provided by source. Exploit Title: WebBiblio Subject Gateway System Local File Inclusion Vulnerability Date: June 06 2010 Author: AntiSecurity Software Link: http://webbiblio.sourceforge.net/ http://sourceforge.net/projects/webbiblio/files/ Version: WebBiblio version 3.0 Tested on:...

GNU Classpath 0.97.2 'gnu.java.security.util.PRNG' Class Entropy Weakness (2)

No description provided by source. source: http://www.securityfocus.com/bid/32909/info GNU Classpath is prone to a weakness that may result in weaker cryptographic security because its psuedo-random number generator PRNG lacks entropy. Attackers may leverage this issue to obtain sensitive...

phProfession 2.5 upload.php Direct Request Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/10190/info Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting and SQL injection vulnerabilities were reported. Exploitation o...

VBulletin 2.3.x Global.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20214/info vBulletin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

Canon GP300 Remote Malformed HTTP Get Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8121/info A problem in the Canon GP-300 has been reported in the handling of some types of malformed web requests. This issue could result in the denial of service to legitmate users of the print server. GET /...

FiberHome Modem Router HG-110 - Authentication Bypass To Remote Change DNS Servers

No description provided by source. Exploit Title: Directory Path Traversal FiberHome Modem Router HG-110 / Remote Change DNS Servers Date: 22/09/2013 Exploit Author: Javier Perez - [email protected] - @thes41nt Vendor Homepage: http://hk.fiberhomegroup.com/ Version: HG110BHV1.6 PoC: Remote...

VBulletin 1.0.1 lite/2.x/3.0 /admincp/template.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues t...

Magic News Pro <= 1.0.3 (script_path) Remote File Include Vulnerability

No description provided by source. ==================================================================== Magic News Pro = 1.0.3 scriptpath Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By Saudi Hackrz...

WoW Roster 1.5 hsList.php subdir Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/19269/info WoW Roster is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit may allow unauthorized users to execute remote PHP scripts;...

Alacate-Lucent OmniVista 4760 Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/26128/info OmniVista 4760 is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities may allow an attacker to...

Claroline <= 1.7.5 - Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/29162/info Claroline is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow a remote attacker to compromise the application...

FarsiNews 2.5.3 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/17701/info FarsiNews is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. An attacker may leverage these issues to have...

CodeIgniter 1.0 'BASEPATH' Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/38672/info CodeIgniter is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and...

KAPhotoservice 7.5 edtalbum.asp Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/18379/info KAPhotoservice is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in...

Allomani Songs & Clips Script 2.7.0 - [CSRF] Add Admin Account

No description provided by source. Exploit Title: Allomani & Clips v2.7.0 - CSRF Add Admin Account Date:25 -06-2010 Author: G0D-F4Th3rG0D-F4Th3r Software Link: http://allomani.com html body onload=javascript:fireForms form method=POST name=form0 action= http://www.site.com/path/admin/index.php...

File Transfer 1.2 - Request File Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28453/info File Transfer is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to access arbitrary files outside of th...

WordPress 2.0.5 Functions.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21004/info WordPress is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlyi...

Allomani Audio and Video Library 2.7.0 - CSRF Vulnerability (Add Admin)

No description provided by source. Audio & Video Library 2.7.0 XSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://allomani.com/en/audioandvideoscript.html === Exploit === form method=POST...

Baby Katie Media VSReal and VScal 1.0 myslideshow.php title Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/18350/info vsREAL and vSCAL are prone to multiple cross-site scripting vulnerabilities. These issues are due to the applications' failure to properly sanitize user-supplied input. An attacker may leverage these issues to...

Instant Photo Gallery 1.0 portfolio.php cat_id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17696/info Instant Photo Gallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. An attacker may leverage these issues...

PageDirector CMS Multiple Vulnerabilities

No description provided by source. Exploit Title : PageDirector CMS Multiple Vulnerabilities Date : 20 - 6 - 2010 Author : Tr0y-x Vendor : www.customerparadigm.com Version : All Versions Tested on : Linux Home : WwW.SeC-WaR.CoM http://www.sec-war.com/ Price : 675.00 $ loooooolz -== SQL Injection...

FunkyASP AD System 1.1 - Remote Shell Upload Vulnerability

No description provided by source. FunkyASP AD System v1.1 Remote Shell Upload script: http://www.funkyasp.co.uk/cats.asp?id=1&currency=GBP ---------------------------------------------------------- Discovered By: ZoRLu Date: 04.04.2009 Home: yildirimordulari.com / experl.com / z0rlu.blogspot.com...

Norton Antivirus < 2005 Remote Stack Overflow Exploit

No description provided by source. !-- Tested on Corp Edition and didn't work / str0ke -- head title/title /head body script...

BlueSkyChat ActiveX Control 8.1.2 Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25149/info BlueSkyChat ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this...

thttpd 2.2x defang Remote Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/8906/info A vulnerability has been reported in thttpd that may allow a remote attacker to execute arbitrary code on vulnerable host. The issue is reported to exist due to a lack of bounds checking by software, leading to ...

Solaris 2.6/7/8 SPARC xlock Heap Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3160/info Xlock is a utility for locking X-windows displays. It is installed setuid root because it uses the user's password to authorize access to the display when it is locked. The version of xlock that ships with Solar...

Pre Online Tests Generator Pro SQL Injection Vulnerability

No description provided by source...

MiraksGalerie <= 2.62 (pcltar.lib.php) Remote File Include Exploit

No description provided by source...

Persism CMS <= 0.9.2 system[path] Remote File Inclusion Vulnerabilities

No description provided by source. Persism Content Management System = 0.9.2 Multiple Remote File Inclusion Vulnerabilities D.Script: http://www.persism.com/emil/0.9.2/0.9.2.tar.gz Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc...

Escape From PDF

No description provided by source...

AROUNDMe <= 1.1 (language_path) Remote File Include Exploit

No description provided by source...

Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability

No description provided by source. ScanAlert Security Advisory - http://www.scanalert.com Directory Listing in Apache Tomcat 5.x.x Date: 07/21/2006 Vendor: Apache Package: Tomcat Versions: 5.x.x 5.0.28, 5.5.12, 5.5.9, and 5.5.7 . Confirmed Credit: ScanAlert.s Enterprise Services Team. Overview:...

cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability

No description provided by source...

RedHat Linux 5.0/5.1/5.2,Slackware Linux <= 3.5 klogd Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/398/info It is possible to cause a denial of service remote and local through generating old, obscure kernel messages not terminated with \n in klogd. The problem exists because of a buffer overflow in the klogd handling ...

Ascended Guestbook <= 1.0.0 (embedded.php) File Include Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+:...

Tkai's Shoutbox Query Parameter URI Redirection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12914/info Tkai's Shoutbox is reported prone to a remote URI redirection vulnerability. It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through the 'query' parameter of a...