56796 matches found
RedHat Linux 5.0/5.1/5.2,Slackware Linux <= 3.5 klogd Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/398/info It is possible to cause a denial of service remote and local through generating old, obscure kernel messages not terminated with \n in klogd. The problem exists because of a buffer overflow in the klogd handling ...
Ascended Guestbook <= 1.0.0 (embedded.php) File Include Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+:...
Tkai's Shoutbox Query Parameter URI Redirection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12914/info Tkai's Shoutbox is reported prone to a remote URI redirection vulnerability. It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through the 'query' parameter of a...
Epson EventManager <= 2.50 Denial of Service
No description provided by source. Luigi Auriemma Application: Epson EventManager http://www.epson.com Versions: = 2.50 Platforms: Windows Bug: Denial of Service Exploitation: remote Date: 14 Mar 2012 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug 3 The...
AvailScript Job Portal Script 'applynow.php' - SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/31101/info AvailScript Job Portal Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attack...
TFTgallery 0.13 'sample' Parameter Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/36898/info TFTgallery is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in th...
rsync <= 2.5.1 - Remote Exploit
No description provided by source. / 7350fuqnut - rsync = 2.5.1 remote exploit -- linux/x86 ver. current version 2.5.5 but bug was silently fixed it appears so vuln versions still ship, maybe security implemecations were not recognized. we can write NULL bites below &line0 by supplying negative...
MyPHPSoft MyPHPLinks 2.1.9/2.2 - SQL Injection Administration Bypassing
No description provided by source. source: http://www.securityfocus.com/bid/6395/info MyPHPLinks is a freely available, open source PHP application distributed by MyPHPSoft. It is available for Unix, Linux, and Microsoft Windows operating systems. It has been reported that a problem with the...
Matt Kruse Calendar Script 2.2 Arbitrary Command Execution
No description provided by source. source: http://www.securityfocus.com/bid/1215/info Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the Internet. It allows a website administrator to easily setup and customize a calendar on their website. There are two...
FishCart 3.1 upstracking.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/13499/info FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit of the SQL-injection issues coul...
e107 website system 0.7.5 news.php Query String (PATH_INFO) Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/19997/info e107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. An attacker may levearge this issue to have arbitrary script code execute in the...
PostNuke <= 0.763 (PNSV lang) Remote Code Execution Exploit
No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...
CubeCart 3.0.x Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/19563/info CubeCart is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful...
XHP CMS <= 0.5 (upload) Remote Command Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo XHP CMS = 0.5 remote cmmnds xctn\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; echo dork: \powered by XHP CMS\r\n\r\n; if $argc4 echo Usage: php .$argv0. host path cmd...
Apache ActiveMQ 5.2/5.3 Source Code Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/39636/info Apache ActiveMQ is prone to a vulnerability that lets attackers access source code because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary fil...
Opera Web Browser 7.53 Location Replace URI Obfuscation Weakness
No description provided by source. source: http://www.securityfocus.com/bid/10810/info Opera Web Browser is prone to a security weakness that may permit malicious web pages to spoof address bar information. This issue is due to a race condition error. This issue may be leveraged by an attacker to...
UBBCentral UBB.threads 6.2.3/6.5 online.php Cat Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/11900/info It is reported that UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input prior to including...
vSignup 2.1 - Remote SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6606/info A vulnerability has been discovered in vSignup. It has been reported that various PHP scripts used by vAuthenticate are prone to SQL injection attacks. This issue may be exploited by an unauthorized attacker to...
Webfroot Shoutbox 2.32 Viewshoutbox.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9289/info Webfroot Shoutbox is prone to a cross-site scripting vulnerability in the 'viewshoutbox.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via UR...
PHPKit 1.6 Include.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8960/info PHPKIT is reported to be prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of HTML from URI parameters, which will be displayed in web pages that are dynamically generated b...
OpenBB 1.0 Board.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9303/info OpenBB is prone to a cross-site scripting vulnerability in the 'board.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via URI parameters. This...
Sockso <= 1.51 - Persistent XSS
No description provided by source. Application: Sockso http://sockso.pu-gh.com Versions: = 1.5 Platforms: Windows, Mac, Linux Bug: Persistant XSS Exploitation: remote Date: 11 May 2012. Author: Ciaran McNally Web: http://smwyg.com/blog/sockso-persistant-xss-attack Google Dork: inurl:4444 sockso 1...
Spaceacre Multiple SQL Injection Vulnerability
No description provided by source. Spaceacre Multiple SQL Injection Vulnerability by Wiro Sablenk aka Gendenk vendor :http://www.spaceacre.com/ dork: Designed by Spaceacre poc: http://target/cat1.php?catID=SQL http://target/cat2.php?catID=SQL http://target/cat3.php?catID=SQL...
Cherokee 0.1.x/0.2.x/0.4.x Error Page Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9496/info Cherokee has been reported to contain a cross-site scripting vulnerability via error pages. An attacker can exploit this issue by crafting a URI link containing the malevolent HTML or script code, and enticing a...
Apache Tomcat 5.5.25 - CSRF Vulnerabilities
No description provided by source. +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Apache Tomcat 5.5.25 CSRF Vulnerabilities Date : 10-24-2013 Author : Ivano Binetti http://ivanobinetti.com Author :...
eRoom 6.0 Plug-In Insecure File Download Handling Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14176/info The eRoom plug-in is prone to an insecure file download handling vulnerability. The issue is due to a design fault, where files that are shared by users are apparently passed to default file handlers when...
D-Link VoIP Phone Adapter - XSS/CSRF Remote Firmware Overwrite
No description provided by source. D-link VoIP Phone Adapter XSS and XSRFremote firmware overwrite model number: DVG-2001s f/w version 1.00.007 Better than just remote code execution, you control the firmware. html form action=http://10.1.1.166/Forms/cbiSetSWUpdate?16640,0,0,0,0,0,0,0,0 method=PO...
Ebay Clone from clone2009 SQL Injection Vulnerabilities
No description provided by source. / Name : Ebay Clone from clone2009.comhttp://clone2009.com Site : http://www.clone2009.com/ Author : Hamza 'MizoZ' N. Email : mizozxatgmaildotcom Greetz : Zuka , GreyMen : / 1st SQL injection : File : gotourl.php , Get : id...
JSPWiki 2.1 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11746/info It is reported that JSPWiki is susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input prior to including it in...
Joomla! and Mambo 'com_omnirealestate' Component - 'objid' Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27783/info The 'comomnirealestate' component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this...
FTPFS 0.1.1/0.2.1/0.2.2 mount Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2498/info FTPFS is a Linux kernel module allowing users to mount remote files from any standard FTP server as a local filesystem. A version of FTPFS is vulnerable to a buffer overflow leading to a denial of service, and...
Papoo 2.1.2 print.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/16020/info Papoo is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation...
Alibaba Clone Platinum (about_us.php) SQL Injection Vulnerability
No description provided by source. ------------------------------------------------------------------------------------------- Alibaba Clone Platinum aboutus.php SQL Injection Vulnerability ------------------------------------------------------------------------------------------- Author: CoBRa21...
Jevontech PHPenpals PersonalID SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16109/info Jevontech PHPenpals is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitatio...
Quick Classifieds 1.0 - controlpannel/createP.php3 DOCUMENT_ROOT Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the applicati...
Enthrallweb eHomes homeDetail.asp AD_ID Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/21193/info eHome is prone to multiple input-validation vulnerabilities, including cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploi...
PortailPHP 2 mod_news/index.php chemin Parameter Traversal Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/22381/info PortailPHP is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to execute arbitrary...
MollenSoft Lightweight FTP Server 3.6 - Remote Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10429/info Lightweight FTP Server is prone to a remote buffer overflow vulnerability. This vulnerability can potentially allow a remote attacker to execute arbitrary code in the context of the server process. This issue...
PHP Classifieds ADS (sid) Blind SQL Injection Vulnerability
No description provided by source. Title: PHP CLASSIFIEDS ADS Price: $49 Link : http://www.sellatsite.com/sellatsite/phpclass.asp Author: BorN To K!LL - h4ck3r 3xploit: /detail.php?sid=Blind-Injection 3xample: http://www.example.com/classi/detail.php?sid=80 and 1=1-- // True ,,...
Microsoft Internet Explorer 6.0 Shell.Application Object Script Execution Weakness
No description provided by source. source: http://www.securityfocus.com/bid/10652/info Microsoft Internet Explorer is reported prone to a security weakness that may permit malicious HTML documents the ability to execute script code. This script code has the ability to alter registry settings that...
Linux Kernel 2.4/2.6 Sigqueue Blocking Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10096/info A vulnerability has been reported in the Linux Kernel that may permit a malicious local user to affect a system-wide denial of service condition. This issue may be triggered via the Kernel signal queue struct...
Binary Board System 0.2.5 toc.pl board Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/15913/info binary board system is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issue...
Azerbaijan Development Group AzDGDatingPlatinum 1.1 .0 view.php id Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/13082/info AzDGDatingPlatinum is reported prone to multiple vulnerabilities. The following specific issues were identified: - Multiple SQL-injection vulnerabilities. These issues could permit remote attackers to pass...
Secure Network Messenger <= 1.4.2 - Denial of Service Exploit
No description provided by source. !/usr/bin/perl use IO::Socket; print \nSecure Network Messenger Crasher by ClearScreen\n; print \nEnter host to crash: ; $h = STDIN; chomp $h; $socks = IO::Socket::INET-new Proto = tcp, PeerPort = 6144, PeerAddr = $h or die \nNo response from host.; sleep 1; pri...
Microsoft Windows 98SE User32.DLL Icon Handling Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13791/info The Microsoft 'user32.dll' library is prone to a denial of service vulnerability. The issue manifests when the library handles icon .ico files containing large size values. Reports indicate that this issue exis...
IrfanView <= 4.00 .IFF File Buffer Overflow Exploit
No description provided by source. / IrfanView = 4.00 .IFF File Buffer Overflow IrfanView is vulnerable to an unspecified buffer overflow when processing a crafted .IFF file. This exploit runs calc.exe or binds shell to port 4444. Tested against Win XP SP2 FR. Have Fun! Coded and discovered by...
Aardvark Topsites PHP 5.2 'index.php' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35506/info Aardvark Topsites PHP is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...
Hotel / Resort Site Script with OnLine Reservation System
No description provided by source. Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Hotel / Resort Site Script with OnLine Reservation System SQLi Vulnerable Published: 2010-06-08 Vendor url:http://www.mformula.com.br Greetz to:Sid3^effects, aaNumb, M4n0j and to all ICW members...
AlienVault OSSIM 3.1 Reflected XSS and Blind SQL Injection
No description provided by source. !/usr/bin/python ''' AlienVault has a reflected XSS vulnerability in the url parameter of top.php. Proof of Concept: Enticing a logged in user to visit the following URL where an attacker is hosting an cookie grabber will allow for the hijacking of the user...
XT:Commerce 3.04 Index.PHP Local File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22698/info xt:Commerce is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts...