56796 matches found
PHP 4.x/5.0.x File Upload GLOBAL Variable Overwrite Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15250/info PHP is prone to a vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests. By exploiting this issue, remote attackers may be able to overwrite the GLOBAL variable. This may...
Digital UNIX 4.0/4.0 B/4.0 D SUID/SGID Core File Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/74/info Digital UNIX 4.0 will follow symlinks while writting core files if two setuid programs dump core in sucession. The core file is owned by root but with the user's groud id. The core file permissions are 0600. This...
ManageEngine Applications Manager Authenticated Code Execution
No description provided by source. $Id: manageengineappsmngr.rb 12281 2011-04-08 14:06:10Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
Zanfi CMS lite 1.2 - Multiple Local File Inclusion Vulnerabilities
No description provided by source. +Zanfi CMS lite / Jaw Portal free index.php page Multiple Local File Inclusion +Discovered by SirGod +MorTal TeaM +Greetz E.M.I.N.EM,Ras,Puscasmarin,ToxicBlood,HrN,Kemrayz,007m + Dork : Powered by: Zanfi Solutions + Local File Inclusion PoC :...
Docebo <= 3.0.3 - Multiple Remote File Include Vulnerabilities
No description provided by source...
Magic Photo Storage Website admin/approve_member.php _config[site_path] Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...
Linux Kernel 2.6.x '/proc/iomem' Sparc64 Local Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35415/info The Linux kernel is prone to a local denial-of-service vulnerability that attackers can exploit to cause an affected computer to crash. This issue affects the Linux kernel 2.6.22-rc1 through 2.6.29 on the sparc...
ESET Smart Security 4.2 and NOD32 Antivirus 4.2 (x32-x64) LZH archive parsing PoC Exploit
No description provided by source. ESET Smart Security 4.2 and NOD32 Antivirus 4.2 x32-x64 LZH archive parsing PoC exploit. Scanning of malicious file causes heap corruption in context of the service process ekrn.exe. See Dr. Watson log drwtsn32.log for details. USAGE: python esetlzh.py TEST.LZH...
Sun Java Plug-In 1.4 Unauthorized Java Applet Floppy Access Weakness
No description provided by source. source: http://www.securityfocus.com/bid/8867/info A weakness has been reported in Java implementations that may constitute unauthorized access by Java applets to floppy devices. This weakness appears to present a flaw in the Java security model. This issue was...
MyBulletinBoard RC4 index.php Username Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14553/info MyBulletinBoard is prone to multiple SQL injection vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...
Netscape 6.0/7.0 Style Sheet Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6937/info It has been reported that Netscape based browsers may be vulnerable to a denial of service condition when rendering certain style sheet code. If a malicious page is viewed the browser reportedly becomes unstable...
Seagate BlackArmor - Root Exploit
No description provided by source...
Cisco BBSM Captive Portal 5.3 - 'AccesCodeStart.asp' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29191/info Cisco BBSM Building Broadband Service Manager is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to...
UGroup 2.6.2 forum.php FORUM_ID Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/15591/info UGroup is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...
XM Easy Personal FTP Server <= 4.3 (USER) Remote Buffer Overflow PoC
No description provided by source. XM EASY PERSONAL FTP SERVER v4.3 http://www.securityfocus.com/archive/1/432960/30/0/threaded Buffer Overflow Vulnerability PoC [email protected] import socket import struct import time import sys buff='USER '+'A'5000+'\r\n' if lensys.argv!=3: print + Usage: %s i...
Joomla Component Calc Builder (id) Blind SQL Injection Vulnerability
No description provided by source...
ASPired2Protect Login Page SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27474/info ASPired2Protect is prone to an SQL-injection vulnerability because it fails to adequately sanitize user-supplied data. A successful exploit may allow an attacker to compromise the application, access or modify...
Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Foxit Reader 5.4.3.0920 Crash PoC
No description provided by source. Title : Foxit Reader suffers from Division By Zero Version : 5.4.3.0920 Date : 2012-09-28 Vendor : http://www.foxitsoftware.com/ Impact : Med/High Contact : coolkaveh at rocketmail.com Twitter : @coolkaveh tested : XP SP3 Bug : ---- division by zero vulnerabilit...
pyrocms 2.1.1 - Multiple Vulnerabilities
No description provided by source. PyroCMS 2.1.1 CRLF Injection And Stored XSS Vulnerability Vendor: HappyNinjas Ltd Product web page: http://www.pyrocms.com Affected version: 2.1.1 Community Summary: PyroCMS is a CMS built using the CodeIgniter PHP framework. Using an MVC architecture it was bui...
Ifenslave 0.0.7 Argument Local Buffer Overflow Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/7682/info ifenslave for Linux has been reported prone to a buffer overflow vulnerability. The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it is copied into an...
ISDNRep 4.56 Command Line Argument Local Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/8100/info isdnrep has been reported prone to a local command line argument buffer overflow vulnerability. The issue presents itself due do a lack of sufficient bounds checking performed on user-supplied data that is copie...
mUnky 0.01'index.php' Remote Code Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30705/info mUnky is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue allows attackers to cause the application to execute arbitra...
Havalite CMS 1.0.4 - Multiple Vulnerabilities
No description provided by source...
Memberkit 1.0 - Remote PHP File Upload Vulnerability
No description provided by source. ================================================================= =================Memberkit 1.0 Remote File Upload================ ================================================================= Vendor: http://www.memberkit.com/ Discovered: 12-30-08 Discovere...
Matt Wright FormHandler.cgi 2.0 Reply Attachment Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/799/info Any file that the FormHandler.cgi has read access to the cgi is typically run as user 'nobody' on Unix systems can be specified as an attachment in a reply email. This could allow an attacker to gain access to...
SolidWorks Workgroup PDM 2014 SP2 Opcode 2001 - Denial of Service
No description provided by source. ''' Exploit Title: SolidWorks Workgroup PDM 2014 SP2 Opcode 2001 Remote Code Execution Vulnerability Date: 2-18-2014 Author: Mohamed Shetta Email: mshetta |at| live |dot| com Vendor Homepage:...
Mike Bobbitt Album.PL 0.61 Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7444/info A remote command execution vulnerability has been reported for Album.pl. The vulnerability reportedly exists when alternate configuration files are used. The precise technical details of this vulnerability are...
ToCA Race Driver Multiple Remote Denial of Service Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/10492/info ToCA Race Driver is reportedly affected by multiple remote denial of service vulnerabilities. These issues are due to a failure of the application to handle exceptional network traffic. These issues may allow a...
Solaris 2.x/7.0/8 Xsun HOME Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2561/info The X11 server that ships with Sun Microsystems' Solaris, Xsun, contains a locally exploitable buffer overflow vulnerability. The condition is present when the value of the HOME environment variable is of...
MyWeight 1.0 - Remote Shell Upload Vulnerability
No description provided by source. ======================================================= +++++++++++++++++++ information +++++++++++++++++++++++ ======================================================= + Script :MyWeight 1.0 Shell Upload Vulnerability + D0rk : Powered By phplemon.com + Script si...
EZ Server 1.0 File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7378/info It has been announced that EZ Server is vulnerable to a condition that may result in the disclosure of potentially sensitive information through requests that have directory traversal sequences...
Metyus Forum Portal 1.0 Philboard_Forum.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25096/info Metyus Forum Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
Joomla! 1.6 - Multiple SQL Injection Vulnerabilities
No description provided by source. Source: http://www.securityfocus.com/bid/46846/info Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...
Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12459/info A remote URI-redirection vulnerability affects Microsoft Outlook Web Access. This issue occurs because the application fails to properly sanitize URI-supplied data. An attacker may leverage this issue to carry...
E-Manage MySchool 7.02 SQL Injection Vulnerability
No description provided by source. Exploit Title: SQL Injection MySchool Version 7.02 Google Dork: MySchool Version 7.02 Date: 05-21-2011 Software Link: http://em.com.eg/ Version: Version 7.02 Author: az7rb Tested on : winxp sp3 Ar end bt5 Homepage : www.p0c.cc Greetz : p0c Team & Dr.NaNo & All M...
Opera Web Browser 7.5x IFrame OnLoad Address Bar URL Obfuscation Weakness
No description provided by source. source: http://www.securityfocus.com/bid/10679/info Opera Web Browser is prone to a security weakness that may permit malicious web pages to spoof address bar information. It is currently not known if this issue is related to the Opera Web Browser Address Bar...
Lussumo Vanilla <= 1.1.10 'definitions.php' Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/38889/info Vanilla is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...
Novell GroupWise 5.57e/6.5.7/7.0 WebAccess Multiple Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/27582/info Novell GroupWise WebAccess is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an attacker to perform cross-sit...
Campsite 2.6.1 Publication.php g_documentRoot Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. Exploiting this issue allows remote attackers to execute code in the context of the webserver. This issue affects Campsite 2.6.1. Earlier...
Xvt 2.1 - Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2955/info Xvt is a terminal emulator for systems using X11R6. It is often installed setuid/setgid so that it runs with the enhanced privileges required to log user sessions. Xvt contains a buffer overflow in it's handling...
2Wire HomePortal Series - Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9463/info It has been reported that the software is allegedly prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory. This issue is reported t...
Mozilla Firefox 2.0.0.12 IFrame Recursion Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27812/info Mozilla Firefox is prone to a remote denial-of-service vulnerability because of the way the browser handles IFrames. Attackers can exploit this issue to make the browser unresponsive and cause denial-of-service...
Magic Photo Storage Website admin/list_members.php _config[site_path] Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...
CaupoShop Pro (2.x/ <= 3.70) Classic 3.01 Local File Include Vulnerability
No description provided by source. CaupoShop Pro 2.x/ = 3.70 Local File Include Vulnerability ----------------------------------------------------------------------------------------- Vuln Softwares : CaupoShop Pro 2.x CaupoShop Classic 3.01 CaupoShop Pro 3.70 Discovered By : Rami Salama Contact ...
Easy Hosting Control Panel Admin Auth Bypass
No description provided by source. Exploit Title: Easy Hosting Control Panel Admin Auth Bypass Google Dork: inurl:/ehcp/?op=applyfordomainaccount Date: 10/04/2011 Author: Jasman Software Link: https://launchpad.net/ehcp & http://www.ehcp.net Version: 0.29.10 - 0.29.13 Tested on: Ubuntu, Debian +...
DZCP (deV!Lz Clanportal) 1.5.4 - Local File Inclusion Vulnerability
No description provided by source. Vulnerability ID: HTB22656 Reference: http://www.htbridge.ch/advisory/lfiindzcp.html Product: DZCP Vendor: dzcp.de http://www.dzcp.de Vulnerable Version: 1.5.4 Vendor Notification: 13 October 2010 Vulnerability Type: Local File Inclusion Status: Fixed by Vendor...
VideoGirls view.php p Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/36168/info VideoGirls is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context...
OpenAutoClassifieds 1.0 Listing Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8972/info It has been reported that OpenAutoClassifieds is prone to a cross-site scripting vulnerability. The issue is reported to exist due insufficient sanitization of user-supplied data through the 'listings' parameter...
HP Operations Manager Default Manager 8.1 Account Remote Security Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/36253/info HP Operations Manager is prone to a remote security vulnerability. Operations Manager 8.1 for Windows is vulnerable; other versions may also be vulnerable. NOTE: This issue may be related to the issue documente...