Batch Audio Converter Lite Edition <= 1.0.0.0 - Stack Buffer Overflow (SEH)

No description provided by source. Software Link: http://www.freesoftwaretoolbox.com/files/batchaudiosetup.exe Tested on: Windows XP SP2 Type of Vuln: SEH Code : bacon-exploit.py Greetz: Otoy, Postnix, Jasakom Community, Kilurah, Gesang, dan wedus-wedus lainnya ^^ Thanks: All OffSec member...

CoolPlayer 2.18 - DEP Bypass

No description provided by source. Exploit Title: CoolPlayer 2.18 DEP Bypass Date: January 2, 2011 Author: Blake Version: 2.18 Tested on: Windows XP SP3 running in Virtualbox Uses SetProcessDEPPolicy to disable DEP for the process Thanks to mrme for the encouragement Exploit-DB Notes: May not wor...

GWebmail 0.7.3 XSS & LFI RCE Vulnerabilities

No description provided by source. !/usr/bin/python ''' Exploit Title: XSS & LFI RCE Vulnerabilities in GWebmail Date: 11/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: https://www.gwebmail.net Software Link: https://www.gwebmail.net/download/ Version: 0.7.3 Gr33Tz: @aviadgolan ,...

PHPAuctionSystem Upload Vulnerability

No description provided by source...

LoudBlog 0.41 backend_settings.php language Parameter Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote...

Hanterm 3.3 - Local Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/4050/info Hanterm is a replacement for xterm which includes Hangul support, used for Korean language systems. A buffer overflow error exists in hanterm. If it is called locally with a maliciously constructed parameter, it...

Novell Netware XNFS.NLM STAT Notify Remote Code Execution

No description provided by source. Application: Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability Platforms: Novell Netware 6.5 SP8 Exploitation: Remote code execution CVE Number: Novell TID: 5117430 ZDI: ZDI-12-07 PRL: 2012-01 Author: Francis Provencher Protek Research Lab'...

BlogEngine.NET 1.4 'search.aspx' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34227/info BlogEngine.NET is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site a...

Joomla com_niceajaxpoll <= 1.3.0 - SQL Injection Vulnerability

No description provided by source. Title : Joomla comniceajaxpoll = 1.3.0 SQL Injection Vulnerability Author : Patrick de Brouwer - @knickz0r NLSecurity - www.nlsecurity.org Dork : inurl:/index.php?option=comniceajaxpoll Software : Joomla component Nice Ajax Poll = 1.3.0...

Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 beta Mail Logging Buffer Overflow (1)

No description provided by source. source: http://www.securityfocus.com/bid/1158/info Sniffit is a freely available, open source network monitoring tool. It is designed for use on the Unix and Linux Operating Systems. Sniffit contains a remotely exploitable buffer overflow vulnerability. If Sniff...

AN HTTPD CMDIS.DLL Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13066/info AN HTTPD is reported prone to a remote buffer overflow vulnerability. Specifically, the issue presents itself in 'cmdIS.DLL' which calls the 'GetEnvironmentStrings' function to copy environment variables into a...

PHPFreeNews 1.x Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14439/info PHPFreeNews is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issue to have...

MDweb <= 1.3 (chemin_appli) Remote File Include Vulnerabilities

No description provided by source...

PHP-Calendar 1.1 update10.php configfile Parameter Traversal Local File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/37450/info PHP-Calendar is prone to multiple remote and local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to execute arbitrary...

LPRng use_syslog Remote Format String Vulnerability

No description provided by source. $Id: lprngformatstring.rb 9666 2010-07-03 01:09:32Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

Wordpress Dimension Theme - CSRF Vulnerability

No description provided by source. Title : Wordpress Dimension Themes CSRF File Upload Vulnerability Author : DevilScreaM Date : 11/17/2013 - 17 November 2013 Category : Web Applications Type : PHP Vendor : http://themeforest.net Download :...

DotNetNuke Remote File upload Vulnerability

No description provided by source. DotNetNuke Remote File upload Vulnerability Prodcut: DotNetNuke Home : www.DZ4All.cOm/Cc Vunlerability : Remote File upload Risk : High Dork : inurl:tabid/176/Default.aspx or inurl:portals/0/ Original discovery and credit goes to: Alireza Afzali of ISCN Team Fou...

Sambar 5.x Open Proxy and Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10256/info Sambar improperly validates the IP address of an originating connection and can be used to gain access the administration interface without authorization. Once the remote attacker has gained access to the...

Phorum 5.1.20 admin.php Groups Module Edit/Add Group Field SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the...

Real player 14.0.2.633 - 0day Buffer overflow/DOS Exploit

No description provided by source. !/usr/bin/perl +Exploit Title: Real player 14.0.2.633 Buffer overflow/DOS Exploit +Software Link: www.soft32.com/download122615.html +Software: Real player +Version: 14.0.2.633 +Tested On: WIN-XP SP3 + Date : 31.03.2011 + Hour : 13:37 PM Similar Bug was found by...

ViArt CMS forums.php category_id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/36003/info ViArt CMS is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context ...

CubeCart 3.0.x view_order.php order_id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied...

CoolPlayer 2.19 - (PlaylistSkin) Buffer Overflow Exploit

No description provided by source. !/usr/bin/perl coolplayerbof.pl Jeremy Brown [email protected]/jbrownsec.blogspot.com CoolPlayer BUILD 219 'PlaylistSkin' Buffer Overflow Exploit http://coolplayer.sourceforge.net TCP 0.0.0.0:4444 0.0.0.0:0 LISTENING C:\Documents and Settings\Administrator...

Apple Mac OS X Server 10.5 - Wiki Server Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28278/info Apple Mac OS X Server Wiki Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to access arbitrary...

FirmWorX 0.1.2 - Multiple Remote File Inclusion Vulnerabilities

No description provided by source. DeltaSecurityTEAM WwW.DeltaSecurity.iR Portal Name = FirmWorX 0.1.2 Class = Remote File Inclusion Risk = High Remote File Execution Download = http://firmworx.sourceforge.net Discoverd By = DeltahackingTEAM User In Delta Team = Dav00dCracker Conatact =...

IRIX 6.5.x Performance Co-Pilot Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4642/info Performance Co-Pilot PCP is a set of services to support system-level performance monitoring developed by SGI. It has traditionally been an IRIX product, however SGI has made it open source and it is now availab...

Root Exploit Western Digital's WD TV Live SMP/Hub

No description provided by source. Introduction ============ The WD TV Live Streaming Media Player is a consumer device to play various audio and video formats. Additionally it allows access to multiple video streaming services like Netflix, Hulu or Youtube.1 The device allows customization of it...

phpmoneybooks 1.03 - Stored XSS

No description provided by source. Exploit Title: phpmoneybooks 1.03 Stored XSS Date: Jun 28, 2012 Exploit Author: chap0 - chap0.blogspot.com - @chap0 Vendor Homepage: http://phpmoneybooks.com/ Software Link: http://sourceforge.net/projects/phpmoneybooks/files/phpMoneyBooks103.zip/download Versio...

ProFTPD 1.2 pre6 snprintf Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/650/info Lack of user input validation in ProFTPD can lead to a remote root vulnerability. On systems that support it ProFTPD will attempt to modify the name of the program being executed argv0 to display the command bein...

Oracle9iAS Web Cache 2.0 - Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3443/info A buffer overflow condition can be triggered in Oracle 9iAS Web Cache 2.0.0.1.0 by submitting a malicious URL. This overflow can lead to either the process exiting, the process hanging, or the injection of...

Web@all <= 1.1 - Remote Admin Settings Change

No description provided by source. =========================================== Web@all = 1.1 Remote Admin Settings Change =========================================== Author: giudinvx Email: giudinvxatgmaildotcom Date: 27/12/2010 Site: http://www.giudinvx.altervista.org/...

Oxygen2PHP <= 1.1.3 (forumdisplay.php) Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl 0-Day Oxygen2PHP = 1.1.3 forumdisplay.php Remote Blind SQL Injection Exploit Coded By Dante90, WaRWolFz Crew Bug Discovered By: Dante90, WaRWolFz Crew use strict; use LWP::UserAgent; use HTTP::Request::Common; use Time::HiRes; use IO::Socket; my...

Able2Extract and Able2Extract Server 6.0 - Memory Corruption

No description provided by source. Exploit Title: Able2Extract and Able2Extract Server v 6.0 Memory Corruption Date: June 24 2012 Exploit Author: Carlos Mario Penagos Hollmann Vendor Homepage: www.investintech.com Version:6.0 Tested on: Windows 7 CVE : cve-2011-4222 payload =A12000 crash=startxre...

Microsoft Windows XP/2000/2003 Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19135/info Microsoft Windows is reportedly prone to a remote denial-of-service vulnerability. This issue may be due to the operating system's failure to properly handle unexpected network traffic. This issue may cause...

Telekorn Signkorn Guestbook 1.x help/de/adminhelp0.php dir_path Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the attacker to compromise the application and t...

PSOProxy 0.91 Remote Buffer Overflow Vulnerability (3)

No description provided by source. source: http://www.securityfocus.com/bid/9706/info It has been reported that PSOProxy is prone to a remote buffer overflow vulnerability. The issue is due to the insufficient boundary checking. A malicious user may exploit this condition to potentially corrupt...

Chipmunk Guestbook 1.4 Homepage HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16112/info Chipmunk Guestbook is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...

HT Editor 2.0.18 File Opening Stack Overflow

No description provided by source. Exploit Title: HT Editor File openning Stack Overflow 0day Date: March 30th 2011 Author: ZadYree Software Link: http://hte.sourceforge.net/downloads.html Version: = 2.0.18 Tested on: Linux/Windows buffer padding may differ on W32 CVE : None !/usr/bin/perl =head1...

FaMarket 2 - (Auth Bypass) Vulnerability

No description provided by source...

ExtCalendar 2.0 ExtCalendar.php Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18876/info ExtCalendar is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary...

Novell GroupWise Messenger Client <= 2.1.0 Unicode Stack Overflow

No description provided by source. Luigi Auriemma Application: Novell GroupWise Messenger client http://www.novell.com/products/groupwise/ Versions: = 2.1.0 Platforms: Windows, Linux, NetWare Bug: unicode stack overflow Exploitation: remote, versus server Date: 16 Feb 2012 found 09 May 2011 Autho...

Babe Logger 2.0 - comments.php id Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15580/info Babe Logger is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation coul...

HP-UX 10.x/11.x Aserver PATH Vulnerability

No description provided by source. source : http://www.securityfocus.com/bid/1929/info Aserver is a server program that ships with HP-UX versions 10.x and above that is used to interface client applications with the audio hardware. Because it talks to hardware, it is installed setuid root by...

NUVICO DVR NVDV4 / PdvrAtl Module (PdvrAtl.DLL 1.0.1.25) - BoF Exploit

No description provided by source. !-- NUVICO DVR NVDV4 / PdvrAtl Module PdvrAtl.DLL 1.0.1.25 remote heap overflow exploit IE7/XP SP2 check a camera demo here: http://www.2mcctv.com/2mdemo.php codebase: http://www.dvrstation.com/pdvratl.php?vendor=0 rgod ///////////////////////////////...

Daffodil CRM 1.5 Userlogin.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16433/info Daffodil CRM is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...

Cerberus Helpdesk 3.2.1 Rpc.PHP Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20598/info Cerberus Helpdesk is prone to an unauthorized-access vulnerability because the application fails to authenticate users properly, resulting in an improper-access validation. A workaround is available. An attacke...

VWar <= 1.50 R14 (online.php) Remote SQL Injection Vulnerability

No description provided by source. .: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 1o.o8.2oo6 .. Affected Application: VWar = v1.50 R14 . . : contact :...

Cybuzu Garoon 2.1.0 - Multiple Remote SQL Injection Vulnerabilities

No description provided by source. Cybozu Garoon 2 SQL Injection Vulnerabilities by Tan Chew Keong Release Date: 2006-08-28 Summary Some SQL injection vulnerabilities have been found in Cybozu Garoon 2. When exploited by a logon user, the vulnerabilities allow manipulation of SQL statements which...

Apache Struts includeParams Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Maian Guestbook <= 3.2 Insecure Cookie Handling Vulnerability

No description provided by source. -+================================================================================+- -+ Maian Guestbook = 3.2 Insecure Cookie Handling Vulnerability +- -+================================================================================+- Discovered By: S.W.A.T...