56796 matches found
Journalness <= 4.1 (last_module) Remote Code Execution exploit
No description provided by source. !/usr/bin/perl Vendor url: journalness.sourceforge.net note: exploit requires Registerglobals = On in php.ini Iron http://www.randombase.com require LWP::UserAgent; print Journalness = 4.1 Remote Code Execution exploit By Iron - randombase.com Greets to everyone...
JBoss JMX Console Deployer Upload and Execute
No description provided by source...
Chalk Creek Media Player 1.0.7 .mp3 and .wma Denial of Service Vulnerability
No description provided by source. Exploit Title: Chalk Creek Media Player 1.0.7 .mp3 and .wma DOS Date: September 16 2010 Author: Carlos Mario Penagos Hollmann Software Link: http://download.cnet.com/3001-21394-10526196.html?spi=a1e3adfe2f3af811074a43111c901f6c Version: 1.0.7 Tested on: Windows ...
GOM player 2.1.9 - Local crash PoC
No description provided by source. !usr/bin/perl Exploits title :GOM player V 2.1.9 Local crash poc Date : 2010/01/02 Aouther : SarBoT511 downloads :http://en.kioskea.net/telecharger/download-2141-gom-player tested on :win xp sp2 GOM player V 2.1.9 $file=SarBoT511.asx; $boom=A x 2000;...
Multiple D-Link Devices - OS-Command Injection via UPnP Interface
No description provided by source. Title: OS-Command Injection via UPnP SOAP Interface in multiple D-Link devices Vendor: D-Link Devices: DIR-300 rev B / DIR-600 rev B / DIR-645 / DIR-845 / DIR-865 ============ Vulnerable Firmware Releases: ============ DIR-300 rev B - 2.14b01 DIR-600 - 2.16b01...
ELOG <= 2.5.6 - Remote Shell Exploit
No description provided by source. / Worked on latest version for me http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz elog-latest.tar.gz 26-Jan-2005 21:36 519K Default port 8080. str0ke / / Hi there, someone has brought to u a gift. ELOG Remote Shell Exploit = 2.5.6 Also for future Versio...
OpenBB 1.0.8 Read.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13624/info OpenBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could resul...
Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/4532/info An issue has been discovered in Windows 2000, which could cause a denial of system services. Submitting malformed data to port 445 could cause the Lanman service to consume high CPU and Kernel mode memory usage....
Joomla Component Kbase 1.0 - Remote SQL Injection Vulnerability
No description provided by source...
Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6721/info Apache Tomcat is prone to a directory/file disclosure vulnerability when used with JDK 1.3.1 or earlier. It has been reported that remote attackers may view directory contents even when an 'index.html' or other...
Microsoft IIS 5 User Existence Disclosure Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/7492/info Microsoft IIS is prone to an issue where the existence of users may be revealed to remote attackers. The vulnerability exists when users attempt to authenticate against a vulnerable system. IIS will generate an...
Pheap CMS <= 1.1 (lpref) Remote File Include Exploit
No description provided by source. !/usr/bin/perl use LWP::UserAgent; / + + - - - DEVIL TEAM THE BEST POLISH TEAM - - + + + - Pheap CMS = 1 lpref Remote File Include Exploit + + + - Script name: Pheap CMS v. 1 - Script site: http://pheap.barekoncept.com/ + + + - Find by: Kacper a.k.a Rahim + -...
Microsoft IIS 4/5 HTTP Error Page Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4486/info A Cross Site Scripting issue exists in some versions of IIS. The HTTP Error Page created by IIS may, under some circumstances, contain HTML content which includes unsanitized user supplied input. An attacker may...
Joomla Component JooBlog 0.1.1 - Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print \n; print \n; print Joomla Component JooBlog Blind SQL Injection Exploit \n; print Author:His0k4 ALGERIAN HaCkeR \n; print \n; print Conctact: His0k4.hlmatgamil.com \n; print Greetz: All friend...
QNX 6.4.x/6.5.x ifwatchd - Local root Exploit
No description provided by source. !/bin/sh QNX 6.4.x/6.5.x ifwatchd local root exploit by cenobyte 2013 [email protected] - vulnerability description: Setuid root ifwatchd watches for addresses added to or deleted from network interfaces and calls up/down scripts for them. Any user can...
skyportal vrc6 Multiple Vulnerabilities
No description provided by source. WwW.BugReport.ir BugReport Security Research & Penetration Testing Group Title: Sky Portal Multiple SQL Injection Vulnerabilities Vendor: http://skyportal.net Exploitation: Remote with browser Fix Available: Patched In Last Version In Vendor Leaders : Shahin...
WebScripts WebBBS 4.x/5.0 - Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5048/info WebBBS does not sufficiently filter shell metacharacters from CGI parameters. As a result, remote attackers may execute arbitrary commands on the underlying shell of the system hosting the vulnerable software...
EFTP 2.0.7 .337 Buffer Overflow Code Execution and Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3330/info Encrypted FTP EFTP is both an FTP client and server application for Windows platforms. A malicious user with upload permissions to the target host can cause a buffer overflow in EFTP to execute code of the...
Claroline 1.8.9 exercise/exercise.php URL XSS
No description provided by source. source: http://www.securityfocus.com/bid/30269/info Claroline is prone to multiple input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities. 2. A remote URI-redirection vulnerability. An attacker may leverage these issues to execute...
Joomla! <= 3.0.2 (highlight.php) PHP Object Injection Vulnerability
No description provided by source. ------------------------------------------------------------------- Joomla! = 3.0.2 highlight.php PHP Object Injection Vulnerability ------------------------------------------------------------------- - Software Link: http://www.joomla.org/ - Affected Versions:...
ScriptFTP <= 3.3 - Remote Buffer Overflow (LIST)
No description provided by source. Exploit Title: ScriptFTP =3.3 Remote Buffer Overflow LIST Date: September 20, 2011 Author: modpr0be Software Link: http://www.scriptftp.com/ScriptFTP33setup.exe Version: 3.3 Tested on: Windows XP SP3, Windows Server 2003 SP1 SE VMware 3.1.4 build-385536 CVE : -...
Easy Icon Maker .ico File Reading Crash
No description provided by source. ! /usr/bin/python Easy Icon Maker .ico File Reading Crash Homepage: www.icon-maker.com Credit : ItSecTeam mail : [email protected] Web: WwW.ITSecTeam.com Forum: WwW.forum.itsecteam.com Special Tanks : PLATE - [email protected] - B3hz4d - Cdef3nder EAX 30303030 ECX 000000...
siu guarani Multiple Vulnerabilities
No description provided by source. multiple remote vulnerabilities siu guarani general information ------------------- bug type : multiple remote vulnerabilities software name : SIU Guarani vendor : SIU www.siu.edu.ar authors : proudhon & Ubik date : the 341st day of the year 2008 contact : N/A...
deV!Lz Clanportal 1.3.6 Show Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/21391/info deV!Lz Clanportal is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker ...
Yetihost Helm 3.2.10 Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/21096/info Helm is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute...
Netcut 2.0 - Denial of Service Vulnerability
No description provided by source. !/usr/bin/env python Exploit Title: Netcut Denial of Service Vulnerability Author: MaYaSeVeN Blog: http://mayaseven.blogspot.com PoC: Video http://www.youtube.com/user/mayaseven Picture...
WireShark 1.8.2 & 1.6.0 - Buffer Overflow 0day PoC
No description provided by source. / WireShark Buffer Overflow 0day author: X-h4ck,[email protected],www.pirate.al greetz to people that i love and my girlfriend , and yes imm proud to be albanian.only the poc, no exploit available so i wont confuse the script kiddies, eax,ecx,edx,ebx overwritten...
Joomla (JBDiary) BLIND SQL Injection Vulnerabilities
No description provided by source...
IBM DB2 DTS To String Conversion - Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11400/info IBM DB2 is reported prone to a denial of service vulnerability when DTS to string conversion is carried out. It is reported that during a DTS to string conversion a trap occurs if an empty formatting string is...
PHP Arena PAFileDB Extreme Edition SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15912/info PAFileDB Extreme Edition is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...
Mutiny 5 Arbitrary File Upload
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
MySmartBB 1.7 Multiple Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/38385/info MySmartBB is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the...
myBloggie 2.1.2/2.1.3 adduser.php errormsg Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...
Glider collectn kill <= 1.0.0.0 - Buffer Overflow (PoC)
No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h include time.h ifdef WIN32 include winsock.h / Header file used for manage errors in Windows It support socket and errno too this header replace the previous sockerrX.h / include string.h...
Wyse Machine Remote Power off (DOS) without any privilege
No description provided by source. require 'msf/core' class Metasploit3 Msf::Auxiliary Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos def initializeinfo = superupdateinfoinfo, 'Name' = 'Wyse Machine Remote Power off DOS', 'Description' = %q This module...
Opial CMS 2.0 - Multiple Vulnerabilities
No description provided by source...
Centreon 1.4.2 - color_picker.php Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/28043/info Centreon is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browse...
Home FTP Server 1.11.1.149 - Post-Auth Directory Traversal
No description provided by source...
Noah's Classifieds 1.2/1.3 Index.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14833/info Noah's Classifieds is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in an SQL query. Successful exploitation could result in a...
Joomla (com_mochigames) SQL Injection Vulnerability
No description provided by source. ...BEGIN ADVISORY... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! RESEARCHER: B-HUNT3|2 CONTACT: bhunt3ratnospamgmaildotnospamcom TESTED ON: LocalHost...
Allomani Mobile 2.5 - Remote Blind SQL Injection Exploit
No description provided by source. ?php inisetmaxexecutiontime,0; printr' || || | || o,7 || . o7 || q||| o///, : / / . /QQQQQQQQQQQQQQQQQQQ\ q Allomani Mobile v2.5 /QQQ/\QQQ\ Blind SQL inj. exploit /QQQQQ/ \QQQQQQ\ q GET 3 /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ q http://allomani.com |QQQQ/ By Qabandi \QQQQ|...
PunBBAnnuaire <= 0.4 - Blind SQL Injection Vulnerability
No description provided by source. PunBBAnnuaire =0.4 Blind SQL Injection Vulnerability ======================================================== .:. Author : Metropolis .:. Home : http://xrayoptics.by.ru/ .:. Script : PunBBAnnuaire .:. Version : 0.4 .:. Download Script:...
Invision Power Services Invision Gallery 1.0.1/1.3 - SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13907/info Invision Gallery is affected by an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'index.php' script before using it in an SQL...
vCard 2.8/2.9 Create.PHP Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/17073/info vCard is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...
symphony cms 2.3 - Multiple Vulnerabilities
No description provided by source. Symphony cms 2.3 multiple vulnerabilities -------------------------------------------------------------------------------------------- 20121017 - Justanotherhacker.com : Symphony cms - Multiple vulnerabilities JAHx122 -...
Wordpress Plugin e-Commerce <= 3.4 - Arbitrary File Upload Exploit
No description provided by source. !/usr/bin/perl use warnings; use strict; use LWP::UserAgent; use HTTP::Request::Common; my $fname = rand99999 . .php; no int print INTRO; messy print i know.. - Wordpress Plugin e-Commerce = 3.4 Arbitrary File Upload - Discovered && Coded by: t0pP8uZz Discovered...
UNICOS 9/MAX 1.3/mk 1.5,AIX <= 4.2,libc <= 5.2.18,RedHat 4,IRIX 6,Slackware 3 NLS Vuln(1)
No description provided by source. / source: http://www.securityfocus.com/bid/711/info Cray UNICOS 9.0/9.2/MAX 1.3/mk 1.5,AIX = 4.2,Linux libc = 5.2.18,RedHat 4.0,IRIX 6.2,Slackware 3.1 Natural Language Service NLS Vulnerability 1 A buffer overflow condition affects libraries using the Natural...
Jaws 0.8.8 - Multiple Local File Inclusion Vulnerabilities
No description provided by source. Jaws 0.8.8 Local File Inclusion POST /upgrade/index.php language=../../../../../../../../../../../../etc/passwd%00 POST /install/index.php language=../../../../../../../../../../../../etc/passwd%00 Also vulnerable: Introductioncomplete uselog Author notified: Ja...
RiSearch 0.99 /RiSearch Pro 3.2.6 show.pl Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/10812/info RiSearch and RiSearch Pro are reported prone to an open proxy vulnerability. It is reported that the issue presents itself due to a lack of sufficient sanitization performed on user supplied URI parameters. A...
Wireshark 1.0.0 - Multiple DoS
No description provided by source. source: http://www.securityfocus.com/bid/30020/info Wireshark is prone to multiple vulnerabilities, including an information-disclosure issue and denial-of-service issues. Exploiting these issues may allow attackers to obtain potentially sensitive information,...