56796 matches found
Wyse Machine Remote Power off (DOS) without any privilege
No description provided by source. require 'msf/core' class Metasploit3 Msf::Auxiliary Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos def initializeinfo = superupdateinfoinfo, 'Name' = 'Wyse Machine Remote Power off DOS', 'Description' = %q This module...
Opial CMS 2.0 - Multiple Vulnerabilities
No description provided by source...
Centreon 1.4.2 - color_picker.php Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/28043/info Centreon is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browse...
Home FTP Server 1.11.1.149 - Post-Auth Directory Traversal
No description provided by source...
Noah's Classifieds 1.2/1.3 Index.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14833/info Noah's Classifieds is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in an SQL query. Successful exploitation could result in a...
Joomla (com_mochigames) SQL Injection Vulnerability
No description provided by source. ...BEGIN ADVISORY... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! RESEARCHER: B-HUNT3|2 CONTACT: bhunt3ratnospamgmaildotnospamcom TESTED ON: LocalHost...
Allomani Mobile 2.5 - Remote Blind SQL Injection Exploit
No description provided by source. ?php inisetmaxexecutiontime,0; printr' || || | || o,7 || . o7 || q||| o///, : / / . /QQQQQQQQQQQQQQQQQQQ\ q Allomani Mobile v2.5 /QQQ/\QQQ\ Blind SQL inj. exploit /QQQQQ/ \QQQQQQ\ q GET 3 /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ q http://allomani.com |QQQQ/ By Qabandi \QQQQ|...
PunBBAnnuaire <= 0.4 - Blind SQL Injection Vulnerability
No description provided by source. PunBBAnnuaire =0.4 Blind SQL Injection Vulnerability ======================================================== .:. Author : Metropolis .:. Home : http://xrayoptics.by.ru/ .:. Script : PunBBAnnuaire .:. Version : 0.4 .:. Download Script:...
Invision Power Services Invision Gallery 1.0.1/1.3 - SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13907/info Invision Gallery is affected by an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'index.php' script before using it in an SQL...
vCard 2.8/2.9 Create.PHP Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/17073/info vCard is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...
symphony cms 2.3 - Multiple Vulnerabilities
No description provided by source. Symphony cms 2.3 multiple vulnerabilities -------------------------------------------------------------------------------------------- 20121017 - Justanotherhacker.com : Symphony cms - Multiple vulnerabilities JAHx122 -...
Wordpress Plugin e-Commerce <= 3.4 - Arbitrary File Upload Exploit
No description provided by source. !/usr/bin/perl use warnings; use strict; use LWP::UserAgent; use HTTP::Request::Common; my $fname = rand99999 . .php; no int print INTRO; messy print i know.. - Wordpress Plugin e-Commerce = 3.4 Arbitrary File Upload - Discovered && Coded by: t0pP8uZz Discovered...
UNICOS 9/MAX 1.3/mk 1.5,AIX <= 4.2,libc <= 5.2.18,RedHat 4,IRIX 6,Slackware 3 NLS Vuln(1)
No description provided by source. / source: http://www.securityfocus.com/bid/711/info Cray UNICOS 9.0/9.2/MAX 1.3/mk 1.5,AIX = 4.2,Linux libc = 5.2.18,RedHat 4.0,IRIX 6.2,Slackware 3.1 Natural Language Service NLS Vulnerability 1 A buffer overflow condition affects libraries using the Natural...
Jaws 0.8.8 - Multiple Local File Inclusion Vulnerabilities
No description provided by source. Jaws 0.8.8 Local File Inclusion POST /upgrade/index.php language=../../../../../../../../../../../../etc/passwd%00 POST /install/index.php language=../../../../../../../../../../../../etc/passwd%00 Also vulnerable: Introductioncomplete uselog Author notified: Ja...
RiSearch 0.99 /RiSearch Pro 3.2.6 show.pl Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/10812/info RiSearch and RiSearch Pro are reported prone to an open proxy vulnerability. It is reported that the issue presents itself due to a lack of sufficient sanitization performed on user supplied URI parameters. A...
Wireshark 1.0.0 - Multiple DoS
No description provided by source. source: http://www.securityfocus.com/bid/30020/info Wireshark is prone to multiple vulnerabilities, including an information-disclosure issue and denial-of-service issues. Exploiting these issues may allow attackers to obtain potentially sensitive information,...
Canon GP300 Remote Malformed HTTP Get Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8121/info A problem in the Canon GP-300 has been reported in the handling of some types of malformed web requests. This issue could result in the denial of service to legitmate users of the print server. GET /...
CLANSPHERE 2010.0 Final Multiple Vulnerabilities
No description provided by source. Vulnerability ID: HTB22694 Reference: http://www.htbridge.ch/advisory/sqlinjectioninclansphere.html Product: CLANSPHERE Vendor: csphere.eu http://www.csphere.eu/ Vulnerable Version: 2010.0 Final Vendor Notification: 02 November 2010 Vulnerability Type: SQL...
Novell Sentinel Log Manager <= 1.2.0.2 - Retention Policy Vulnerability
No description provided by source. Novell Sentinel Log Manager ver. =1.2.0.2 allows unauthenticated users configuring retention policies. Vendor informed: 2012/09/06 Patch Released: 2012/09/21 PoC: !/bin/bash TARGET=$1 PORT=8443 if $ -ne 1 ; then echo Usage: basename $0 target exit 1 fi echo POST...
LinEx - Password Reset Vulnerability
No description provided by source. Exploit Title: LinEx All Versions Password Reset Vulnerability Google Dork: linkex.dk 2006-2011 Date: 15/01/2014 Exploit Author: N B Sri Harsha Reconnect Gray hat Vendor Homepage: http://linkex.dk/ Software Link: http://linkex.dk/releases/linkex.20120508.zip...
PostNuke 0.76 RC2 Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/18319/info PostNuke is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection vulnerabilities, because the application fails to properly sanitize user-supplied input. A...
Ghostscript < 8.64 'gdevpdtb.c' Buffer Overflow Vulnerability
No description provided by source. Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer. Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with...
SchoolAlumni Portal 2.26 smumdadotcom_ascyb_alumni/mod.php katalog Module query Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/20673/info SchoolAlumni portal is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include a local file-include vulnerability and ...
eStore 1.0.2 - SQL Injection Vulnerability
No description provided by source. ===================================================================================================== .::Powered by eStore v1.0.2::. ===================================================================================================== x Author : R3VANBASTARD x W...
IBM Rational ClearQuest 7.0 - Multiple Parameters Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/28296/info IBM Rational ClearQuest is prone to multiple cross-site scripting vulnerabilities because it fails to adequately sanitize user-supplied input. An attacker could exploit these vulnerabilities to execute arbitrar...
Meet#Web 0.8 ManagerRightsResource.class.php root_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/30673/info MeetWeb is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...
Dating Gold 3.0.5 footer.php int_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/24910/info AzDG Dating Gold is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute an arbitrary...
Triologic Media Player 8 (.m3u) Local Universal Unicode Buffer Overflow (SEH)
No description provided by source. Exploit Title: Triologic Media Player 8 .m3u Local Universal Unicode Buffer Overflow SEH Date: August 17, 2010 Author: Glafkos Charalambous glafkos@astalavistadotcom Software Link: http://download.cnet.com/Triologic-Media-Player/3000-21394-10691520.html Version:...
vBulletin 3.0.10 Portal.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18197/info vBulletin is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow...
XAMPP for Windows 1.8.2 - Blind SQL Injection
No description provided by source...
TP-Link TD-8840t - CSRF Vulnerability
No description provided by source...
Okyanusmedya Index.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24285/info Okyanusmedya is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
OpenX <= 2.6.2 'MAX_type' Parameter Local File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/33458/info OpenX is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context ...
Baykus Yemek Tarifleri <= 2.1 - SQL Injection Vulnerability
No description provided by source...
Dating Gold 3.0.5 header.php int_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/24910/info AzDG Dating Gold is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute an arbitrary...
SIEMENS Solid Edge ST4/ST5 WebPartHelper ActiveX - RFMSsvs!JShellExecuteEx RCE
No description provided by source. SIEMENS Solid Edge ST4/ST5 WebPartHelper ActiveX Control RFMSsvs!JShellExecuteEx Remote Command Execution Tested against: Microsoft Windows Server 2003 r2 sp2 Microsoft Windows XP sp3 Microsoft Windows 7 Internet Explorer 8 Software description:...
WRT120N 1.0.0.7 - Stack Overflow
No description provided by source. !/usr/bin/env python WRT120N v1.0.0.7 stack overflow, ROP to 4-byte overwrite which clears the admin password. Craig Heffner http://www.devttys0.com 2014-02-14 import sys import urllib2 try: target = sys.argv1 except IndexError: print Usage: %s target ip %...
GFI Faxmaker Fax Viewer 10.0 [build 237] - DoS (Poc).
No description provided by source. !/usr/bin/python Title: GFI Faxmaker Fax Viewer v10.0build 237 DoS Poc. From: The eh?-Team || The Great White Fuzz we're not sure yet Found by: loneferret Home: http://www.kioptrix.com Manifacturer's link: http://www.gfi.com Date Found: Oct 28th 2011 Tested on:...
SoftNews 4.1/5.5 engine/Ajax/editnews.php root_dir Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/22913/info DataLife Engine is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of...
PeerCast 0.12 HandshakeHTTP Multiple Buffer Overflow Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/26899/info PeerCast is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer. Successfully exploiting these...
MG2 0.5.1 Authentication Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15235/info MG2 is affected by an authentication bypass vulnerability. This issue can allow remote attackers to gain access to password protected image galleries. All versions of MG2 are considered to be vulnerable at the...
modx cms 0.9.6.1 - Multiple Vulnerabilities
No description provided by source. WwW.BugReport.ir AmnPardaz Security Research Team Title: MODx CMS Vulnerabilities Vendor: http://modxcms.com Bugs: Source code disclosure, local file inclusion Vulnerable Version: 0.9.6.1 prior versions also may be affected Exploitation: Remote with browser Fix...
Firefox <= 3.6.8 DLL Hijacking Exploit (dwmapi.dll)
No description provided by source. / Exploit Title: Firefox = 3.6.8 DLL Hijacking Exploit dwmapi.dll Date: August 24, 2010 Author: Glafkos Charalambous glafkos@astalavistadotcom Version: Latest Firefox v3.6.8 Tested on: Windows XP SP3 En Vulnerable extensions: .htm .html .jtx .mfp Greetz:...
gpsdrive <= 2.09 (friendsd2) Remote Format String Exploit (x86)
No description provided by source. !/usr/bin/perl -w Code by KF, although it is most likely ripped from John H. kflistsatdigitalmunitiondotcom http://www.digitalmunition.com FrSIRT 24/24 & 7/7 - Centre de Recherche on Donkey Testicles. Free 14 day Testicle licking trial available! friendsd.c:367:...
VBZoom 1.11 Forum.php SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18472/info VBZooM is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an...
family connection 1.8.1 - Multiple Vulnerabilities
No description provided by source. Salvatore drosophila Fresta + Application: Family Connection + Version: = 1.8.2 + Website: http://www.familycms.com + Bugs: A Blind SQL Injection + Exploitation: Remote + Date: 1 Apr 2009 + Discovered by: Salvatore drosophila Fresta + Author: Salvatore drosophil...
Conceptronic Wireless Pan & Tilt Network Camera - CSRF Vulnerability
No description provided by source. General Details Affected Product: Conceptronic camera CIPCAMPTIWL Tested Firmware: 21.37.2.49 Tested Web UI Firmware: 0.61.4.18 Assigned CVE: CVE-2013-7204 CVSSv2 Base Score: 5.8 AV:N/AC:M/AU:N/C:P/I:P/A:N Vulnerability Type: Cross-Site Request Forgery CWE-352...
SpamAssassin spamd <= 3.1.3 - Command Injection
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
Ariadne CMS 2.4 - Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13206/info A remote file include vulnerability affects Ariadne CMS. This issue is due to a failure of the application to validate critical parameters before using them in a 'requireonce' function call. An attacker may...
GTChat <= 0.95 Alpha Remote Denial of Service Exploit
No description provided by source. !/usr/bin/perl use LWP::Simple; if @ARGV 3 print \nUsage: $0 server path mode count for DoS\n; print sever - URL chat\n; print path - path to chat.pl\n; print mode - poc or dos,\n; print poc - simple check without DoS and exit,\n; print dos - DoS, you must set...