56796 matches found
MyBulletinBoard 1.x UserCP.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19193/info MyBulletinBoard is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the brows...
Instant Photo Gallery 1.0 content.php cid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/15659/info Instant Photo Gallery is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successfu...
Juniper Networks Secure Access 2000 Web - Root Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28037/info Juniper Networks Secure Access 2000 is prone to a path-disclosure vulnerability. Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks. Secure Access 20...
WordPress Community Events plugin <= 1.2.1 - SQL Injection Vulnerability
No description provided by source. Exploit Title: WordPress Community Events plugin = 1.2.1 SQL Injection Vulnerability Date: 2011-09-07 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/community-events.zip Version: 1.2.1 tested...
Oracle OTRCREP Oracle 8/9 Home Environment Variable Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3139/info Oracle is an Enterprise level SQL database, supporting numerous features and options. It is distributed and maintained by Oracle Corporation. A buffer overflow has been discovered in the handling of $ORACLEHOME ...
IT!CMS 0.2 titletext-ed.php wndtitle Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/25129/info IT!CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage these issues...
Panda ActiveScan 5.0 ascontrol.dll Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10067/info It has been reported that Panda ActiveScan may be prone to a denial of service vulnerability that may cause an instance of Internet Explorer to crash. The issue may present it self when the 'SetSitesFile' is...
Elastic Path 4.1 - manager/fileManager.jsp dir Variable Traversal Arbitrary Directory Listing
No description provided by source...
Windows Mobile 6.5 TR (WinCE 5.2) MessageBox Shellcode (ARM)
No description provided by source...
Madness Pro <= 1.14 - Persistent XSS
No description provided by source. !/usr/bin/env python2 -- coding: utf-8 -- Exploit Title: Madness Pro %3C%2Fscript%3E%3C%2Fa%3E" "%3Ca%20href%3D%22%23%22%20onclick%3D%5C%22setstatus\'12345".formatpanelindexurl, beefhookurl print f.read installbeefhookbeefhook, panelurl...
Apple Safari 3 for Windows Document.Location Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24499/info Apple Safari for Windows is prone to a denial-of-service vulnerability because it fails to properly handle user-supplied input. An attacker may exploit this issue by enticing victims into opening a maliciously...
phpBB <= 2.0.21 (Poison NULL Byte) Remote Exploit
No description provided by source. !/usr/bin/perl -w Author: ShAnKaR Title: multiple PHP application poison NULL byte vulnerability Applications: phpBB 2.0.21, punBB 1.2.12 Threat Level: Critical Original advisory in Russian: http://www.security.nnov.ru/Odocument221.html Poison NULL byte...
Monalbum 0.8.7 - Remote Code Execution Exploit
No description provided by source. ?php / \|/// \ - - // @ @ ----oOOo---oOOo--------------------------------------------------- Y! Underground Group [email protected] Dj7xpl.2600.ir ----ooooO-----Ooooo-------------------------------------------------- \ / \ /...
MMHAQ CMS sqli vulnersbility
No description provided by source. MMHAQ CMS sqli vulnersbility +Title: MMHAQ CMS sqli vulnersbility +Version: only one version is released +Download: http://www.mmhaq.net/index.php?page=packlinux +Author: s1ayer +Contact: [email protected] Description: MMHAQ CMS fully functional Content...
Centreon IT & Network Monitoring 2.1.5 - Injection SQL
No description provided by source. !/usr/bin/perl //--------PoC---------// Title : Centreon IT & Network Monitoring v2.1.5 - Injection SQL Version : 2.1.5 Author : Jonathan Salwan [email protected] Vuln sql injection http://localhost/centreon/main.php?p=201&hostid=-1%20SQL Injection&o=p&min=1...
Bit Weaver 2.7 - Local File Inclusion Vulnerability
No description provided by source. ------------------------------------------------------------------------ Software................Bit Weaver 2.7 Vulnerability...........Local File Inclusion Download................http://www.bitweaver.org/ Release Date............7/1/2010 Tested...
FreeFloat FTP Server REST Buffer Overflow (MSF)
No description provided by source...
MS IIS 3.0/4.0/5.0 PWS Escaped Characters Decoding Command Execution (3)
No description provided by source. source: http://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, it automatically performs two actions before...
CarLine Forum Russian Board 4.2 line.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. Forum Russian Board 4.2 ...
Contrexx CMS 1.0.x Index.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17128/info Contrexx CMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...
Campsite CMS remote Persistent XSS vulnerability
No description provided by source. Exploit Title: Campsite CMS remote Persistent XSS vulnerability Date: 15th july 2010 Author: D4rk357 Critical:Low Contact:bd4rk357atyahoodotin Software Link:bhttp://www.sourcefabric.org/en/home/web/78/Demo--Documentation.htm?tpl=18 Greetz to:bb0nd,...
All In One Control Panel 1.3.x cp_downloads.php did Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/22032/info All In One Control Panel is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an...
Rational Software Hidden Administrator 1.7 - Auth Bypass Exploit
No description provided by source. Hidden Administrator Authenticaiton Bypass Exploit ahmedatrewterz.com http://www.securityfocus.com/bid/24049 C:\python rewt-ha-exp.py Usage: rewt-ha-exp.py -h host ip -p port -t tftpd server ip make sure nc.exe exists on tftpd server C:\telnet 192.168.1.4 4444...
Basit 1.0 Search Module Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7142/info A cross-site scripting vulnerability has been reported for Basit. This vulnerability occurs due to insufficient sanitization of some user-supplied input. As a result of this deficiency an attacker may exploit th...
Beehive Forum 0.6.2 - Multiple HTML Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/16002/info Beehive Forum is prone to multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...
MPM Guestbook 1.2 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8958/info MPM Guestbook is reported to be prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of HTML from URI parameters, which will be displayed in web pages that are dynamically...
ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote BOF Exploit
No description provided by source. !/usr/bin/python ProSysInfo TFTP Server TFTPDWIN 0.4.2 Coded by Wraith import os import sys import struct import socket import time print \nProSysInfo TFTP Server TFTPDWIN 0.4.2 print Note: This vuln is sensitive to different buffer length\n if lensys.argv!=2:...
Fool's Workshop Owl's Workshop 1.0 multiplechoice/index.php Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. Upon successful exploitation of these...
Scorched 3D <= 39.1 - Multiple Vulnerabilities (All-in-One) (PoC)
No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h include stdarg.h include time.h include zlib.h ifdef WIN32 include winsock.h / Header file used for manage errors in Windows It support socket and errno too this header replace the previous...
Tekno.Portal Bolum.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18216/info Tekno.Portal is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could...
SkyBlueCanvas CMS - Remote Code Execution
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def...
McKesson Pathways Homecare 6.5 Weak Username and Password Encryption Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3653/info McKesson Pathways Homecare is a client/server application which is used to track patient information, billing information and medical records for home care patients. The administrative username and password are...
REZERVI 3.0.2 - Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \...
PHP <= 5.2.1 - Multiple Functions Reference Parameter Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23202/info PHP is prone to an information-disclosure vulnerability due to a design error. The vulnerability resides in various functions that accept parameters as references. Successful exploits will allow attackers to...
Webkit Normalize Bug - Android 2.2
No description provided by source. !-- CVE-2010-1759 webkit normalize bug Tested on Moto Droidx2 running 2.2. Droidx2 running 2.3 is vulnerable but exploit fails due to non-executable heap. Still working on a way around that : 2.1 - 2.3 emulator. The changes needed are documented in the code. The...
Joomla Component com_xgallery 1.0 - Local File Inclusion Vulnerability
No description provided by source. Exploit Title: Joomla Component comxgallery 1.0 Local File Inclusion Vulnerability Author: KelvinX [email protected] Websites: http://xgroup.vn, http://kelvinx.net, http://facebook.com/kelvinxgr Date: December, 21-2010 Location: HCM City, Vietnam...
Cartweaver 2.16.11 Results.cfm category Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/17941/info Cartweaver ColdFusion is prone to SQL-injection vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input before using it in SQL queries. Successful exploits...
nginx 0.7.61 - WebDAV Directory Traversal
No description provided by source. Bug Title: nginx webdav copy/move method directory traversal Program: nginx Version: nginx/0.7.61 - other versions may also be affected Website: http://sysoev.ru/nginx/ Severity: Low Date discovered: 23 September 2009 The webdav component has to be enabled and t...
Magic List Pro view_archive.cfm ListID Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/15774/info CFMagic Products are prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. These vulnerabilities allow an attacker to inject malicious SQL co...
IBM Websphere Edge Server 3.69/4.0 HTTP Header Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6001/info A vulnerability has been discovered in the Caching Proxy component bundled with the IBM Websphere Edge Server. Due to insufficient sanitization of user-supplied input it is possible for an attacker to construct ...
Magic Photo Storage Website user/user_membership_password.php _config[site_path] Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...
Magic Photo Storage Website user/login.php _config[site_path] Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...
netwin netauth 4.2 - Directory Traversal vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1587/info A remote user is capable of gaining read access to any known file residing on a host running Netwin Netauth through directory traversal. Appending a series of '../' and the desired file name to the 'page' variab...
pChart 2.1.3 - Multiple Vulnerabilities
No description provided by source. Exploit Title: pChart 2.1.3 Directory Traversal and Reflected XSS Date: 2014-01-24 Exploit Author: Balazs Makany Vendor Homepage: www.pchart.net Software Link: www.pchart.net/download Google Dork: intitle:pChart 2.x - examples intext:2.1.3 Version: 2.1.3 Tested...
WebCalendar <= 1.2.4 (install/index.php) Remote Code Execution
No description provided by source. ?php / ----------------------------------------------------------------------- WebCalendar = 1.2.4 install/index.php Remote Code Executionn Exploit ----------------------------------------------------------------------- author..........: Egidio Romano aka EgiX...
Pure-FTPd 1.0.21 (CentOS 6.2 & Ubuntu 8.04) - Crash PoC (Null Pointer Dereference)
No description provided by source. Pure-FTPd Crash PoC Null Pointer Dereference, tested with pure-ftpd v1.0.21 centos 6.2, ubuntu 8.04 latest version v1.0.36 is not affected !! discovered by Kingcope root@ubuntu: grep seg /var/log/syslog Aug 13 13:55:28 ubuntu kernel: 226.791747 pure-ftpd4825:...
AWStats 5.x/6.x Logfile Parameter Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12572/info AWStats is reported prone to a remote arbitrary command-execution vulnerability. This issue occurs because the application fails to properly sanitize user-supplied data. Specifically, the user-specified 'logfil...
Quicktech SQL Injection Vulnerability
No description provided by source. + Exploit Title : Quicktech Sql Injection Vulnerability + Author : eXeSoul + Contact : [email protected] + Date : 02-03-2011 + category: Web Apps SQli + HomePage : www.indishell.in + Version : all + Tested on : windows/linux + Vulnerability Style : PHP Sql...
Firebird 1.5 - Local Inet_Server Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17077/info Firebird is susceptible to a local buffer-overflow vulnerability. This issue is due to the application's failure to properly check boundaries of user-supplied command-line argument data before copying it to an...
Joomla Component (com_remository) Remote Upload File
No description provided by source. I N F O Exploit Title: Joomla comremository Remote Upload File Date: 2010-08-26 Author: J3yk0ob Home : http://www.J3yk0ob.com E X P L O I T 1. Register On Site 2. http://www.Target.com/index.php?option=comremository&Itemid=Itemid&func=addfile 3. Add your php fil...