Zend Framework <= 1.9.6 Multiple Input Validation Vulnerabilities and Security Bypass Weakness

No description provided by source. source: http://www.securityfocus.com/bid/37809/info Zend Framework is prone to multiple input-validation vulnerabilities and a weakness: - Multiple cross-site scripting issues - An HTML-injection issue - A security-bypass weakness An attacker may leverage the...

ispCP Omega <= 1.0.4 - Remote File Include Vulnerability

No description provided by source. + ispCP Omega = 1.0.4 Remote File Include Vulnerability + Discovered By: cr4wl3r + Download: http://isp-control.net/ + Dork: Powered by ispCP Omega + Code in ispcp-omega-1.0.4/gui/tools/filemanager/skins/mobile/admin1.template.php x ?php...

NETGEAR N600 WIRELESS DUAL BAND WNDR3400 - Multiple Vulnerabilities

No description provided by source. Title: Multiple vulnerabilities in NETGEAR N600 WIRELESS DUAL BAND WNDR3400 ==================================================================================== Notification Date: 4/14/2014 Affected Vendor: NETGEAR N600 WIRELESS DUAL BAND WNDR3400 Firmware...

Registry OCX 1.5 - ActiveX Buffer Overflow Exploit

No description provided by source. Tested on: Windows XP SP3 IE6/7 html object classid='clsid:6D5B4E71-625F-11D2-B3AE-00A0C932C7DF' id='target'/object script language='vbscript' ' Registry OCX Remote Buffer Overflow ' Written by Blake buffer = String2008, A eip = unescape%f3%30%9d%7c 'eip 7C9D30F...

PostNuke 0.723 Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/7898/info The PostNuke 'modules.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML and script code ...

SecureAction Research Secure Network Messenger 1.4.x Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11670/info A remote denial of service vulnerability affects SecureAction Research Secure Network Messenger. This issue is due to a failure of the application to properly handle exceptional network data. An attacker may...

PerlDesk Language Variable Server-Side Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11160/info It is reported that PerlDesk is susceptible to a server-side script execution vulnerability. This vulnerability may be exploited to execute the contents of Perl scripts contained on the affected server...

Microsoft Internet Explorer 5.0.1 Daxctle.OCX Spline Method Heap Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19738/info Microsoft Internet Explorer is prone to a heap buffer-overflow vulnerability.. The vulnerability arises because of the way Internet Explorer tries to instantiate certain COM objects as ActiveX controls. An...

PHP-Nuke < 8.0 (sid) Remote SQL Injection Exploit

No description provided by source. ?php errorreporting EERROR; inisetmaxexecutiontime,0; echo ' +=========================================+ | RST/GHC unpublished PHP Nuke exploit 8 | +=========================================+ + version 8.0 + Tested on 7.9 & 6.0 '; if $argc 2 print Usage: . $argv...

DMXReady News Manager <= 1.1 Arbitrary Category Change Vuln

No description provided by source. Title : DMXReady News Manager = 1.1 Remote Category Change Vulnerability Author : ajann from Turkey Contact : : S.Page : http://www.dmxready.com $$ : 69.97 $ Dork : inurl:incnewsmanager.asp DorkEx :...

NovaBoard <= 1.0.1 (message) Persistent XSS Vulnerability

No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= NovaBoard = 1.0.1 / XSS Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= $ Program: NovaBoard $ Version: = 1.0.1 $ File affected: index.php $ Download: http://www.novaboard.net/ Found by Pepelux pepeluxatenye-sec.org...

Mirapoint Web Mail Expression() HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20840/info Mirapoint Web Mail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary JavaScript in the victim's...

ITaco Group ITaco.biz (view_news) SQL Injection Vulnerability

No description provided by source. ============================================================================= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----------------------------------------------------------------------------- + Title : ITaco Group...

CarLine Forum Russian Board 4.2 edit_msg.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. Forum Russian Board 4.2 ...

Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution

No description provided by source. CVE : CVE-2010-0805 !-- .text:600058F7 and ebp+pv, 0 .text:600058FE lea eax, ebp+pv .text:60005904 push eax ; unsigned int16 .text:60005905 push dword ptr ebx+10h ; struct IOleClientSite .text:60005908 call GetHostURLIOleClientSite ,ushort .text:6000590D mov eax...

Pollbooth <= 2.0 (pollID) Remote SQL Injection Vulnerability

No description provided by source. Pollbooth v2.0 SQL Injection Vulnerability AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 WEBSiTE: http://www.xcorpitx-hack.com/Forum/ BLOG : http://my.opera.com/SQL-Injection/blog/ MAiL : [email protected] DORK 1 : allinurl:...

W-Agora 4.2.1 - Multiple Vulnerabilities

No description provided by source...

McAfee IntruShield Security Management System Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14167/info McAfee IntruShield Security Management System is susceptible to multiple vulnerabilities. The first two issues are cross-site scripting vulnerabilities in the 'intruvert/jsp/systemHealth/SystemEvent.jsp' script...

Zen Cart 2008 - index.php keyword Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/29020/info Zen Cart is prone to a cross-site scripting vulnerability and an SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an...

NOCC 1.0 error.php html_error_occurred Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inject...

AWCM CMS Local File Inclusion Vulnerability

No description provided by source. Software Link: http://www.awcm-cms.com/ Version: 2.x Tested on: Lunix Exploit : ?php print ------------------------------------------------------------ | Awcm Cms Local File Inclusion Vulnerability | By SwEET-DeViL | x0.rootatgmail.com | example | | Exploit.php...

Ignition 1.2 - Multiple Local File Inclusion Vulnerabilities

No description provided by source. Ignition 1.2 Multiple Local File Inclusion Vulnerabilities disclosed by cOndemned download: http://launchpadlibrarian.net/27567060/ignition1.2.zip note: magicquotesgpc should be turned off in order to exploit this vulnerability greetz: all friends, SecurityReaso...

OFTPD 0.3.x User Command Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14161/info oftpd is prone to a remotely exploitable buffer overflow. This may be triggered by a client through an overly long argument for the USER command. Successful exploitation may let a remote attacker execute...

ObieWebsite Mini Web Shop 2 order_form.php PATH_INFO Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/23847/info Mini Web Shop is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based...

Apple QuickTime 7.6.7 _Marshaled_pUnk Code Execution

No description provided by source. $Id: applequicktimemarshaledpunk.rb 11513 2011-01-08 00:25:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing...

DodosMail 2.5 'dodosmail.php' Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30112/info DodosMail is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to execute local...

Nginx HTTP Server 1.3.9-1.4.0 - Chuncked Encoding Stack Buffer Overflow

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4...

Adobe SVG Viewer 3.0 postURL/getURL Restriction Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8785/info Adobe SVG Viewer ASV is prone to an issue in the implementation of the getURL and postURL methods. These methods are designed to prevent access to URIs in a foreign domain or local files. However, by using a...

cPanel 11.x - scripts2/knowlegebase issue Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/29125/info cPanel is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in...

StarSiege Tribes Server Denial of Service Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/8184/info StarSiege Tribes Game Server has been reported prone to a remotely triggered denial of service vulnerability. The issue presents itself when the affected server receives and processes a malformed UDP datagram...

Internet Explorer 5.0.1,Opera 7.51 URI Obfuscation Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10517/info A weakness is reported in Microsoft Internet Explorer and Opera allowing an attacker to obfuscate the URI of a link. This could facilitate the impersonation of legitimate web sites in order to steal sensitive...

Q-Shop 3.0 - Remote XSS/SQL Injection Vulnerabilities

No description provided by source. 000000 00000 0000 0000 000 00 000000 0000000 0000 000000 00000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 00000 0 0 0 0 0 0 0 0 00000 0000 0 0 0 0 00000 0 0 0 0 0 0 0 0 0 0 000 0 0 0 ...

history.go() DoS on multiple browsers

No description provided by source. -- Camino 2.0.2 history.go DoS Found By: DrIDE Tested On: Camino 2.0.2 on OSX 10.6.3 Notes: Impact is reduced because user must either have popup blocker off, or accept popups. Tested On: Safari 4.0.5 on OSX 10.6.3 Notes: Impact is reduced because user must eith...

D-Link DWL-G700AP 2.00/2.01 HTTPD Denial of Service Vulnerability

D-Link DWL-G700AP HTTPD is prone to a remote denial-of-service vulnerability. This issue is due to a failure in the 'httpd' service to properly handle malformed data. An attacker can exploit this issue to crash the affected webserver, effectively denying service to legitimate users. The affected...

SMBlog 1.2 Arbitrary PHP Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16905/info SMBlog is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitra...

0irc-client 1345 build20060823 - Denial of Service Exploit

No description provided by source. / 0irc-client v1345 build 20060823 DoS Exploit By DiGitalX [email protected] Date: 22/3/2007 -- MicroSystem Team -- Site: http://DiGitalX.I.am Description: 0irc-client suffers from a NULL pointer derefrencing bug. / define WIN32LEANANDMEAN include winsock2.h...

glFusion <= 1.1.2 COM_applyFilter()/cookies Blind SQL Injection Exploit

No description provided by source. ?php / glFusion = 1.1.2 COMapplyFilter/cookies remote blind sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.glfusion.org/ google dork: Page created in seconds by glFusion +RSS Found anoth...

PHPGedView <= 3.3.7 Arbitrary Remote Code Execution Exploit

No description provided by source. ?php ---phpgedview337xpl.php 16.31 20/12/2005 PHPGedView = 3.3.7 remote commands execution coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! Sun-Tzu:If the enemy leaves a door open, you must rush in...

Smart Search 4.25 Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7133/info A vulnerability has been discovered in the Smart Search CGI script. Due to insufficient sanitization of user-supplied URI parameters, it may be possible for an attacker to execute arbitrary commands on a target...

Linux Kernel 2.4/2.6 - sock_sendpage() Local Root Exploit (PPC Edition)

No description provided by source. / Linux socksendpage NULL pointer dereference Copyright 2009 Ramon de Carvalho Valle [email protected] This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Softwar...

Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)

No description provided by source. / http://paulsec.github.io/blog/2014/04/14/updating-openfuck-exploit/ OF version r00t VERY PRIV8 spabam Compile with: gcc -o OpenFuck OpenFuck.c -lcrypto objdump -R /usr/sbin/httpd|grep free to get more targets hackarena irc.brasnet.org / include arpa/inet.h...

ASP ActionCalendar 1.3 (Auth Bypass) SQL Injection Vulnerability

No description provided by source. Founded By : SuB-ZeRo WaLiD E-mail : [email protected] Home : WwW.dz-security.Net GreeTZ : D-unit & X.CJP.x & www.dz-security.net & gaza --------------------------------------------------------- vondor : www.warrenstudios.com...

Asterisk <= 1.0.12 / 1.2.12.1 (chan_skinny) Remote Heap Overflow (PoC)

No description provided by source. !/usr/bin/perl Beyond Security Copyright Noam Rathaus [email protected] The following proof of concept causes the chanskippy to crash in different locations and due to memory corruption as well as double free calls, this is based on the finding of...

Page Manager CMS 2006-02-04 - Remote Arbitrary File Upload Vulnerability

No description provided by source. ================================================================ Page Manager CMS Remote Arbitrary File Upload Vulnerability ================================================================ ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. C...

Adobe Shockwave Director tSAC - Chunk Memory Corruption

No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ ''' ''' Title : Adobe Shockwave Director tSAC Chunk memory corruption Version : dirapi.dll 11.5.7 Analysis : http://www.abysssec.com Vendor...

mygamingladder MGL Combo System <= 7.5 game.php SQL injection Exploit

No description provided by source. ----------------------------Information------------------------------------------------ +Name : mygamingladder MGL Combo System = 7.5 game.php SQL injection Exploit +Autor : Easy Laster +Date : 10.10.2010 +Script : mygamingladder MGL Combo System = 7.5 +Price :...

EarthStation 5 Search Service Remote File Deletion Vulnerabililty

No description provided by source. source: http://www.securityfocus.com/bid/8753/info It has been reported that EarthStation 5 is prone to a file deletion vulnerability that may allow a remote attacker to delete arbitrary files on a vulnerable system. The problem is reported to exist in the Searc...

Alkacon OpenCMS 7.0.3 - logfileViewSettings.jsp filePath Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/28152/info Alkacon OpenCms is prone to multiple input-validation vulnerabilities, including one cross-site scripting issue and a file-disclosure issue, because the application fails to properly sanitize user-supplied inpu...

X-Cart Email Subscription 'email' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36601/info X-Cart is prone to a cross-site scripting vulnerability in the email subscription component because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to...

68 Classifieds 4.1 viewmember.php member Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/36208/info '68 Classifieds' is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in th...