56796 matches found
iScripts EasySnaps 2.0 - Multiple SQL Injection Vulnerabilities
No description provided by source. iScripts EasySnaps 2.0 Multiple SQL Injection Vulnerabilities Name iScripts EasySnaps Vendor http://www.iscripts.com Versions Affected 2.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date...
IBM Lotus Domino 6.5.1 HTTP webadmin.nsf Quick Console Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9901/info It has been reported that Lotus Domino server may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue presents itself d...
FireFly Mediaserver 1.0.0.1359 NULL Pointer Dereference
No description provided by source...
Panda Security 3.0 - Multiple Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/1119/info Panda Security is a user management application for Windows 9x. With it, certain functions can be prohibited for specific users. One of the restrictive policies possible is to disable registry editing. However,...
Titan FTP Server 10.32 Build 1816 - Directory Traversal Vulnerability
No description provided by source...
Motorola SB4200 Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/20309/info Motorola SB4200 is prone to a remote denial-of-service vulnerability. This may permit an attacker to crash affected devices, denying further network services to legitimate users. !/usr/bin/perl -w Remote Motoro...
Graffiti Forums 1.0 Topics.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18928/info Graffiti Forums is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploit could...
C'Nedra 0.4 Network Plug-in Read_TCP_String Remote Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13781/info C'Nedra Network Plug-in is prone to a remotely exploitable buffer overflow vulnerability. The issue exists in the 'gamemessagefunctions.cpp' source file and is due to inadequate bounds checking of user-supplied...
High Performance Computers Solutions Shopping Cart Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/21093/info High Performance Computers Solutions Shopping Cart is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting the...
IBM Web Application Firewall Bypass
No description provided by source. Trustwave's SpiderLabs Security Advisory TWSL2011-006: IBM Web Application Firewall Bypass https://www.trustwave.com/spiderlabs/advisories/TWSL2011-006.txt Published: 2011-06-21 Version: 1.0 Vendor: IBM Product: IBM Web Application Firewall These capabilities ar...
Internet Explorer "Aurora" Memory Corruption
No description provided by source. $Id: ms10002aurora.rb 9787 2010-07-12 02:51:50Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...
Magento 1.2 app/code/core/Mage/Admin/Model/Session.php login[username] Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/33872/info Magento is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affect...
SoX - (.wav) Local Buffer Overflow Exploiter
No description provided by source. //--------------------------------- Begin Code: sox-exploiter.c --------------------------------- / Copyright Rosiello Security 2004 http://www.rosiello.org CVE Reference: CAN-2004-0557 Bug Type: Stack Overflow Date: 01/08/2004 Ulf Harnhammar reported that there...
Microsoft Windows 98/2000 UDP Socket DoS Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2340/info Microsoft Windows 2000 and 98 are subject to a denial of service condition. Receiving a maliciously crafted email or visiting a malicious web site could prevent Windows 2000 from DNS resolution and Windows 98 fr...
Netkamp Emlak Scripti Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/25875/info Netkamp Emlak Scripti is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues and an SQL-injection issue, because the application fails to sanitize user-supplied input. A...
Chupix CMS Contact Module 0.1 'index.php' Multiple Local File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/30564/info The Contact module for Chupix CMS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues using directory-traversa...
Microsoft IIS 4/5 SMTP Service Encapsulated SMTP Address Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5213/info Microsoft Exchange 5.5 and the SMTP Simple Mail Transfer Protocol service included with IIS Internet Information Services 4.0 and 5.0 are vulnerable to an encapsulated SMTP address vulnerability. The vulnerabili...
D-Link DSL-2640B (ADSL Router) CSRF Vulnerability
No description provided by source...
vBulletin 3.0 Register.PHP HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8354/info vBulletin may be prone to an HTML injection vulnerability. This issue is exposed through inadequate sanitization of user input for certain fields within the register.php script. An attacker may exploit this issu...
University of Washington pop2d 4.46/4.51/4.54/4.55 Remote File Read Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1484/info A vulnerability exists in versions of the ipop2d daemon, through version 4.55. ipop2d is part of the University of Washington imap package. Versions through 4.7c of the imap package are affected. Any user who ha...
PeopleAggregator <= 1.2pre6-release-53 Multiple RFI Vulnerabilities
No description provided by source. PeopleAggregator 1.2pre6 Multiple Remote File Inclusion Vulnerabilities http://update.peopleaggregator.org/dist/peopleaggregator-1.2pre6-release-53.tar.gz DORK : copyright 2006 Broadband Mechanics POC : /web/Flickrclient.php?pathprefix=shell...
SonicWALL GMS 6 Arbitrary File Upload
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
PHP-Nuke 6.5 - Multiple Downloads Module SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/7588/info PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of SQL query logic or oth...
Sun Solaris 10 UFS Local Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/20919/info Sun Solaris 10 is prone to a local denial-of-service vulnerability. This issue affects the UFS filesystem-handling code. An attacker can exploit this issue to crash the affected computer, denying service to...
phPay <= 2.02 (nu_mail.inc.php) Remote mail() Injection Exploit
No description provided by source. !/usr/bin/perl Script: phPay v2.02 http://phpay.de/ Vuln File: numail.inc.php Exploit & Advisory: beford xbefordx gmail com Vulnerability: mail Injection Vuln Code: ?php if eregnumail.inc.php, $SCRIPTNAME headerLocation:./index.html; elseif eregnumail.inc.php,...
fipsShop Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/21289/info fipsShop is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...
Air Disk Wireless 1.9 iPad iPhone - Multiple Vulnerabilities
No description provided by source. Title: ====== Air Disk Wireless 1.9 iPad iPhone - Multiple Vulnerabilities Date: ===== 2013-02-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=850 VL-ID: ===== 850 Common Vulnerability Scoring System:...
Nokia Multimedia Player 1.1 Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/36215/info Nokia Multimedia Player is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected application to stop responding, denying service to legitimate users. This...
Proxomitron Proxy Server Long Get Request Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7954/info It has been reported that Proxomitron does not properly handle some string types. Because of this, an attacker can cause the server to become unstable and crash. GET /../..0%%../ 4504 chars GET ......\ 4504...
PHP-Nuke NSN Script Depository 1.0.0 - Remote Source Disclosure Vuln
No description provided by source. --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org...
F5 FirePass 6.0.2.3 - /vdesk/admincon/webyfiers.php css_exceptions Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/29574/info F5 FirePass SSL VPN is prone to multiple cross-site request-forgery vulnerabilities because it fails to adequately sanitize user-supplied input. Exploiting these issues may allow a remote attacker to execute...
jPORTAL 2.3.1 & UserPatch (forum.php) Remote Code Execution Exploit
No description provided by source. ?php jPORTAL 2.3.1 & UserPatch forum.php Remote PHP Code Execution Exploit author: irk4zatyahoo.pl http://irk4z.wordpress.com dorks: powered by jPORTAL 2 & UserPatch powered by jPORTAL 2 greetz: str0ke, wacky, polish under :...
GNU Info 4.7 Follow XRef Buffer Overrun Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10882/info GNU Info is reported prone to a buffer overrun vulnerability. The vulnerability is reported to present itself due to a lack of boundary checks performed on argument data for the f follow xref Info command. An...
CartWIZ 1.10 Login.ASP Message Argument Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13341/info CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...
Easy~Ftp Server 1.7.0.2 - (HTTP) Remote BoF Exploit
No description provided by source. Exploit Title: EasyFtp Server v1.7.0.2 HTTP Remote BOF Exploit Date: 18-02-2010 Author: ThE g0bL!N Software Link: http://cdnetworks-us-2.dl.sourceforge.net/project/easyftpsvr/easyftpsvr/1.7.0.2-en/easyftpsvr-1.7.0.2.zip Code : !/usr/bin/python import sys import...
Ntpd Remote Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2540/info NTP, the Network Time Protocol, is used to synchronize the time between a computer and another system or time reference. It uses UDP as a transport protocol. There are two protocol versions in use: NTP v3 and NT...
Microsoft Windows NT 4.0 PhoneBook Server Buffer Overflow
No description provided by source. source: http://www.securityfocus.com/bid/2048/info The Phone Book Service is an optional component that ships with the NT 4 Option Pack and Windows 2000. It is not installed by default. A buffer overflow vulnerability was discovered in the URL processing routine...
SCO Open Server 5.0.5 cancel Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/702/info There is a buffer overflow vulnerability in /opt/K/SCO/Unix/5.0.5Eb/.softmgmt/var/usr/bin/cancel. It is important to know that the overflows are not in /usr/bin/cancel or /usr/lpd/remote/cancel. The consequence o...
DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability
No description provided by source...
Sorensoft Power Media 6.0 - Denial of Service
No description provided by source. !/usr/bin/python Exploit Title: Sorensoft Power Media 6.0 out of memory software: Sorensoft power media version : 6.0 link: www.sorensoft.com Author: Onying @onyiing Website: otakku-udang.blogspot.com Tested on: Windows XP SP3 junk =\x41500 textfile = opentest.a...
Poison Ivy 2.3.2 C&C Server Buffer Overflow
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
IMail LDAP Service Buffer Overflow
No description provided by source. $Id: imailthc.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
ProjectBB 0.4.5 .1 - Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/12710/info ProjectBB is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to the application failing to properly sanitize user-supplied input before using it in SQL queries. Successful...
Java Search Engine 0.9.34 Search.JSP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15687/info Java Search Engine is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...
phpTrafficA <= 1.4.2 (pageid) Remote SQL Injection Vulnerability
No description provided by source. Application: phpTrafficA = 1.4.2 Web Site: http://soft.zoneo.net/phpTrafficA/ Versions: all Platform: linux, windows Bug: injection sql ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Credits =========== 1...
Multiple Vendors Unspecified SVG File Processing - Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30149/info Multiple vendors' SVG implementations are prone to an unspecified denial-of-service vulnerability. This issue arises when the software handles maliciously crafted SVG images. According to reports, the latest...
Knowledge Base Enterprise Edition 4.62.00 SQL Injection Vulnerability
No description provided by source...
Ipswitch IMail Server 7/8 Weak Password Encryption Weakness
No description provided by source. source: http://www.securityfocus.com/bid/10956/info Ipswitch IMail is reported to use a weak encryption algorithm when obfuscating saved passwords. A local attacker who has the ability to read the encrypted passwords may easily derive the plaintext password if t...
ZipWiz 2005 5.0 - .ZIP File Buffer Corruption Exploit
No description provided by source...
DataLife Engine 8.3 engine/inc/include/init.php selected_language Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/37851/info Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application...