No-IP DUC Client for Windows - Local Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29758/info The DUC application for No-IP is prone to a local information-disclosure vulnerability when it is running on Microsoft Windows. Successfully exploiting this issue allows attackers to obtain potentially sensitiv...

vBulletin 3.6.10/3.7.1 - 'redirect' Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29704/info vBulletin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

Wordpress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/22738/info Wordpress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the brows...

Claroline 1.x inc/lib/language.lib.php language Parameter Traversal Local File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. An attacker could exploit these issues to execute local script code in the context of the application...

TriO <= 2.1 (browse.php id) Remote SQL Injection Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ dunatstrcpy.pl TriO = 2.1 Remote SQL Injection Vulnerability Script: TriO, iO's new web-based module, enables you to...

Easy~Ftp Server 1.7.0.2 - (HTTP) Remote BoF Exploit

No description provided by source. Exploit Title: EasyFtp Server v1.7.0.2 HTTP Remote BOF Exploit Date: 18-02-2010 Author: ThE g0bL!N Software Link: http://cdnetworks-us-2.dl.sourceforge.net/project/easyftpsvr/easyftpsvr/1.7.0.2-en/easyftpsvr-1.7.0.2.zip Code : !/usr/bin/python import sys import...

Webify eDownloads Cart Arbitrary File Deletion Vulnerability

No description provided by source. !x! Informations: Name : Webify edownloads cart Download : http://www.webify.ws/edownloadscart Vulnerability : Delete Arbitrary File VulnerabilityAuthor : JIKOJAWAD Contact : [email protected] Site : No-ExploiT.CoM Is Back Notes : No-ExploiT.CoM Miss !x! Bug:...

SimpleBlog <= 2.3 (id) Remote SQL Injection Vulnerability

No description provided by source. | | \ \ / / | ' / | / | \ V /| | | \ \ || | | / || ./|/\,| || AnD | | | | | | | ' | | | | '/ |/ \ '/ | |/ / | | | / | | | | | | || | | | | | / | \ \ | | | |/ / || || ||,|| ,||| |/|\||/| +-----------------------------------------------------------------+ |...

Microsoft Visual Basic For Applications SDK 5.0/6.0/6.2/6.3 Document Handling Buffer Overrun Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8534/info A vulnerability has been discovered in Microsoft Visual Basic for Applications. The vulnerability occurs because the software fails to perform sufficient boundary checks when parsing specific properties of...

bitweaver 2.8.0 - Multiple Vulnerabilities

No description provided by source. exploit title: Path Disclosure bitweaver 2.8 date: 25.o2.2o11 author: lemlajt software : bitweaver version: 2.8 tested on: linux cve : Path Disclosure bitweaver 2.8 PoC : http://localhost/www/cmsadmins/bitweaver2.8.1/bitweaver/kernel/admin/index.php?page=%27 sql...

SpeedFan Speedfan.sys Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26123/info SpeedFan is prone to a local privilege-escalation vulnerability. An attacker could exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. Successfully exploiting this issue will resu...

FreeBSD <= 3.0 UNIX-domain panic Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/168/info A vulnerability in FreeBSD's UNIX-domain protocol implementation of file descriptor passing can cause the kernel to panic. include stdio.h include sys/types.h include sys/socket.h include sys/un.h include fcntl.h...

Joomla! VirtueMart Component 2.0.22a - SQL Injection

No description provided by source. ------------------------------------------------------------ Joomla! VirtueMart component = 2.0.22a - SQL Injection ------------------------------------------------------------ == Description == - Software link: http://www.virtuemart.net/ - Affected versions: Al...

Cisco CallManager <= 4.2 / CUCM 4.2 Logon Page lang Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/25480/info Cisco Unified CallManager and Unified Communications Manager are prone to multiple input-validation vulnerabilities because the applications fail to properly sanitize user-supplied input. These issues include a...

Openfire <= 3.6.2 'log.jsp' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/32940/info Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser ...

SGI IRIX <= 6.4 netprint Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/395/info A vulnerability exists in the netprint program, shipping with Irix 6.x and 5.x by Silicon Graphics. The netprint program calls the disable command via a system call, without specifying an explicit path. Therefore...

PHP-Nuke 6.x/7.x Encyclopedia Module Multiple Function XSS

No description provided by source. source: http://www.securityfocus.com/bid/10524/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: PHP-Nuke is prone to multiple...

Ametys CMS 3.5.2 - (lang parameter) XPath Injection Vulnerability

No description provided by source. Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor: Anyware Services Product web page: http://www.ametys.org Download: http://www.ametys.org/en/download/ametys-cms.html Affected version: 3.5.2 and 3.5.1 Summary: Ametys is a Java-based open sour...

Apple Mac OS X 10.x CoreGraphics Multiple Memory Corruption Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/30488/info Apple Mac OS X is prone to multiple memory-corruption vulnerabilities that affect the CoreGraphics component. Attackers can exploit these issues to execute arbitrary code in the context of the affected...

MailReader.com 2.3.x NPH-MR.CGI File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6055/info A vulnerability exists in Mailreader.com which may enable remote attackers to disclose the contents of arbitrary webserver readable files. An attacker may exploit this issue by submitting a malicious web request...

E-Xoopport 3.1 - eCal display.php (katid) SQL Injection Exploit

No description provided by source. ? / Vis Intelligendi http.//vis-intelligendi.co.cc E-Xooport 3.1 SQL Injection Exploit 01 Mq on/off doesn't matter bug details and explanation on http://vis-intelligendi.co.cc search e-xooport E-Xoops is a xoops-based cms. Many modules are bugged, in this case...

HP LoadRunner EmulationAdmin - Web Service Directory Traversal

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = :pattern =...

Apple Mac OS X 10.2 Terminal.APP Telnet Link Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5768/info Mac OS X is the BSD-based operating system distributed and maintained by Apple. It has been discovered that some types of links, when clicked on, may result in the execution of arbitrary commands. Due to the...

ASP Product Catalog 1.0 Default.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25884/info ASP Product Catalog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

Parallels System Automation (PSA) Local File Inclusion Vulnerability

No description provided by source. Application Info: Name: Parallels System Automation PSA Vendor: http://Parallels.com Vulnerability Info: Type: Local File Inclusion Risk: Medium Vulnerability:...

ProFTPD <= 1.2.10 Remote Users Enumeration Exploit

No description provided by source. / Details Vulnerable Systems: ProFTPD Version 1.2.10 and below It is possible to determine which user names are valid, which are special, and which ones do not exist on the remote system. This can be accomplished by code execution path timing analysis attack at...

MTP Guestbook 1.0 - Multiple XSS Vulnerabilities

No description provided by source. ?!-- MTP Guestbook 1.0 Multiple Remote Script Insertion Vulnerabilities Vendor: MTP Scripts Product web page: http://www.morephp.net Affected version: 1.0 Summary: MTP Guestbook allows you to put a guestbook on your website. Your visitors can sign it and leave a...

virtual support office-xp <= 3.0.29 Multiple Vulnerabilities

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: Virtual Support Office-XP Multiple Vulnerabilities. Vendor: www.vso-xp.com Vulnerable Version: 3.0.29, 3.0.27 and prior versions Exploit: Available Impact: High Fix: N/A Original Advisory:...

LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server Remote Code Execution Vulnerability

No description provided by source. LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server AMTConfig.Business.dll RunAMTCommand Remote Code Execution Vulnerability Tested against: Microsoft Windows Server 2003 r2 sp2 Software home page: http://www.landesk.com/lenovo/thinkmanagement-console.aspx...

BigACE 1.8.2 upload_form.php GLOBALS Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/19723/info Bigace is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote PHP code and execute i...

Coppermine Photo Gallery <= 1.4.22 Remote Exploit

No description provided by source. !/usr/bin/perl Coppermine Photo Gallery = 1.4.22 Remote Exploit Need registerglobals = on and magicquotesgpc = off Based on vulnerabilities discussed at http://www.milw0rm.org/exploits/8713 Coded by girex use LWP::UserAgent; ifnot defined $ARGV0 banner; print -...

HP Multiple LaserJet Printer - XSS

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-09-048 http://dsecrg.ru/pages/vul/show.php?id=148 Application: HP LaserJet printer web interface Vulnerable: HP LaserJet 2200, 4350, 4600, 5500, and many others Vendor URL: http://www.hp.com/ Bug: Multiple...

Linux Kernel < 2.6.14.6 procfs Kernel Memory Disclosure Exploit

/ cve-2005-4605.c Linux Kernel 2.6.14.6 procfs Kernel Memory Disclosure Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4605 The procfs code procmisc.c in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers ...

Mozilla Firefox <= 1.5.0.1, Camino <= 1.0 Null Pointer Dereference Crash

No description provided by source. !-- o Credits: ========= Simon MOREL [email protected] http://www.sysdream.com - Reported Camino Browser issue. Thomas Waldegger [email protected] BuHa-Security Community - http://buha.info/board/ If you have questions, suggestions or criticism about t...

MyBB 1.1.7 - Multiple HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/19718/info MyBB is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would...

W-Agora 4.0 - moderate_notes.php bn_dir_default Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/28366/info w-Agora is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...

CarLine Forum Russian Board 4.2 line.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. Forum Russian Board 4.2 ...

Claroline 1.8.9 phpbb/viewtopic.php URL XSS

No description provided by source. source: http://www.securityfocus.com/bid/30269/info Claroline is prone to multiple input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities. 2. A remote URI-redirection vulnerability. An attacker may leverage these issues to execute...

GuppY 4.5 nwlmail.php lng Parameter Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/15610/info GuppY is affected by multiple local file include and information disclosure vulnerabilities. An attacker may leverage these issues to execute arbitrary server-side script code that resides on an affected comput...

TaskTracker <= 1.5 (Customize.asp) Remote Add Administrator Exploit

No description provided by source. !-- Title : TaskTracker All Version Remote Add Admin Exploit Author : ajann Contact : : S.Page : http://www.geckovich.com $$ : $39.99 - $19.99 -- FORM NAME=AddUser METHOD=POST ACTION=http://target/path/Customize.asp?a=Add style=word-spacing: 0; margin-top: 0;...

vBulletin Two-Step External Link Module 'externalredirect.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/39597/info Two-Step External Link module for vBulletin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execut...

phpBazar admin Information Disclosure Vulnerability

No description provided by source...

Zen Cart <= 1.2.6d (password_forgotten.php) SQL Injection Exploit

No description provided by source. ?php ---zencart126dxpl.php 19.42 02/12/2005 Zen-Cart = 1.2.6d blind SQL injection / remote commands execution coded by rgod site: http://rgod.altervista.org - this works with magicquotesgpc both on & off usage: launch from Apache, fill in requested fields, then...

WordPress Count per Day plugin <= 2.17 SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Count per Day plugin = 2.17 SQL Injection Vulnerability Date: 2011-09-05 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/count-per-day.2.17.zip Version: 2.17 tested Note...

UBBCentral UBB.threads 5.5.1/6.x download.php Number Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14052/info UBB.Threads is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker...

SetSeed CMS 5.8.20 (loggedInUser) Remote SQL Injection Vulnerability

No description provided by source. SetSeed CMS 5.8.20 loggedInUser Remote SQL Injection Vulnerability Vendor: SetSeed Product web page: http://www.setseed.com Affected version: 5.8.20 Summary: SetSeed is a self-hosted CMS which lets you rapidly build and deploy complete websites and online stores...

Smartfren Connex EC 1261-2 UI OUC Local Privilege Escalation Vulnerability

No description provided by source. ========================================================================== Smartfren Connex EC 1261-2 UI OUC Local Privilege Escalation Vulnerability ==========================================================================...

VBulletin 3.0.1 newreply.php WYSIWYG_HTML Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10602/info VBulletin is reported prone to an HTML injection vulnerability. This issue affects the 'newreply.php' and 'newthread.php' scripts. An attacker may exploit this issue by including hostile HTML and script code in...

Microsoft Windows Vista Windows Mail Local File Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23103/info Microsoft Windows Vista Windows Mail is prone to a local file-execution vulnerability due to a design error. An attackers may exploit this issue to execute local files. The attacker must entice a victim into...

Oracle 9.x Database Parameter/Statement Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/9587/info Oracle database has been reported prone to multiple buffer overflow vulnerabilities when processing certain parameters and functions. Specifically the TIMEZONE parameter, NUMTOYMINTERVAL, NUMTODSINTERVAL and...