56796 matches found
MzK Blog Katgoster.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24909/info MzK Blog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
Creative Software UK Community Portal 1.1 EventView.php event_id Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/17890/info Creative Community Portal is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A...
Serendipity 0.x Exit.PHP HTTP Response Splitting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11497/info Serendipity is reported prone to an HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted. This...
Passport PC To Host Malformed .zws file Memory Corruption Vulnerability
No description provided by source. Exploit Title: Passport PC To Host Malformed .zws file Memory Corruption Date: 3-3-12 Author: Silent Dream Software Link: http://www.zephyrcorp.com/terminal-emulation/ Version: Latest 2011-506-S Tested on: Windows XP SP3 my $file = passportpwn.zws; my $head =...
SCO Unixware 7.0/7.0.1/7.1/7.1.1 'uidadmin' Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/842/info Certain versions of SCO Unixware ship with an exploitable version of the /usr/bin/uidadmin program. The problem lies in that 'uidadmin' runs with root privileges and performs insecure writes to a scratch director...
N-13 News 1.2 - SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15643/info N-13 News is prone to an SQL injection vulnerability. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit...
VUPlayer <= 2.49 - (.cue) Universal Buffer Overflow Exploit
No description provided by source. !/usr/bin/perl VUPlayer = 2.49 .cue Universal Buffer Overflow Exploit By Stack Big THnx to Simo-Soft Reference http://www.milw0rm.com/exploits/8138 this exploit work just on Xp SP2 Other exploit http://www.milw0rm.com/related.php?program=VUplayer use strict; use...
ProNews 1.5 admin/change.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21516/info ProNews is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues, an SQL-injection issue, and a cross-site scripting issue, because the application fails to sufficiently...
plesk <= 8.1.1 login.php3 - Directory Traversal vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23639/info Plesk is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system...
Siteman 2.0.x2 - 'module' Parameter Cross-Site Scripting and Local File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28943/info Siteman is prone to a local file-include vulnerability and a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this as a...
Xmail 0.5/0.6 CTRLServer Remote Arbitrary Commands Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2360/info Versions of CTRLServer are vulnerable to malicious user-supplied input. A failure to properly bounds-check data passed to the cfgfileget command leads to an overflow, which, properly exploited, can result in...
fims File Management System <= 1.2.1a Multiple Vulnerabilities
No description provided by source. Exploit Title: fims - File Management System = 1.2.1a SQL Injection and Vulnerability Date: 2011-10-19 Author: Skraps jackie.craig.sparksatlive.com jackie.craig.sparksatgmail.com @skrapsfoo Software Link: http://fims.codeplex.com/ Version: 1.2.1a tested...
Sagem Routers Remote Reset Exploit
No description provided by source. !/usr/bin/perl Exploit Title: Sagem routers Remote Reset Exploit Date: 04/03/2010 Author: AlpHaNiX Software Link: null Version: Sagem Routers F@ST 1200/1240/1400/1400W/1500/1500-WG/2404 Tested on: Sagem F@ST 2404 Code : use HTTP::Request; use HTTP::Headers; use...
PHP 4.x SafeMode Arbitrary File Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2954/info PHP is the Personal HomePage development toolkit, distributed by the PHP.net, and maintained by the PHP Development Team in public domain. A problem with the toolkit could allow elevated privileges, and...
Piwigo 2.6.1 - CSRF Vulnerability
No description provided by source...
VisionGate 1.6 'login.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37569/info VisionGate is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
NETObserve 2.0 Authentication Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9319/info NETObserve is prone to a vulnerability that may permit remote unauthenticated users to access functions of the software. Due to the nature of the software, this could permit an attacker to execute commands...
PHP-Nuke 5.6 Modules.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6088/info A SQL injection vulnerability has been reported for PHP-Nuke 5.6. The vulnerability is due to insufficient sanitization of variables used to construct SQL queries in some scripts. It is possible to modify the...
Umbraco CMS Remote Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Moodle 2.3.8, 2.4.5 - Multiple Vulnerabilities
No description provided by source. Ciaran McNally Application: Moodle http://download.moodle.org/ Versions: = 2.3.8, 2.4.5 Platforms: Windows, Mac, Linux Bug: Persistant XSS / CSRF Exploitation: WEB Date: 9 September 2013. Author: Ciaran McNally Web:...
phpWebSite <= 0.10.2 (hub_dir) Remote Commands Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo PHPWebSite = 0.10.2 remote cmmnds xctn\r\n; echo - arbitrary local inclusion, works with magicquotesgpc = Off\r\n; echo by rgod, mail: [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; if $argc4...
LibreOffice 3.5.2.2 Memory Corruption
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ?php ------------------------------------------------------------------------------ LibreOffice 3.5.2.2 - soffice.exe\soffice.bin memory corruption author: shinnai mail: shinnaiatautisticidotorg site:...
PHP FFI Extension 5.0.5 - Local Safe_mode Bypass Exploit
No description provided by source. ?php ---------------------------------------------------- -----PHP FFI Extension Safemode Bypass Exploit----- ---------------------------------------------------- -Tested on 5.0.5------------------------------------...
Jax Guestbook 3.50 Page Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17560/info Jax Guestbook is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browse...
W-Agora 4.0 - add_user.php bn_dir_default Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/28366/info w-Agora is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...
Elite Gaming Ladders 3.5 - SQL Injection Vulnerability (ladder[id])
No description provided by source. - Elite Gaming Ladders v3.5 SQL Injection Vulnerability - ---Date : 2010-06-19 ---Author : ahwak2000 ---Email : z.u5athotmail.com - Script Info - ---Home : http://eliteladders.com/ - Vulnerability - http://site.com/path/standings.php?ladderid=SQL INj...
Linux Kernel 'pipe.c' - Local Privilege Escalation Vulnerability
No description provided by source. while : ; do echo y ; sleep 1 ; | while read ; do echo z$REPLY; done ; & PID=$! OUT=$ps -efl | grep 'sleep 1' | grep -v grep | read PID REST ; echo $PID; OUT=$OUT%% DELAY=$RANDOM 1000 / 32768 usleep $DELAY 1000 + RANDOM % 1000 echo n /proc/$OUT/fd/1 Trigger defe...
Prototype of an PHP application 0.1 gestion/index.php path_inc Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...
free QBoard 1.1 faq.php qb_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/18780/info Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows the attacker to execute arbitrary...
Feindura File Manager 1.0(rc) - Remote File Upload
No description provided by source. =================================================== Feindura File Manager 1.0rc - Remote File Upload =================================================== My + Author : KnocKout Contact : [email protected] Software info Web App. : Feindura - Flat File Content...
Simpli Easy (AFC Simple) Newsletter <= 4.2 XSS/Information Leakage
No description provided by source. Simpli Easy AFC Simple Newsletter = 4.2 XSS/Information Leakage Date: 30.10.2010 Author: p0deje | http://p0deje.blogspot.com Software Link: http://scubadivingcalculators.com/simpli-easy-newsletter.php Version: = 4.2 1. Cross-site Scripting Vulnerable code: cp.ph...
Solaris 2.6 FTP Core Dump Shadow Password Recovery Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2601/info Solaris is the variant of the UNIX Operating System distributed by Sun Microsystems. Solaris is designed as a scalable operating system for the Intel x86 and Sun Sparc platforms, and operates on machines varying...
LG U8120 Mobile Phone MIDI File Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13154/info A remote denial of service vulnerability is reported to affect the LG U8120 Mobile Phone. The report indicates that the issue manifests when an affected phone processes a malicious MIDI file. The following...
event calendar Multiple Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/11693/info Event Calendar is prone to multiple input validation vulnerabilities. These issues include HTML injection and cross-site scripting. The following specific vulnerabilities were reported: A cross-site scripting...
Xftp FTP Client 3.0 PWD Remote Buffer Overflow Exploit
No description provided by source. $Id: xftpclientpwd.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...
McAfee Network Security Manager < 5.1.11.8.1 - Multiple Cross Site Scripting Vulnerabilities
No description provided by source...
extent technologies rbs isp 2.5 - Directory Traversal vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1704/info A remote user is capable of gaining read access to any file residing in the same directory of a host running Extent RBS ISP through directory traversal. Appending '../' to the 'image' variable request on port 80...
DMXReady Billboard Manager <= 1.1 - Remote File Upload Vulnerability
No description provided by source. Title : DMXReady Billboard Manager = 1.1 Remote File Upload Vulnerability Author : ajann from Turkey Contact : : S.Page : http://www.dmxready.com $$ : 49.97 $ Dork : inurl:incbillboardmanager.asp?ItemID= DorkEx :...
Nuked-Klan Module Boutique Blind SQL Injection
No description provided by source. Exploit Title: module boutique nuked klan Google Dork: inurl:index.php?file=Boutique Date: 15/11/2010 Author: AR51Kevinos index.php?file=Boutique&op=cat&catid='...
Altiris Client 6.0.88 Service Local Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13409/info A local privilege escalation vulnerability affects the Altiris Client Service. This issue is due to a failure of the application to properly secure access to privileged interfaces. An attacker may leverage this...
Realtor Real Estate Agent (idproperty) SQL Injection Vulnerability
No description provided by source...
Kloxo 6.1.18 Stable - CSRF Vulnerability
No description provided by source. Exploit Title :Kloxo 6.1.18 Stable CSRF Vulnerability Vendor Homepage :http://lxcenter.org/software/kloxo Version :6.1.18 Exploit Author :Necmettin COSKUN =@babayarisi Blog :http://www.ncoskun.com http://www.grisapka.org Discovery date :03/12/2014 CVE :N/A Kloxo...
WhatsApp Status Changer 0.2 - Exploit
No description provided by source. !/bin/bash WhatsApp Status changer v0.2 stable A slim exploit able to change the WhatsApp user status in a remote way. This program is released under the terms of the GNU General Public License GPL, which is distributed with this software in the file COPYING. Th...
joomla component The Estate Agent (com_estateagent) SQL injection Vulnerability
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re class TestPOCPOCBase: vulID = '72776' ssvid version = '1.0' author = 'kikay' vulDate = '2011-11-29' createDate ...
LookStrike Lan Manager 0.9 - Remote / Local File Inclusion Vulnerabilities
No description provided by source. --==+================================================================================+==-- --==+ LookStrike Lan Manager v0.9 Remote\Local File Inclusion +==-- --==+================================================================================+==-- Author: MhZ9...
IceWarp Web Mail 5.5.1 calendar_w.html createdataCX Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/14980/info IceWarp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...
Microsoft Internet Explorer 6.0 Internet.HHCtrl Click Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19109/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue is triggered when an attacker convinces a victim user to visit a malicious website. Remote attackers may exploit this issue ...
CyberStrong eShop 4.2 10expand.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14103/info CyberStrong eShop is prone to an SQL injection vulnerability. As a result, the attacker may modify the structure and logic of an SQL query that is made by the application. The attacker may accomplish this by...
PHP Event Calendar 1.4 Calendar.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18965/info PHP Event Calendar is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an...
Apple QuickTime <= 6.5.2.10 (.qtif) Image Parsing Vulnerability
No description provided by source. Added qtif on milw0rm's sploits archive/ /str0ke Application: QuickTime http://www.apple.com/quicktime/ AFFECTED VERSION: Versions verified to be vulnerable: QuickTime.qts 6.5.2.10 and prior versions are affected. The bug: The problem specifically exists when...