56796 matches found
Phorum 5.0.11 Read.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14095/info Phoroum is prone to SQL injection attacks. Insufficient sanitization of user input may allow a malicious user to manipulate the structure and logic of database queries. Successful exploitation could allow the...
PHPTB Topic Board 2.0 tech_o.php absolutepath Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/14592/info PHPTB is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to...
4images 1.7.1 member.php sessionid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/17748/info 4Images is prone to multiple, unspecified SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successf...
Play [EX] 2.1 Playlist File (M3U/PLS/LST) DoS Exploit
No description provided by source. !/usr/bin/perl Play EX 2.1 Playlist File M3U/PLS/LST DoS Exploit Exploit discovered and coded by Death Shadow Dark Tested on Windows 7 Pro 64 bit and Windows XP SP3 Pro Sofware Link http://www.nautrup.com/pex/PlayEXPlayer.html [email protected]...
INND/NNRP < 1.6.x - Remote Root Overflow Exploit
No description provided by source. / INND/NNRP remote root overflow / include stdio.h include stdlib.h include unistd.h include sys/types.h define DEFAULTOFFSET 792 define BUFFERSIZE 796 define ADDRS 80 define RET 0xefbf95e4 define NOP \x08\x21\x02\x80 int mainargc, argv int argc; char argv; char...
Phorum 5.2 admin/users.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/34551/info Phorum is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based...
ANE CMD CRSF - Add Admin
No description provided by source. ======================================================================= AneCMS CSRF Vulnerability ======================================================================= by Pratul Agrawal Vulnerability found in- Admin module email [email protected] company...
MyGuestbook 0.6.1 Form.Inc.PHP3 Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14155/info MyGuestbook is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
MyWeb HTTP Server 3.3 GET Request Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10303/info A vulnerability has been reported for MyWeb HTTP server. The problem occurs due to insufficient bounds checking when handling GET requests. As a result, an attacker may be capable of corrupting sensitive data...
GSC Client 1.00 2067 - Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29718/info GSC Client is prone to a privilege-escalation vulnerability because it fails to sufficiently validate administrator credentials. An attacker can exploit this vulnerability to perform unauthorized administrative...
php php/fi 2.0 - Directory Traversal vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2250/info PHP/FI is an software suite designed to offer enhanced features to sites served via the World Wide Web. It is open source, freely available, and maintained by the PHP development team. A problem with the softwar...
Mail-it Now! Upload2Server 1.5 - Arbitrary File Upload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14821/info Mail-it Now! Upload2Server is prone to an arbitrary file upload vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before uploading files. Successful...
@Mail 5.42 and @Mail WebMail 5.0.5 Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/30992/info @Mail and @Mail WebMail are prone to multiple cross-site scripting vulnerabilities because the applications fail to properly sanitize user-supplied input. An attacker may leverage these issues to execute...
Adobe ColdFusion APSB13-03 Remote Exploit
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'digest/sha1'...
Google FeedBurner FeedSmith 2.2 Cross-Site Request Forgery Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25921/info FeedBurner FeedSmith is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to use a victim's currently active session to perform actions with the application...
EazyPortal <= 1.0 (COOKIE) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl Vendor url: http://www.eazyportal.com/ by Iron - http://www.randombase.com exploit goes through $COOKIE use LWP::UserAgent; use MIME::Base64; print EazyPortal = 1.0 SQL Injection Exploit By Iron - www.randombase.com Greets to everyone at RootShell...
Apple WebKit build 18794 WebCore Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22059/info Apple WebKit is prone to a denial-of-service vulnerability. Attackers may exploit this issue by enticing victims into opening a malicious HTML document with an application using the affected framework. Successf...
Claroline 1.8.9 exercise/exercise.php URL XSS
No description provided by source. source: http://www.securityfocus.com/bid/30269/info Claroline is prone to multiple input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities. 2. A remote URI-redirection vulnerability. An attacker may leverage these issues to execute...
XGB 1.2 - Remote Form Field Input Validation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4515/info xGB is guestbook software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems. xGB does not sufficiently validate input that is supplied via form...
OpenNetAdmin 13.03.01 - Remote Code Execution
No description provided by source. Exploit Title: OpenNetAdmin Remote Code Execution Date: 03/04/13 Exploit Author: Mandat0ry aka Matthew Bryant Vendor Homepage: http://opennetadmin.com/ Software Link: http://opennetadmin.com/download.html Version: 13.03.01 Tested on: Ubuntu CVE : No CVE exists -...
WordPress <= 2.2.3 wp-admin/edit.php backup Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/27123/info WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the brows...
ShopCartCGI 2.3 gotopage.cgi Traversal Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/9670/info It has been reported that ShopcartCGI is prone to a remote file disclosure vulnerability. This issue is due to insufficient validation of user-supplied input. Upon successful exploitation of this issue an attack...
FlatFile Login System - Remote Password Disclosure Vulnerability
No description provided by source...
Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities
No description provided by source...
Pre Web Host System Authentication Bypass
No description provided by source. Exploit Title: Pre webhost System authentication bypass Date: 16th july 2010 Author: D4rk357 Critical:high contact:d4rk357atyahoodotin Price : 150$ Software Link:http://preproject.com/preweb.asp Greetz to :b0nd, Fbih2s,Beenu,rockey killer,The empty,...
Linux kernel 2.2 Predictable TCP Initial Sequence Number Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/670/info A vulnerability in the Linux kernel allows remote users to guess the initial sequence number of TCP sessions. This can be used to create spoofed TCP sessions bypassing some types of IP based access controls. The...
Orb 2.0.01.0049 - 2.54.0018 - DirectShow DoS
No description provided by source. When Orb is first installed it registers several Direct Show filters with the system. When registered these filters are then called whenever a file which has a dependency on such a required filter is accessed. By specially crafting specific headers embedded into...
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
No description provided by source. $Id: osbunamejlist.rb 13591 2011-08-19 18:35:29Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Papoo CMS 3.2 IBrowser Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19807/info Papoo CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...
Computalynx CMail 2.3 Web File Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/281/info A vulnerability in Computalynx's CMail allows remote malicious users to steal local files. Compulynx's CMail is a Win32 mail server program. One of its features is allowing users to access their email with a web...
ArticleBeach Script <= 2.0 (index.php) Remote File Inclusion Vulnerability
No description provided by source. ------------------------------------------------------------------------------ ArticleBeach Script = 2.0 page Remote File Inclusion Vulnerability ------------------------------------------------------------------------------ Author : Zeni Susanto a.k.a Bithedz...
Zomplog 3.3/3.4 Detail.PHP HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15168/info Zomplog is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplie...
Joomla Component graphics (com_graphics) 1.0.6 - LFI Vulnerability
No description provided by source...
Softbiz Jobs (news_desc) SQL Injection Vulnerability
No description provided by source. Softbiz Jobs newsdesc SQL Injection Vulnerability Author : Baybora Homepage : http://www.1923turk.com Blog : http://baybora.wordpress.com/ Script : softbizscripts Download : http://www.softbizscripts.com/ Exploat :newsdesc.php?id=SQL...
Cscope 13.0/15.x Insecure Temporary File Creation Vulnerabilities (1)
No description provided by source. source: http://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. During execution, the utility reportedly creates temporary...
Ask.com Toolbar askBar.dll ActiveX Control Buffer Overflow
No description provided by source. $Id: askshortformat.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
NullLogic Null HTTPd 0.5 - Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8697/info Null HTTPd has been reported prone to a remotely triggered denial of service vulnerability. The issue has been reported to present itself in the HTTP POST handling routines within the Null HTTPd server. It has...
Parallels H-Sphere 3.0/3.1 'login.php' Multiple Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/31256/info H-Sphere is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the...
IBM AIX 6.1 / 7.1 - Local Root Privilege Escalation
No description provided by source. Exploit-DB Note: Screenshot provided by exploit author !/bin/sh Exploit Title: IBM AIX 6.1 / 7.1 local root privilege escalation Date: 2013-09-24 Exploit Author: Kristian Erik Hermansen [email protected] Vendor Homepage: http://www.ibm.com Software...
PGN2WEB 0.3 - Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12023/info It is reported that pgn2web is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it into a fixed-size...
Joomla Component com_linkr - Local File Inclusion
No description provided by source. .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Team : Sec Attack Team .:. Home : www.sec-attack.com/vb .:. Script : Joomla Component comlinkr .:. Bug Type : Local File Inclusion LFI .:. Dork : inurl:comlinkr === Exploit ===...
Invision Power Services Invision Board 2.0.4 Search Action Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17144/info Invision Power Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issu...
Internet Security Systems BlackICE PC Protection 3.6 Firewall.INI Local Buffer Overrun Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10915/info It is reported that BlackICE PC Protection is prone to a local buffer overrun when handling excessive input in certain configuration directives parsed from the firewall.ini file included with the software. It i...
Mini-stream ripper 3.0.1.1 - (.pls) Local Universal Buffer Overflow Exploit
No description provided by source. / riptheministreamripper.c Mini-stream ripper = 3.0.1.1 .pls Local Universal Buffer Overflow Exploit exploited by: mrme Greetz to the Corelan Security Team: corelanc0d3r, rick, edi, dellnull, marko T, phifli, corelanc0d3r Visit: corelanc0d3r's blog...
Wordpress drag and drop file upload 0.1 - Arbitrary File Upload Vulnerability
No description provided by source. Exploit Title: Wordpress drag and drop file upload 0.1 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/drag-drop-file-uploader/ Date: 11/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://www.ali.dj/ Software Link:...
Free SMTP Server <= 2.2 Spam Filter Vulnerability
No description provided by source...
NoseRub <= 0.5.2 Login SQL Injection Vulnerability
No description provided by source. -- ---------- ---- - ---------------------------- ---------- ---- -- ----------------------------- ------------- ---seclog- ------------------ ------------ -- --- ------------------- --------- ---- ------------------- ------- -------------------------- ---...
DotClear <= 1.2.4 (prepend.php) Arbitrary Remote Inclusion Exploit
No description provided by source...
WEBBDOMAIN Post Card <= 1.02 (catid) SQL Injection Vulnerability
No description provided by source. post Card catid Remote SQL Injection Vulnerability Author: Hussin X Home : www.IQ-TY.com & www.TrYaG.cc MaiL : [email protected] script : http://webbdomain.com/php/postcarden/index2.php script : http://webbdomain.com/php/postcardir/index2.php DorK :...
webSPELL <= 4.01.02 Remote PHP Code Execution Exploit
No description provided by source. !/usr/bin/php ?php errorreportingEALL ^ ENOTICE; Admin id: 1 Admin hash: 7b24afc8bc80e548d66c4e7ff72171c5 Logged in wsauth=1%3A7b24afc8bc80e548d66c4e7ff72171c5 Trying to upload the malicious file Done http://localhost/webspell4.01.02/downloads/c99shell.php if$ar...