56796 matches found
EazyPortal <= 1.0 (COOKIE) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl Vendor url: http://www.eazyportal.com/ by Iron - http://www.randombase.com exploit goes through $COOKIE use LWP::UserAgent; use MIME::Base64; print EazyPortal = 1.0 SQL Injection Exploit By Iron - www.randombase.com Greets to everyone at RootShell...
Apple WebKit build 18794 WebCore Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22059/info Apple WebKit is prone to a denial-of-service vulnerability. Attackers may exploit this issue by enticing victims into opening a malicious HTML document with an application using the affected framework. Successf...
Claroline 1.8.9 exercise/exercise.php URL XSS
No description provided by source. source: http://www.securityfocus.com/bid/30269/info Claroline is prone to multiple input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities. 2. A remote URI-redirection vulnerability. An attacker may leverage these issues to execute...
XGB 1.2 - Remote Form Field Input Validation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4515/info xGB is guestbook software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems. xGB does not sufficiently validate input that is supplied via form...
OpenNetAdmin 13.03.01 - Remote Code Execution
No description provided by source. Exploit Title: OpenNetAdmin Remote Code Execution Date: 03/04/13 Exploit Author: Mandat0ry aka Matthew Bryant Vendor Homepage: http://opennetadmin.com/ Software Link: http://opennetadmin.com/download.html Version: 13.03.01 Tested on: Ubuntu CVE : No CVE exists -...
WordPress <= 2.2.3 wp-admin/edit.php backup Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/27123/info WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the brows...
ShopCartCGI 2.3 gotopage.cgi Traversal Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/9670/info It has been reported that ShopcartCGI is prone to a remote file disclosure vulnerability. This issue is due to insufficient validation of user-supplied input. Upon successful exploitation of this issue an attack...
FlatFile Login System - Remote Password Disclosure Vulnerability
No description provided by source...
Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities
No description provided by source...
Pre Web Host System Authentication Bypass
No description provided by source. Exploit Title: Pre webhost System authentication bypass Date: 16th july 2010 Author: D4rk357 Critical:high contact:d4rk357atyahoodotin Price : 150$ Software Link:http://preproject.com/preweb.asp Greetz to :b0nd, Fbih2s,Beenu,rockey killer,The empty,...
Linux kernel 2.2 Predictable TCP Initial Sequence Number Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/670/info A vulnerability in the Linux kernel allows remote users to guess the initial sequence number of TCP sessions. This can be used to create spoofed TCP sessions bypassing some types of IP based access controls. The...
Orb 2.0.01.0049 - 2.54.0018 - DirectShow DoS
No description provided by source. When Orb is first installed it registers several Direct Show filters with the system. When registered these filters are then called whenever a file which has a dependency on such a required filter is accessed. By specially crafting specific headers embedded into...
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
No description provided by source. $Id: osbunamejlist.rb 13591 2011-08-19 18:35:29Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Papoo CMS 3.2 IBrowser Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19807/info Papoo CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...
Computalynx CMail 2.3 Web File Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/281/info A vulnerability in Computalynx's CMail allows remote malicious users to steal local files. Compulynx's CMail is a Win32 mail server program. One of its features is allowing users to access their email with a web...
ArticleBeach Script <= 2.0 (index.php) Remote File Inclusion Vulnerability
No description provided by source. ------------------------------------------------------------------------------ ArticleBeach Script = 2.0 page Remote File Inclusion Vulnerability ------------------------------------------------------------------------------ Author : Zeni Susanto a.k.a Bithedz...
Zomplog 3.3/3.4 Detail.PHP HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15168/info Zomplog is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplie...
Joomla Component graphics (com_graphics) 1.0.6 - LFI Vulnerability
No description provided by source...
Softbiz Jobs (news_desc) SQL Injection Vulnerability
No description provided by source. Softbiz Jobs newsdesc SQL Injection Vulnerability Author : Baybora Homepage : http://www.1923turk.com Blog : http://baybora.wordpress.com/ Script : softbizscripts Download : http://www.softbizscripts.com/ Exploat :newsdesc.php?id=SQL...
Cscope 13.0/15.x Insecure Temporary File Creation Vulnerabilities (1)
No description provided by source. source: http://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. During execution, the utility reportedly creates temporary...
Ask.com Toolbar askBar.dll ActiveX Control Buffer Overflow
No description provided by source. $Id: askshortformat.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
NullLogic Null HTTPd 0.5 - Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8697/info Null HTTPd has been reported prone to a remotely triggered denial of service vulnerability. The issue has been reported to present itself in the HTTP POST handling routines within the Null HTTPd server. It has...
Parallels H-Sphere 3.0/3.1 'login.php' Multiple Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/31256/info H-Sphere is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the...
IBM AIX 6.1 / 7.1 - Local Root Privilege Escalation
No description provided by source. Exploit-DB Note: Screenshot provided by exploit author !/bin/sh Exploit Title: IBM AIX 6.1 / 7.1 local root privilege escalation Date: 2013-09-24 Exploit Author: Kristian Erik Hermansen [email protected] Vendor Homepage: http://www.ibm.com Software...
PGN2WEB 0.3 - Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12023/info It is reported that pgn2web is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it into a fixed-size...
Joomla Component com_linkr - Local File Inclusion
No description provided by source. .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Team : Sec Attack Team .:. Home : www.sec-attack.com/vb .:. Script : Joomla Component comlinkr .:. Bug Type : Local File Inclusion LFI .:. Dork : inurl:comlinkr === Exploit ===...
Invision Power Services Invision Board 2.0.4 Search Action Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17144/info Invision Power Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issu...
Internet Security Systems BlackICE PC Protection 3.6 Firewall.INI Local Buffer Overrun Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10915/info It is reported that BlackICE PC Protection is prone to a local buffer overrun when handling excessive input in certain configuration directives parsed from the firewall.ini file included with the software. It i...
Mini-stream ripper 3.0.1.1 - (.pls) Local Universal Buffer Overflow Exploit
No description provided by source. / riptheministreamripper.c Mini-stream ripper = 3.0.1.1 .pls Local Universal Buffer Overflow Exploit exploited by: mrme Greetz to the Corelan Security Team: corelanc0d3r, rick, edi, dellnull, marko T, phifli, corelanc0d3r Visit: corelanc0d3r's blog...
Wordpress drag and drop file upload 0.1 - Arbitrary File Upload Vulnerability
No description provided by source. Exploit Title: Wordpress drag and drop file upload 0.1 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/drag-drop-file-uploader/ Date: 11/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://www.ali.dj/ Software Link:...
Free SMTP Server <= 2.2 Spam Filter Vulnerability
No description provided by source...
NoseRub <= 0.5.2 Login SQL Injection Vulnerability
No description provided by source. -- ---------- ---- - ---------------------------- ---------- ---- -- ----------------------------- ------------- ---seclog- ------------------ ------------ -- --- ------------------- --------- ---- ------------------- ------- -------------------------- ---...
DotClear <= 1.2.4 (prepend.php) Arbitrary Remote Inclusion Exploit
No description provided by source...
WEBBDOMAIN Post Card <= 1.02 (catid) SQL Injection Vulnerability
No description provided by source. post Card catid Remote SQL Injection Vulnerability Author: Hussin X Home : www.IQ-TY.com & www.TrYaG.cc MaiL : [email protected] script : http://webbdomain.com/php/postcarden/index2.php script : http://webbdomain.com/php/postcardir/index2.php DorK :...
webSPELL <= 4.01.02 Remote PHP Code Execution Exploit
No description provided by source. !/usr/bin/php ?php errorreportingEALL ^ ENOTICE; Admin id: 1 Admin hash: 7b24afc8bc80e548d66c4e7ff72171c5 Logged in wsauth=1%3A7b24afc8bc80e548d66c4e7ff72171c5 Trying to upload the malicious file Done http://localhost/webspell4.01.02/downloads/c99shell.php if$ar...
SoftBB 0.1 Page Parameter Cross-Site Scripting Vulnerability
No description provided by source...
DBSite Remote SQL Injection Vulnerability
No description provided by source. !/usr/bin/env python -- coding: utf-8 -- -------------------------------------------------------- Exploit Title: DBSite Remote SQL Injection Vulnerability Date: 13/10/2010 Author: GodOfPain Version: 1.0 Tested on: Linux...
Acpid 1:2.0.10-1ubuntu2 Privilege Boundary Crossing Vulnerability
No description provided by source. Exploit Title: Acpid Privilege Boundary Crossing Vulnerability Google Dork: Date: 23-11-2011 Author: otr Software Link: https://launchpad.net/ubuntu/+source/acpid Version: 1:2.0.10-1ubuntu2 Tested on: Ubuntu 11.10, Ubuntu 11.04 CVE : CVE-2011-2777 -- Safeguard...
PHPFreeNews 1.40 NewsCategoryForm.php NewsMode Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/14590/info PHPFreeNews is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues...
phpBB viewtopic.php Arbitrary Code Execution
No description provided by source. $Id: phpbbhighlight.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
Microsoft Internet Explorer 5.0.1 Popup.show Mouse Event Hijacking Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10690/info A vulnerability exists in Microsoft Internet Explorer that may permit a malicious Web page to hijack mouse events. This could potentially be exploited to trick an unsuspecting user into performing unintended...
ASPIntranet 2.1 Default.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/21061/info ASPIntranet is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise t...
zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal
No description provided by source. !/usr/bin/perl Advisory: zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on zFTPServer Suite 6.0.0.52 Vendor URL: http://www.zftpserver.com/ Vendor Status: fixed...
Grayscale BandSite CMS 1.1 sendemail.php message_text Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive informatio...
PostNuke 0.6/0.7 web_links Module TTitle Cross-site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8374/info It has been reported that a cross site scripting vulnerability exists in the Downlaods and WebLinks modules of PostNuke. It is possible that an attacker may construct a link containing malicious script code that...
MunkyScripts Simple Gallery SQL Injection Vulnerability
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re class TestPOCPOCBase: vulID = '68151' ssvid version = '1.0' author = '0xFATeam' vulDate = '' createDate =...
VideoCharge Studio 2.12.3.685 - GetHttpResponse() MITM Remote Code Execution Exploit
No description provided by source. !/usr/bin/python Exploit Title: VideoCharge Studio v2.12.3.685 GetHttpResponse MITM Remote Code Execution Exploit SafeSEH/ASLR/DEP Bypass Version: v2.12.3.685 Date: 2014-02-19 Author: Julien Ahrens @MrTuxracer Homepage: http://www.rcesecurity.com Software Link:...
TalentSoft Web+ Client/Monitor/server 4.6 Internal IP Address Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/1720/info Talentsoft Web+ is a web application server that can be integrated with various web technologies. A vulnerability exists in one of the CGI applications implemented by Web+. It is possible for a remote user to...
e107 plugin fm pro 1- (fd/upload/dt) Multiple Vulnerabilities
No description provided by source. | | | \ \ \ / / / \ / | / | / | | | | | | \ V / / \ | | | | | | | | | | | / \ | || | | | | | || || \ || // \ | | | e107 Plugin fm pro v1 Multiple Remote Vulnerabilities I- Remote File Disclosure / Write File...
PHP Script Tools PSY Auction 0 item.php id Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/17974/info PSY Auction is prone to multiple input-validation vulnerabilities. The issues include HTML-injection and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize...