56796 matches found
chesapeake tftp server 1.0 - Directory Traversal and DoS PoC exploit
No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h include sys/stat.h / Showdump 0.1 Copyright 2004 Luigi Auriemma This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as...
PHPay 2.2 - Multiple Path Disclosure Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/7309/info phPay has been reported prone to multiple path disclosure vulnerabilities. It has been reported that when specially crafted requests are made for many phPay pages and include files, an error condition may be...
Content-Builder (CMS) <= 0.7.2 - Multiple Include Vulnerabilities
No description provided by source. $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ ContentBuilder = 0.7.2 Remote File Include Vulnerability $$ script site: http://www.content-builder.net/ $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$ Find by: Kacpe...
NetWin DNews 5.3 Server Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1172/info DNews News Server is a CGI application that gives access to auser's NNTP server over the web. There are many unchecked buffers in the program, some of which can be exploited directly from any browser. Supplying ...
Singapore 0.9.11 beta Image Gallery Index.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13938/info Singapore image gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...
Opera Web Browser 10.01 'dtoa()' Remote Code Execution Vulnerability
Opera Web Browser is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code. Failed attacks may cause denial-of-service conditions. NOTE: This issue is related to BID 35510 Multiple BSD Distributions 'gdtoa/misc.c' Memory Corruption...
QTO File Manager 1.0 - 'qtofm.php' Arbitrary File Upload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29072/info QTO File Manager is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code because the application fails to sanitize user-supplied input. An attacker can leverage this issu...
Calendar Module 1.5.7 For Mambo Com_Calendar.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19027/info The Calendar module for Mambo is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to...
Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
No description provided by source. source: http://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementatio...
Mozilla Browser 1.5 URI MouseOver Obfuscation Weakness
No description provided by source. source: http://www.securityfocus.com/bid/9203/info It has been discovered that the Mozilla browser is prone to a URI obfuscation weakness that may hide the true contents of a link. The problem occurs when a user@location URI is formatted in such a way that a NUL...
SePortal 2.5 - SQL Injection
No description provided by source. Exploit Title: SePortal 2.5 SQL Injection Google Dork: Powered by SePortal 2.5 Date: Decembar/08/2011 Author: Don BalcanCrew & BalcanHack Software Link: http://seportal.org Version: 2.5 Tested on: LiteSpeed Vulnerability:...
PHPJabbers Post Comments 3.0 Cookie Authentication Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/31467/info PHPJabbers Post Comments is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication. An attacker can exploit this...
GTChat <= 0.95 Alpha (adduser) Remote Denial of Service Exploit
No description provided by source. Use a high user for best results. /str0ke !/usr/bin/perl codez0red by VTECin5th Feel free to modify/break this script Crappy code is more effective = I accept no responsibility for misuse or abuse Usage: xxx.pl www.server.com /directorytochat/ ofuserstocreate...
Moodle < 1.6.9/1.7.7/1.8.9/1.9.5 File Disclosure Vulnerability
No description provided by source. Moodle File Disclosure Vulnerability Systems Affected Moodle series 1.6.9+, 1.7.7+, 1.8.9, 1.9.5 Severity Critical Probability of being vulnerable Rather Low Vendor http://moodle.org/ Filed Bug MDL-18552 Author Christian J. Eibl Date 20090327 I. BACKGROUND Moodl...
Adobe Flex SDK 3.x 'index.template.html' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/36087/info Adobe Flex SDK is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to express-install template files. An attacker could exploit this vulnerability to execu...
ac4p Mobile index.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/20895/info Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execu...
Integramod Portal <= 2.0 rc2 (phpbb_root_path) Remote File Include
No description provided by source. matasanos Integramod Portal 2.x File Inclusion Vulnerabilities affected software: Integramod Portal vendor: Integramod . you can donwload it from http://www.integramod.com level: Highly Critical muy critico...
Joomla RokModule Component (index.php, module parameter) Blind SQLi
No description provided by source. Titulo: Joomla Component RokModule Blind SQLi module Vulnerability Nombre del Componente: Comrokmodule Empresa: http://www.rockettheme.com/ Testeado: Linux Backtrack Autor: Yarolinux Para WebSecurityDev Twitter: @Yarolinux Fecha: 09/09/2012 Bueno la Injeccion Va...
Joomla! 'com_alert' Component 'q_item' Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38827/info The 'comalert' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...
CodeAvalanche News 1.2 Default.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18031/info CodeAvalanche News is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit...
Joomla/Mambo Mod_Forum Component PHPBB_Root.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24591/info The 'modforum' component for Joomla and Mambo is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to includ...
WSN Links Script 2.3.4 - SQL Injection Vulnerabilitiy
No description provided by source. Exploit Title: WSN Links Script SQL Injection Vulnerabilitiy Google Dork: Powered by WSN Links Date: 1/1/2012 Author: H4ckCity Security Team Discovered By: farbodmahini Home: WwW.H4ckCity.Org Software Link: http://scripts.webmastersite.net/wsnlinks Version: All...
Elm Development Group ELM 2.4/2.5.1 Mail for UNIX (ELM) Buffer Overflow (1)
No description provided by source. source: http://www.securityfocus.com/bid/1276/info Buffer overflow vulnerabilities exist in elm Electronic Mail for Unix. / Elm Exploit - Scrippie - Phreak.nl - b0f - http://b0f.freebsd.lublin.pl This exploit spawns an EGID mail shell on the default Slackware 4...
aMSN '.ctt' File Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/33096/info aMSN is prone to a remote denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers can exploit this issue by enticing an unsuspecting...
Joomla Component com_extcalendar Blind SQL Injection Vulnerability
No description provided by source. 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 Joomla Component comextcalendar Blind SQL Injection Vulnerability 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 Date: 20/08/2010 0 Author : Lagripe-Dz 1 contact :...
betaparticle blog 2.0/3.0 dbBlogMX.mdb Direct Request Database Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/12861/info betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported: It is reported that betaparticle blog fails to sufficiently secure the authentication credential...
phpQuiz <= 0.1.2 - Remote SQL Injection / Code Execution Exploit
No description provided by source...
flashlight free edition (lfi/sql) Multiple Vulnerabilities
No description provided by source. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Flashlight Free Edition - LFI/SQL Multiple Remote Vul XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX RATM: All hell can't stop us now! XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX...
Infinity <= 2.x.x options[style_dir] Local File Disclosure Vulnerability
No description provided by source. ------------------Infinity = v2.X.X Local File Disclosure / Auth Bypass Vulnerabilities------------------------- ---------------------------------------------------------------------------------------------------------------- Script : Infinity version : 2.X.X...
Novell eDirectory 8.x iMonitor HTTPSTK Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/20655/info The Novell eDirectory server iMonitor is prone to a stack-based buffer-overflow vulnerability because it fails to perform sufficient bounds checking on client-supplied data before copying it to a buffer. An...
Joomla Component com_properties[aid] SQL Injection Vulnerability
No description provided by source. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Author: c4uR [email protected] Date: April, 10-2010 INDONESIA Exploit Title: Joomla Component compropertiesaid SQL Injection Vulnerability...
Microsoft RRAS Service RASMAN Registry Overflow
No description provided by source. $Id: ms06025rasmansreg.rb 10150 2010-08-25 20:55:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...
Wolfram Research webMathematica 4.0 File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5035/info Wolfram Research's webMathematica is a Java based product which allows the inclusion of Mathematica content in a web environment. It includes CGI programs which generate image content based on user supplied inpu...
Perl 'rmtree()' Function Local Insecure Permissions Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29902/info Computers running Perl are prone to a local vulnerability that occurs when handling symbolic links. Attackers can leverage this issue to change the permissions of arbitrary files. Perl 5.10.0 is vulnerable; oth...
NetcPlus SmartServer 3.5.1 SMTP Buffer Overflow
No description provided by source. source: http://www.securityfocus.com/bid/632/info There is a buffer overflow on the SmartServer3 SMTP service long MAIL FROM: that may allow an intruder to execute arbitrary code on the target server. 1 @Work SmartServer3...
Quick Classifieds 1.0 - controlpannel/createP.php3 DOCUMENT_ROOT Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the applicati...
Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows (2)
No description provided by source. source: http://www.securityfocus.com/bid/1051/info Atrium Software Mercur is a SMTP, POP3, and IMAP mail server. Insufficient boundary checking exists in the code that handles within the SMTP mail from command, the POP3 user command and the IMAP login command. T...
OpenVMPSd <= 1.3 - Remote Format String Exploit (Multiple Targets)
No description provided by source. / gexp-openvmpsd.c OpenVMPSd v1.3 Remote Format String Exploit Copyright C 2005 Gotfault Security Bug found and developed by: barros and xgc Original Reference: http://gotfault.net/research/exploit/gexp-openvmpsd.c / include getopt.h include sys/types.h include...
Php-Stats 0.1.9.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/28824/info Php-Stats is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. Attackers may leverage these issues to execute arbitrary script code in the browser...
Light Alloy 4.7.3 (.m3u) - SEH Buffer Overflow (Unicode)
No description provided by source. !/usr/bin/perl Exploit Title: Light Alloy 4.7.3 .m3u - SEH Buffer Overflow Unicode Date: 11-18-2013 Exploit Author: Mike Czumak Tv3rn1x -- @SecuritySift Vulnerable Software: Light Alloy v4.7.3 Vendor Site: http://www.light-alloy.ru/ Vulnerable Software Link:...
MyBB 1.1.1 Showthread.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17904/info MyBB is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful attack could allow an...
Magix Musik Maker 16 .mmm Stack Buffer Overflow
No description provided by source. $Id: magixmusikmaker16mmm.rb 12688 2011-05-22 23:41:15Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
Webee Comments Component 1.1/1.2 for Joomla! index2.php articleId SQL Injection
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re class TestPOCPOCBase: vulID = '86842' ssvid version = '1.0' author = 'kikay' vulDate = '2010-02-22' createDate ...
CBHotel Hotel Software and Booking system 1.8 - Multiple Vulnerabilities
No description provided by source. Exploit Title: Hotel Software and Booking system 1.8 - SQL Injection / Cross Site Scripting Date: 21 de Agosto del 2013 Exploit Author: Dylan Irzi Credit goes for: websecuritydev.com Vendor Homepage: http://www.cbhotel.eu/ Tested on: Win8 & Linux Mint Affected...
phpInstantGallery 2.0 - image.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/29152/info phpInstantGallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in t...
Elxis CMS 2008.1 PHPSESSID Variable Session Fixation
No description provided by source. source: http://www.securityfocus.com/bid/31764/info Elxis CMS is prone to multiple cross-site scripting and session-fixation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The application is also prone to a session-fixation...
7-Technologies IGSS 9 Data Server/Collector Packet Handling Vulnerabilities
No description provided by source. $Id: igss9misc.rb 12779 2011-05-31 14:33:19Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...
PHP-Stats <= 0.1.9.1 - Remote Commands Execution Exploit
No description provided by source. ?php ---phpstats0191xpl.php 04/03/2006 4.53.41 PHP-Stats = 0.1.9.1 optionadminpass overwrite / / remote commands execution exploit coded by rgod site: http://retrogod.altervista.org - works regardless of magicquotesgpc settings... usage: launch from Apache, fill...
Joomla Module Camp26 Visitor Data 1.1 - Remote code Execution
No description provided by source. Joomla Module Camp26 Visitor Data 1.1 Remote code Execution ============================================================ - Discovered by : Chip D3 Bi0s - Email : [email protected] - Date : 2010-04-28 - Severity : 9/10 CVSS scored -----------------------------...
Kingview Touchview 6.53 EIP Overwrite
No description provided by source. Exploit Title: Kingview Touchview EIP direct control Date: June 24 2012 Exploit Author: Carlos Mario Penagos Hollmann Vendor Homepage: www.kingview.com Version: 6.53 Tested on: Windows SP 1 CVE : Open kingivew click on Make choose network configuration---network...