56796 matches found
linux/x86-64 execve(/bin/sh) 52 bytes
No description provided by source. / Exploit Title : linux/x86-64 execve/bin/sh 52 bytes Tested on : Linux iron 2.6.38-8-generic 42-Ubuntu SMP Mon Apr 11 03:31:24 UTC 2011 x8664 x8664 x8664 GNU/Linux Date : 03/12/2011 Author : X-h4ck Email : [email protected] Website : http://www.pirate.al Greetz :...
Microsoft Works 7 WkImgSrv.dll WKsPictureInterface() ActiveX Exploit
No description provided by source. $Id: msworkswkspictureinterface.rb 10477 2010-09-25 11:59:02Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
Joomla! and Mambo com_genealogy Component - 'id' Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27887/info The Joomla! and Mambo 'comgenealogy' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue coul...
e107 <= 0.617 - XSS Remote Cookie Disclosure Exploit
No description provided by source. / 1 Change milw0rm.com to your domain.com 2 Post the below code into a new message. Credits to Nick Griffin. /str0ke /...
PostNuke pnFlashGames Module 1.5 - Remote SQL Injection Vulnerability
No description provided by source. ============================================================ PostNuke pnFlashGames Module v1.5 REmote SQL Injection ============================================================ Bulan: xoron xoron.biz + Love's the funeral of hearts The funeral of hearts And a ple...
LoudBlog 0.41 backend_settings.php language Parameter Traversal Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote...
Seditio <= 1.10 (avatarselect id) Remote SQL Injection Vulnerability
No description provided by source. Seditio = 1.10 Remote SQL Injection avatarselect id Vulnerability Discovered by: nukedx Contacts: ICQ: 10072 MSN/Mail: [email protected] web: http://www.nukedx.com Original advisory can be found at: http://www.nukedx.com/?viewdoc=52 ---- GET -...
Php-Stats 0.1.9 .2 WhoIs.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25275/info Php-Stats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
SendStudio 4.0.1 Cross Site Scripting and Security Bypass Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/37554/info SendStudio also called Email Marketer is prone to a cross-site scripting issue and a security-bypass issue. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecti...
Cisco IOS <= 12.0.2 Syslog Crash
No description provided by source. source: http://www.securityfocus.com/bid/675/info Cisco devices running classic IOS are reported prone to a denial of service vulnerability. The issue occurs when a vulnerable device receives and processes a UDP packet on UDP port 514 for syslog. This issue...
IdeaBox <= 1.1 (gorumDir) Remote File Include Vulnerability
No description provided by source. $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ IdeaBox = 1.1 gorumDir Remote File Include Vulnerability $$ script site: http://ideabox.phpoutsourcing.com/ $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$ Find by:...
Citrix Nfuse 1.6 Published Applications Information Leak Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3926/info Citrix Nfuse is an application portal server meant to provide the functionality of any application on the server via a web browser. Nfuse works in conjunction with a previously-installed webserver. If a request...
magiciso 5.0 build 0166 - Directory Traversal vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17725/info Reportedly, an attacker can carry out attacks using directory-traversal strings. These issues occur when the application processes malicious archives. A successful attack can allow the attacker to place...
VP-ASP Shopping Cart 6.50 ShopContent.ASP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24033/info VP-ASP Shopping Cart is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code...
Mozilla Firefox 1.5 - location.QueryInterface() Code Execution (osx)
No description provided by source. This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artisti...
Swiki 1.5 - HTML Injection and Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/28680/info Swiki is prone to an HTML-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...
creLoaded <= 6.15 (HTMLAREA) Automated Perl Exploit
No description provided by source. !/usr/bin/perl creLoaded = 6.15 HTMLAREA automated perl exploit hacked up by kaneda [email protected] Rather simple exploit, but still an exploit nonetheless. Attempts to upload php script and utilise that to execute commands, and show off a fake shell. C...
CastRipper 2.50.70 (.asx) Playlist Stack Overflow Exploit
No description provided by source. !/usr/bin/perl Author : Jordi Chancel CastRipper 2.50.70 : ASX playlist Stack Overflow Exploit use strict; use warnings; my $header1= \x3C\x61\x73\x78\x20\x76\x65\x72\x73\x69\x6F\x6E\x20\x3D\x20. \x22\x33\x2E\x30\x22\x20\x3E\x0D\x0D\x0A\x3C\x65\x6E\x74\x72...
Quick Classifieds 1.0 - controlcenter/userSet.php3 DOCUMENT_ROOT Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the applicati...
POWERGAP <= 2003 (s0x.php) Remote File Include Vulnerability
No description provided by source. ================================================================= powergap = s0x.php Remote File Inclusion Exploit ================================================================ Critical Level : Dangerous Venedor site : http://www.powergap-shop.de...
WebStudio CMS Index.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24297/info WebStudio CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
Microsoft Windows OLE Object File Handling Remote Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
NexusPHP 1.5 - SQL Injection
No description provided by source. Exploit Title: Nexusphp.v1.5 SQL injection Vulnerability Google Dork: intitle:nexusphp Date: 2011-10-08 Author: flyh4t Software Link: http://sourceforge.net/projects/nexusphp/ Version: nexusphp.v1.5 Tested on: linux+apache CVE : CVE-2011-4026 Nexusphp is...
PSOProxy 0.91 Remote Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/9706/info It has been reported that PSOProxy is prone to a remote buffer overflow vulnerability. The issue is due to the insufficient boundary checking. A malicious user may exploit this condition to potentially corrupt...
Auto CMS <= 1.8 - Remote Code Execution
No description provided by source. ?php / ===================================== Auto CMS = 1.8 Remote Code Execution ===================================== Author: giudinvx Email: giudinvxatgmaildotcom Date: 10/31/2010 Site: http://www.giudinvx.altervista.org/ Site CMS: http://ventics.com/autocms/...
Web Wiz Forums <= 9.07 (sub) Remote Directory Traversal Vulnerability
No description provided by source. WwW.BugReport.ir AmnPardaz Security Research Team Title: Web Wiz ForumsTM Vendor: http://www.webwizguide.com/ Bug: Directory traversal Vulnerable Version: 9.07 Exploit: Available Fix Available: No! Fast Solution is available. - Description: Web Wiz Forums bullet...
myPHPNuke 1.8.8 download.php dcategory Parameter XSS
No description provided by source...
Php-Stats 0.1.9.2 Tracking.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25674/info Php-Stats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
Quick Classifieds 1.0 - controlpannel/alterFeatured.php3 DOCUMENT_ROOT Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the applicati...
Ultimate PHP Board <= 1.96 GOLD Multiple Vulnerabilities Exploit
No description provided by source. ?php / Advisory: http://www.kliconsulting.com/users/mbrooks/UPBadvisory.rtf Vendors site: http://forum.myupb.com/ Download: http://fileserv.myupb.com/download.php?url=upb196GOLD.zip http://prdownloads.sourceforge.net/textmb/upb1.8.2.zip?download Download Mirror:...
WebStudio CMS - (pageid) Remote Blind SQL Injection Vulnerability (mil mixup)
No description provided by source. submitted: 09/01/2008 10:01 AM ----------------------------------------------------------------------------------- Scr!pt : WebStudio CMS V3rs!0n : ! S!t3 : http://www.bdigital.biz/?pageid=214 Dork : Powered by WebStudio Auth0r : BorN To K!LL...
JITed egg-hunter stage-0 shellcode Adjusted universal for xp/vista/win7
No description provided by source. // JITed egg-hunter stage-0 shellcode // Permanent DEP bypass // // By Alexey Sintsov // [email protected] // [email protected] // // DSecRG - Digital Security Research Group dsecrg.com// // // TAG=3135330731353307 // its mean 0x07333531 twice! // // // This versi...
Loggix Project <= 9.4.5 - Multiple Remote File Include Vulnerability
No description provided by source. In The Name Of Allah Loggix Project = 9.4.5 Multiple Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/loggix/files/ Author : cr4wl3r Contact : cr4wl3r4tlinuxmaildotorg Location : Gorontalo - INDONESIA Blog :...
PhpHostBot <= 1.06 (svr_rootscript) Remote File Inclusion Vulnerability
No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV83$2007 ----------------------------------------------------------------------------------------- ECHOADV83$2007 PhpHostBot = 1.06 svrrootscript Remote File Inclusion...
Novell NetMail <= 3.52d IMAP APPEND Buffer Overflow
No description provided by source. $Id: novellnetmailappend.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...
68kb Knowledge Base 1.0.0rc3 - Edit Main Settings CSRF
No description provided by source. Exploit Title: 68kb Knowledge Base v1.0.0rc3 edit main settings CSRF Date: 2010-04-02 Author: Jelmer de Hen Software Link: http://68kb.googlecode.com/files/68kb-v1.0.0rc3.zip Version: v1.0.0rc3 html body onload=document.forms'editsettings'.submit form...
TopList <= 1.3.8 (phpBB Hack) Remote Inclusion Exploit
No description provided by source. TopList Hack for PHPBB = 1.3.8 Remote File Inclusion Based on http://milw0rm.com/exploits/1722 Bug found by : Oo No more uploading php shells !!! This is my way of php include exploitation !!! Learn to play with sockets !!! FOXMULDER [email protected]...
Microsoft Internet Explorer 6.0 Double Slash Cache Zone Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8980/info A vulnerability has been reported in Internet Explorer that may allow cached Internet content to be rendered in the My Computer zone. It is possible to exploit this issue by including an extra slash when...
iSupport 1.8 ticket_function.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/37380/info iDevSpot iSupport is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input An attacker may leverage these issues to execute arbitrary...
FlatNuke 2.5.x Index.PHP Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/15172/info FlatNuke is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to...
RuubikCMS 1.1.1 - Stored XSS Vulnerability
No description provided by source. Exploit Title: ruubikcms v1.1.1 Stored XSS Google Dork: powered by ruubikcms Date: 2013-6-5 Exploit Author: expl0i13r Vendor Homepage: http://www.ruubikcms.com/ Software Link: http://www.ruubikcms.com/ruubikcms/download.php?f=ruubikcms111.zip Version: 1.1.1 Test...
BES-CMS 0.4/0.5 hacking.php File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9268/info It has been reported that BES-CMS is vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The...
SquirrelMail 1.2.x From Email Header HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10450/info SquirrelMail is reported to be prone to a 'from' field email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings. An...
CartWIZ 1.10 ProductCatalogSubCats.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13331/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. Successful exploitatio...
RedBLoG 0.5 admin/index.php root_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/20115/info The redblog application is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...
VisualShapers EzContents 2.0.3 Loginreq2.PHP Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19780/info ezContents is prone to a cross-site scripting vulnerability because it fails to sanitize input before displaying it to users of the application. An attacker may leverage this issue to have arbitrary script code...
Fusion News 3.3 Unauthorized Account Addition Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8441/info Fusion News is prone to an access validation error allowing a user to add arbitrary user/administrator accounts through manipulating URI parameters. Successful exploitation of this error may allow a user to...
Ultrastats <= 0.2.142 (players-detail.php) Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; ! Discovered.: DNX ! Vendor.....: http://www.shooter-szene.de | http://www.ultrastats.org ! Detected...: 29.06.2008 ! Reported...: 04.07.2008 ! Response...: xx.xx.2008 ! Background.: UltraStats is a very...
geeeekShop 1.4 Information Disclosure Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/8380/info geeeekShop is prone to multiple information disclosure vulnerabilities. Passing invalid data as URI parameters to geeeekShop scripts, will cause an error message to be displayed, which contains installation path...
PHP Classifieds 7.5 - Blind SQL Injection Vulnerability
No description provided by source. Dear Sir / Madam The ItSecTeam has discovered a new bug in PHP Classifieds Lastest Version and will be glad to report and public it . More information about this bug is listed below :...