56796 matches found
Mantis 0.x/1.0 - Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/14604/info Mantis is prone to multiple input validation vulnerabilities. These issues involve cross-site scripting, HTML injection and variable poisoning, and are due to a failure in the application to properly sanitize...
Mercury/32 3.32-4.51 - SMTP Pre-Auth EIP Overwrite Exploit
No description provided by source. / Dreatica-FXP crew ---------------------------------------- Target : Mercury/32 SMTP Server Found by : [email protected], http://www.offensive-security.com ---------------------------------------- Exploit : Mercury/32 v3.32-v4.51 SMTP Pre-Auth EIP...
BES-CMS 0.4/0.5 members/index.inc.php File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9268/info It has been reported that BES-CMS is vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The...
ImageMagick 6.x PNM Image Decoding Remote Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13351/info A remotely exploitable client-side buffer-overflow vulnerability affects ImageMagick. This issue occurs because the application fails to properly validate the length of user-supplied strings before copying them...
Java Applet Driver Manager Privileged toString() Remote Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...
KwsPHP Module jeuxflash (cat) 1.0 - Remote SQL Injection Vulnerability
No description provided by source. KwsPHP Module jeuxflash Remote SQL Injection Exploit AUTHOR : HouSSamix From H-T Team Script : KwsPHP Module jeuxflash Version : last version Bug : Remote SQL Injection Exploit Dork : inurl:index.php?mod=jeuxflash EXPLOITS :...
Internet Explorer 8 & Internet Explorer 9 - Steal any Cookie
No description provided by source. Exploit Title: Internet Explorer 8 & Internet Explorer 9 steal any Cookie Date: 27.01.2013 Exploit Author: Christian Haider; Email: christian.haider.poc @ gmail dot com; linkedin: http://www.linkedin.com/in/chrishaider Category: remote Vendor Homepage:...
Joomla Component com_bfsurvey_basic SQL Injection Vulnerability
Joomla Component combfsurveybasic SQL Injection Vulnerability + Author: FL0RiX + Greez : Wretch-x And All Friends + HomePage : http://oltan.org + Exploit; + null//and//1=0//union//select//concatusername,0x3a,passwordfl0rix,user,user//from//josusers-- F....N; Sen çok üstün zekaya sahip birisin,...
rsync <= 2.5.7 - Local stack overflow Root Exploit
No description provided by source. / rsync = 2.5.7 Local Exploit Saved EIP on stack is overwritten with address of shellcode in memory Generally rsync is not setuid or setgid so just a local shell is of no use So i used a portbinding shellcode as a PoC of a different attack vector. RET is...
Ananta Gazelle CMS - Update Statement SQL Injection
No description provided by source. Exploit Title: Ananta Gazelle CMS - Update Statement Sql injection Google Dork: - Date: 07-02-2012 Author: hackme Software Link: http://sourceforge.net/projects/ananta/files/stable/Gazelle 1.0 stable/AnantaGazelle1.0.zip/ Version: 1.0 stable Tested on: backbox 2...
WSC CMS (Bypass) SQL Injection Vulnerability
No description provided by source. ------------------------------------------------------ ------------------------------------------------------ | | | | | | | | /| ' \ / \ ' \ / /| ' \ | | | | | | / | | | | | | | | | || || |||| ||//|| || || ------------------------------------------------------...
x10 mirco blogging 121 - SQL Injection Vulnerability
No description provided by source. =========================================== x10 mirco blogging V121 SQL Injection Vulnerability =========================================== Title: x10 mirco blogging Sql Injection Vendor: www.x10media.com/micro-blog-script Dork: mirco blogging AUTHOR: ITSecTeam...
Linux/ARM - setuid(0) & kill(-1, SIGKILL) - 28 bytes
No description provided by source. / Title: Linux/ARM - setuid0 & kill-1, SIGKILL - 28 bytes Kill all processes Date: 2010-06-29 Tested: ARM926EJ-S rev 5 v5l Author: Jonathan Salwan Web: http://shell-storm.org | http://twitter.com/jonathansalwan ! Dtabase of shellcodes...
FlashChat 6.0.2-6.0.8 - Arbitrary File Upload Vulnerability
No description provided by source. Exploit Title: FlashChat File Upload Vulnerability Google Dork: intitle:FlashChat v6.0.8 Date: 02.10.2013 Exploit Author: x-hayben21 Vendor Homepage: www.punish3r.com Software Link: http://www.tufat.com/script2.htm Version: v6.0.8, v6.0.2, v6.0.4, v6.0.5, v6.0.6...
PHPX 3.x admin/forums.php CSRF Arbitrary Command Execution
No description provided by source. source: http://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative command...
ZAPms 1.41- SQL Injection Vulnerability
No description provided by source. ============================================================================================================= o ZAPms = SQL Injection Vulnerability Software : ZAPms Version : 1.41 Vendor : http://www.zapms.de Author : NoGe Contact : nogedotcodeatgmaildotcom Desc...
SX Design sipd 0.1.2 - Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9198/info It has been reported that sipd may be prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The problem is reported to exist in the gethostbynamer...
VLC 0.8.6d - httpd_FileCallBack Remote Format String Exploit
No description provided by source. / Epibite // bite since 1442 pown meme ta mamie / / Advisory from Luigi Auriemma CVE-2007-6682 / format string in VideoLAN VLC 0.8.6d Description : Format string vulnerability in the httpdFileCallBack function network/httpd.c in VideoLAN VLC 0.8.6d allows remote...
X-Cart Pro 4.0.13 - SQL Injection Proof of Concept
No description provided by source. X-Cart Pro v4.0.13 SQL Injection Proof of Concept Discovered By: s4squatch of SecureState R&D Team www.securestate.com Discovered: Mon, 08 Sep 2008 20:29:07 GMT Version: 4.0.13 obtained from www.website.com/README Can't find reference to this old vuln elsewhere...
Cisco Collaboration Server 5 XSS, Source Code Disclosure
No description provided by source. Cisco Collaboration Server 5 XSS, Source Code Disclosure Discovered by: s4squatch of SecureState R&D Team www.securestate.com Discovered: 08/26/2008 Note: End of Engineering --...
DevelopItEasy Events Calendar 1.2 - Multiple SQL Injection Vulnerabilities
No description provided by source. || || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ \ | | \ \ /\ /\ \ \ \ /...
PHP <= 5.2.3 snmpget() object id Local Buffer Overflow Exploit (EDI)
No description provided by source. ?php / Inphex reference -http://milw0rm.com/exploits/4204 317 Bytes , Windows Command Shell Bind TCP Inline , Architecture x86 , Windows TinyXP - vm. GET /script.php HTTP/1.1\n telnet 192.168.2.32 4444 Microsoft Windows XP Version 5.1.2600 C Copyright 1985-2001...
AllMyVisitors 0.x info.inc.php Arbitrary Code Execution
No description provided by source. source: http://www.securityfocus.com/bid/9664/info Reportedly the AllMyPHP applications AllMyGuests, AllMyLinks and AllMyVisitors are prone to a remote file include vulnerability. The issue is due to insufficient filtering of URI passed variables that are used i...
CompactCMS 1.4.0 (tiny_mce) Remote File Upload
No description provided by source. Title: CompactCMS 1.4.0 tinymce Remote File Upload Vendor: http://www.compactcms.nl/ AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory:...
Firebird Relational Database isc_create_database() Buffer Overflow
No description provided by source. $Id: fbisccreatedatabase.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...
Xerver HTTP Server 4.32 - XSS / Directory Traversal Vulnerability
No description provided by source. Xerver HTTP Server v4.32 XSS / Directory Traversal Vulnerability By Stack Directory Traversal Exploit : http://127.0.0.1:32123/action=chooseDirectory¤tPath=d:%5C http://127.0.0.1:32123/action=chooseDirectory¤tPath=c:\ XSS Exploit :...
DreamLevels Dream Poll 3.0 View_Results.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15849/info Dream Poll is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...
YaBB SE <= 1.5.5 - Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl YaBB SE version = 1.5.5 commands execution exploit by RST/GHC GUI version = THIS IS UNPUBLISHED RST/GHC EXPLOIT CODE KEEP IT PRIVATE coded by 1dt.w0lf http://rst.void.ru http://ghc.ru use Tk; use Tk::Menu; use LWP::UserAgent; $top = MainWindow-new...
MambWeather Mambo Module <= 1.8.1 - Remote Include Vulnerability
No description provided by source. Bug Found by h4ntu http://h4ntu.com batamhacker crew Another Mambo module remote inclusion vulneribility download : http://mamboxchange.com/frs/download.php/1498/MambWeather181.zip bug found in file : MambWeather/Savant2/Savant2Pluginoptions.php ?php / Base plug...
phpArcadeScript 2.0 displaygame.php gamefile Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/16957/info phpArcadeScript is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary...
NinkoBB 1.3RC5 XSS Vulnerability
No description provided by source. Vulnerability ID: HTB22652 Reference: http://www.htbridge.ch/advisory/xssinninkobb.html Product: NinkoBB Vendor: NinkoBB http://ninkobb.com Vulnerable Version: 1.3RC5 and probably prior versions Vendor Notification: 13 October 2010 Vulnerability Type: XSS Cross...
VWar 1.5 war.php vwar_root Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/19387/info VWar is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file...
Uebimiau Web-Mail 2.7.10/2.7.2 - Remote File Disclosure Vulnerability
No description provided by source. ---- Uebimiau Web-Mail Remote File Reader ... ITDefence.ru Antichat.ru Uebimiau Web-Mail Remote File Reader Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / / /\ / / / / / / / / / / / //\ \ / / / / // / //...
Yamamah 1.00 - Mullti Vulnerability
No description provided by source...
IBM AIX 5.6/6.1 - _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug
No description provided by source. !/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi [email protected] Property of @ Mediaservice.net Srl Data Security Division http://www.mediaservice.net/...
YourFreeWorld Short Url & Url Tracker (id) SQL Injection Vuln
No description provided by source. Short Url & Url Tracker id Remote SQL Injection Vulnerability Author: Hussin X Home : www.IQ-TY.com & www.TrYaG.cc script : http://www.yourfreeworld.com/script/shorturl.php DorK : inurl:tr.php?id= Short Url & Url Tracker Exploit :...
eTicket 1.5.5 'newticket.php' Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/27130/info eTicket is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverag...
ProfitCode Shopping Cart Multiple LFI/RFI Vulnerabilities
No description provided by source. Author: Zer0 Thunder Site : http://www.profitcode.net/ - http://profbiz-cart.sourceforge.net/ Tested on: Windows XP sp2 WampServer 2.0i - There are Cople of pages that has the LFI vuln Vuln c0de : dl-authcontent.php $returlvar = dloads; include $docroot...
68kb multi remote file include
No description provided by source. =========================================================================== Topic : 68kb Bug type : multi remote file include Download : http://68kb.googlecode.com/files/68kb-v1.0.0rc2.zip Advisory :...
Qualiteam X-Cart 4.0.8 giftcert.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities could permit remot...
2DayBiz Real Estate Portal "viewpropertydetails.php" SQL injection
No description provided by source. $------------------------------------------------------------------------------------------------------------------- $ 2daybiz Real Estate Portal viewpropertydetails.php SQL injection $ Author : Sangteamtham $ Home : Hcegroup.net $ Download...
EMC Networker Format String
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
RuubikCMS 1.1.1 (tinybrowser.php, folder param) - Path Traversal Vulnerability
No description provided by source. Exploit Title: ruubikcms v1.1.1 Path Traversal vulnerability Google Dork: powered by ruubikcms Date: 2013-6-5 Exploit Author: expl0i13r Vendor Homepage: http://www.ruubikcms.com/ Software Link: http://www.ruubikcms.com/ruubikcms/download.php?f=ruubikcms111.zip...
BosDev BosDates 3.x SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9639/info An SQL injection vulnerability has been reported to affect BosDates calendar system. The issue arises due to insufficient sanitization of user supplied data. As a result of this issue an attacker could modify th...
Race River Integard Home/Pro LoginAdmin Password Stack Buffer Overflow
No description provided by source. $Id: integardpasswordbof.rb 11344 2010-12-15 19:49:40Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...
IPBProArcade 2.5 - Remote SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11719/info A remote SQL injection vulnerability reportedly affects ipbProArcade. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query. An attacke...
Aigaion <= 1.3.3 (topic topic_id) Remote SQL Injection Vulnerability
No description provided by source. --==+================================================================================+==-- --==+ Aigaion = 1.3.3 SQL Injection Exploit +==-- --==+================================================================================+==-- DISCOVERED BY: Cody CypherXero...
Brooky CubeCart 2.0.1/2.0.4 index.php language Parameter Traversal Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/12549/info Brooky CubeCart is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow remote attackers to disclose arbitrary files and carry out...
Joomla Component com_hotbrackets Blind SQL Injection Vulnerability
Joomla Component comhotbrackets Blind SQL injection Vulnerability author : Fl0riX Name : comhotbrackets Bug Type : Blind SQL Injection Infection : Admin login bilgileri alnabilir. Demo Vuln. : TRUE+ » http://server/index.php?option=comhotbrackets&id=1 and 1=1 FALSE- »...
ezbounce 1.0/1.5 Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8071/info It has been reported that ezbounce is affected by a format string vulnerability. The condition is present in the file ezbounce/commands.cpp and can be triggered when session support is enabled. To exploit this...