56796 matches found
Photo Transfer Upload 1.0 iOS - Multiple Vulnerabilities
No description provided by source...
RedStorm Ghost Recon Game Engine Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9738/info The Ghost Recon Game Engine has been reported prone to a denial of service vulnerability. When handling text strings, the Ghost Recon Game Engine employs a 32-bit integer string size prefix in order to monitor t...
MS Windows Server Service - Code Execution Exploit (MS08-067)
No description provided by source. !/usr/bin/env python Ms08067 exploit by Oopohh 这个exploit的payload我只写了windows xp sp2版本的,其他像是2000 ,2003 ,xp sp3 的版本只能触发程序崩溃.另外这个远程exploit可以执行关机命令. 需要安装python库impacket from impacket.dcerpc import transport,dcerpc from impacket import uuid shellcode = '' shellcode +=...
Multiple Vendor AgentX++ Stack Buffer Overflow
No description provided by source. Exploit Title: Multiple Vendor AgentX++ Stack Buffer Overflow Vulnerability Date: 2010-04-17 Author: ZSploit.com Software Link: N/A Version: N/A Tested on: RealNetworks Helix Server v11 CVE : CVE-2010-1318 ! /usr/bin/env python File : zsagentxbof.py Description:...
Softbiz Classifieds Script advertisers/signinform.php msg Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/32569/info Softbiz Classifieds Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary scri...
HP-UX 10.20 registrar Local Arbitrary File Read Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1919/info The registrar service that ships with version 10.20 possibly others of HP's HP-UX operating system contains a vulnerability that may allow a local user to read any file on the hosts filesystem. The service which...
Campsite 2.6.1 DatabaseObject.php g_documentRoot Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. Exploiting this issue allows remote attackers to execute code in the context of the webserver. This issue affects Campsite 2.6.1. Earlier...
YepYep MTFTPD 0.2/0.3 - Remote CWD Argument Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12947/info mtftpd is reported prone to a remote format string vulnerability. Reports indicate that this issue may be exploited by a remote authenticated attacker to execute arbitrary code in the context of the vulnerable...
PwsPHP 1.2.3 Index.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16567/info PwsPHP is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow...
Crysis <= 1.1.1.5879 Remote Format String Denial of Service PoC
No description provided by source. The Crysis engine passes along internal debug strings through the game. One of them is passed to vsprintf in the crt lib: 30503263 8D8C24 10100000 LEA ECX,DWORD PTR SS:ESP+1010 3050326A 51 PUSH ECX 3050326B 50 PUSH EAX 3050326C 8D5424 08 LEA EDX,DWORD PTR SS:ESP...
Campsite 2.6.1 UrlType.php g_documentRoot Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. Exploiting this issue allows remote attackers to execute code in the context of the webserver. This issue affects Campsite 2.6.1. Earlier...
MyNews 1.0 CMS - SQL Injection, Local File Inclusion and XSS Vulnerabilities
No description provided by source...
Pserv 2.0 User-Agent HTTP Header Buffer Overflow Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/6286/info A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections. An attacker can exploit this vulnerability by issui...
Red Hat Directory Server 7.1 - Multiple Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/23709/info Red Hat Directory Server is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal...
Mail Manage EX 3.1.8 MMEX Script Settings Parameter Remote PHP File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10457/info Mail Manage EX is reportedly prone to a remote file include vulnerability. This vulnerability results from insufficient sanitization of user-supplied data and may allow remote attackers to include arbitrary PHP...
Apple iPhone <= 2.2.1 Call Approval Dialog Security Bypass Vulnerability (3)
No description provided by source. source: http://www.securityfocus.com/bid/35425/info Apple iPhone is prone to a security-bypass vulnerability that may cause a call to be placed automatically. Successfully exploiting this issue may allow attackers to bypass the Mail's call-approval dialog and...
wordpress social discussions plugin 6.1.1 - Multiple Vulnerabilities
No description provided by source. waraxe-2012-SA093 - Multiple Vulnerabilities in Wordpress Social Discussions Plugin ====================================================================================== Author: Janek Vind waraxe Date: 17. October 2012 Location: Estonia, Tartu Web:...
PNG Counter 1.0 Demo.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14392/info PNG Counter is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web page...
Novell NetMail 3.x Automatic Script Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14171/info Novell NetMail email client is prone to an input validation vulnerability. Reports indicate that HTML and JavaScript attached to received email messages is executed automatically, when the email message is...
PHP Interpreter 3.0.x/4.0.x/4.1/4.2 Direct Invocation Denial of Service
No description provided by source. source: http://www.securityfocus.com/bid/5280/info It is possible, under some circumstances, for remote attackers to invoke the PHP interpreter from the web. If the interpreter is invoked with no command line options, it will hang. Attackers may exploit this...
Winn Guestbook 2.4, Winn.ws - Cross Site Scripting Vulnerability
No description provided by source...
WebCalendar 0.9.x week.php user XSS
No description provided by source. source: http://www.securityfocus.com/bid/8539/info It has been reported that WebCalendar is prone to multiple cross-site scripting vulnerabilites in various modules. The issues exist in includes/js/colors.php, week.php, day.php, month.php, weekdetails.php,...
osCommerce 2.2 admin/manufacturers.php page Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the...
Outlook Express 6 Attachment Security Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3271/info Microsoft Outlook Express 6 contains a new security feature which prevents users from opening potentially harmful file attachments. A vulnerability exists which allows a file embedded within an HTML frame in an...
IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability
No description provided by source. !/usr/bin/perl Source: http://www.protekresearchlab.com/index.php?option=comcontent&view=article&id=23&Itemid=23 use Getopt::Std; use IO::Socket::INET; $SIGINT = \ my $host = '192.168.100.66'; my $port = 389; my $proto = 'tcp'; my $sockType = SOCKSTREAM; my...
Ganib Project Management 2.3 - SQL Injection
No description provided by source. Exploit title: Ganib 2.x SQLi Date: 02/02/2014 Exploit author: drone @dronesec More information: http://forelsec.blogspot.com/2014/02/ganib-project-management-23-multiple.html Vendor homepage: http://www.ganib.com/ Software link:...
Text File Search Classic TextFileSearch.ASP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25350/info Text File Search Classic is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script...
Wordpress Beer Recipes Plugin 1.0 XSS
No description provided by source. Exploit Title: Wordpress - Beer Recipes v.1.0 XSS Google Dork: - Date: June / 25 / 2011 Author: TheUzuki.' Software Link: http://opensourcebrew.org/beer-recipes-plugin/ Version: v.1.0 Tested on: Windows 7 CVE : - SIESTTA 2.0 LFI/XSS Multiple Vulnerabilities...
Unicorn Router WB-3300NR CSRF (Factory Reset/DNS Change)
No description provided by source. Exploit Title: Unicorn Router WB-3300NR CSRF Factory Reset/DNS Change Exploit Author: absane Blog: http://blog.noobroot.com Discovery date: October 29th 2013 Vendor Homepage: http://www.eunicorn.co.kr/kimsboard7/product.php?inc=wb-3300nr Tested on: Unicorn...
Oracle HTTP Server 8.1.7/9.0.1/9.2 isqlplus Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9484/info Oracle HTTP Server is reportedly prone to a cross-site scripting issue. This could permit a remote attacker to create a malicious link to the web server that includes hostile HTML and script code. If this link...
KSP 2006 FINAL (.M3U) Universal Local Buffer Exploit (SEH)
No description provided by source. !/usr/bin/perl by hack4love [email protected] KSP 2006 FINAL .M3U Universal Local Buffer Exploit SEH http://download.cnet.com/KSP/3000-21394-10540099.html?tag=mncol easy this work sooooooooo good USEKSPPLAYLISTLOADHACK4LOVE.M3U BOOM CALC INFO::WE HAVE ONLEY...
Axis2 / SAP BusinessObjects Authenticated Code Execution (via SOAP)
No description provided by source. $Id: axis2deployer.rb 11330 2010-12-14 17:26:44Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
FipsCMS 2.1 PID Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23850/info fipsCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
CUPS < 1.3.8-4 - (pstopdf filter) Privilege Escalation Exploit
No description provided by source. / cve-2008-5377.c CUPS 1.3.8-4 pstopdf filter exploit Jon Oberheide [email protected] http://jon.oberheide.org Usage: $ gcc cve-2008-5377.c -o cve-2008-5377.c $ ./cve-2008-5377 $ id uid=0root gid=1000vm ... Information:...
Simple Machines Forum <= 1.1.4 - Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/28493/info Simple Machines Forum is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary...
BBlog 0.7.4 PostID Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13398/info bBlog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result...
PALS Library System WebPALS 1.0 pals-cgi Traversal Arbitrary File Read
No description provided by source. source: http://www.securityfocus.com/bid/2372/info A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root...
CityPost PHP Image Editor M3 URI Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13258/info CityPost Image Cropper/Resizer is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'image-editor-52.php' script...
NetTransport Download Manager 2.90.510 Buffer Overflow
No description provided by source. $Id: nettransport.rb 10150 2010-08-25 20:55:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...
FForm Sender 1.0 Processform.PHP3 Name Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14324/info A cross-site scripting vulnerability affects Form Sender. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages...
ScozBook 1.1 Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7236/info A path disclosure vulnerability has been reported for ScozBook. The issue occurs when a request is made to the view.php script page. Access to sensitive filesystem information may aid an attacker in launching...
SafeTP 1.46 Passive Mode Internal IP Address Revealing Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5822/info SafeTP is a freely available, open source secure ftp client-server software package. It is available for Unix, Linux, and Microsoft Operating Systems. It has been reported that under some circumstances, the Safe...
Linux Kernel 2.4.x/2.6.x Bluetooth Signed Buffer Index Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/12911/info A local signed-buffer-index vulnerability affects the Linux kernel because it fails to securely handle signed values when validating memory indexes. A local attacker may leverage this issue to gain escalated...
PHP-Nuke Sections Module - 'artid' Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27879/info The PHP-Nuke Sections module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacke...
BeyondCHM 1.1 - Buffer Overflow
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= ============================================================================= BeyondCHM 1.1 Buffer Overflow price 32.56 EUR Url:...
Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/1780/info Share level password protection for the File and Print Sharing service in Windows 95/98/ME can be bypassed. Share level access provides peer to peer networking capabilities in the Windows 9x/ME environment. It...
SPBAS Business Automation Software 2012 - Multiple Vulnerabilities
No description provided by source. SPBAS Business Automation Software- XSS & CSRF Vulnerability Date: 16 June 2013 Author: Christy Philip Mathew - www.offcon.org Vendor or Software Link: http://www.spbas.com Version: 2012 1.XSS Vulnerability a Client Area - My Info - Update the first name and las...
Painkiller <= 1.3.1 - Denial of Service Exploit
No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h ifdef WIN32 include winsock.h include winerr.h define close closesocket else include unistd.h include sys/socket.h include sys/types.h include arpa/inet.h include netdb.h endif define VER 0....
GetWare Web Server Component Content-Length Value Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9451/info The GetWare Web Server component has been reported prone to a remote denial of service vulnerability. It has been reported that the issue will present itself when the affected web server receives malicious HTTP...
Joomla 3.2.1 - SQL Injection Vulnerability
No description provided by source. Exploit Title: Joomla 3.2.1 sql injection Date: 05/02/2014 Exploit Author: [email protected] Vendor Homepage: http://www.joomla.org/ Software Link: http://joomlacode.org/gf/download/frsrelease/19007/134333/Joomla3.2.1-Stable-FullPackage.zip Version: 3.2.1 default...