56796 matches found
TimeClock CSRF Remote Add Admin Exploit
No description provided by source...
Hunkaray Okul Portaly 1.1 Haberoku.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24288/info Hünkaray Okul Portalý is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue by manipulating...
acFTP 1.4 Invalid Password Weak Authentication Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6235/info A vulnerability has been reported for acFTP. Reportedly, acFTP allows users to authenticate without a valid password. An attacker can exploit this vulnerability and log on to the vulnerable FTP server without ne...
PHPMyAdmin 2.8.1 Set_Theme Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17142/info phpMyAdmin is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...
iScripts EasyCreate CMS 2.0 - Multiple Vulnerabilities
No description provided by source...
Invision Gallery <= 2.0.7 ReadFile() & SQL Injection Exploit (linux)
No description provided by source. / | || || | | |/ / | || | | / - | | ' | ' | / | ' \ - |||||||\|||, |||// hellknights.void.ru |/ coded by 1nf3ct0r Windows, ported by ShadOSLinux Invision Gallery = 2.0.7 ReadFile & SQL injection exploit +-------------+ | Uzage: | +-------------+ + ReadFile: -...
Mp3 Digitalbox 2.7.2.0 (.mp3) Local Stack Overflow PoC
No description provided by source. !/usr/bin/perl Mp3 Digitalbox 2.7.2.0 .mp3 Local Stack Overflow POC Author : v3n0m Site : http://yogyacarderlink.web.id/ Group : YOGYACARDERLINK Date : July, 02-2010 INDONESIA Software : Mp3 Digitalbox Version : 2.7.2.0 Other versions may also be affected Downlo...
D-Link DIR-505 1.06 - Multiple Vulnerabilities
Multiple vulnerabilities on D-Link Dir-505 devices ================================================== ADVISORY INFORMATION Title: Multiple vulnerabilities on D-Link Dir-505 devices Discovery date: 05/04/2013 Release date: 09/09/2013 Credits: Alessandro Di Pinto alessandro.dipinto artificialstudio...
WebPhotoPro Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/32829/info WebPhotoPro is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...
PHPHeaven PHPMyChat 0.14.5 Start-Page.CSS.PHP3 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13627/info phpMyChat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
Techno Dreams Articles & Papers 2.0 - Remote SQL Injection Vulnerability
No description provided by source. Title : Articles&Papers Package =v2.0ArticlesTableview.asp Remote SQL Injection Vulnerability Author : ajann Script Page : http://www.t-dreams.com Exploit; http://target/path/ArticlesTableview.asp?key='SQL HERE Example:...
wbstreet 1.0 (sql/dd) Multiple Vulnerabilities
No description provided by source. =================================================================== Wbstreet v.1.0 show.php id Remote SQL Injection Vulnerability =================================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' ...
RedHat Linux 6.0/6.1/6.2 pam_console Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1176/info A vulnerability exists in the pamconsole PAM module, included as part of any Linux system running PAM. pamconsole exists to own certain devices to users logging in to the console of a Linux machine. It is design...
Joomla Component Juke Box com_jukebox Local File Inclusion Vulnerability
No description provided by source...
SGI IRIX <= 6.3 -xrm Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/334/info A vulnerability exists in the X libraries as supplied with Silicon Graphics IRIX operating system. By placing a carefully constructed buffer as the argument to the -xrm option, an attacker can execute arbitrary...
Clam AntiVirus <= 0.88.4 CHM Chunk Name Length DoS PoC
No description provided by source. !/usr/bin/perl Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability Took Damian Put's poc and shortened it just a little. All credits to Damian Put pucikatgazeta.pl [email protected] www.overflow.pl /str0ke my $clam =...
Cisco VPN 5000 Client Buffer Overrun Vulnerabilities (1)
No description provided by source. source: http://www.securityfocus.com/bid/5734/info Buffer overrun vulnerabilities have been reported in the Cisco VPN 5000 UNIX clients available for Linux and Solaris systems. The condition affects the binaries 'closetunnel' and 'opentunnel', both installed...
PHP RapidKill Pro 5.x Shell Upload Vulnerability
No description provided by source. Exploit Title: PHP RapidKill Pro 5.x Shell Upload Vulnerability Date: 16.04.2010 Author: DigitALL Software Link: Code : g00gle d0rk: PHP RapidKill Pro 3xpl0it: Link to Download: http://site.com/shell.txt r57 or DigitALL Shell And Click To FLES And Action Rename...
mBlogger 1.0.04 (viewpost.php) - SQL Injection Exploit
No description provided by source...
friendsinwar FAQ Manager (view_faq.php, question param) SQL Injection Vulnerability
No description provided by source. Exploit Title: friendsinwar FAQ Manager SQL Injection URL Vulnerability Date: 16.11 2012 Exploit Author: unsuprise Vendor Homepage: http://www.friendsinwar.com Software Link:http://www.friendsinwar.com/scriptdemo/thefaqmanager/ Tested on: Windows 7, Xampp Blog :...
Direct News 4.10.2 - Multiple Remote File Include Vulnerability
No description provided by source. \|/// \ - - // @ @ ----oOOo---oOOo-------------------------------------------------- Direct News 4.10.2 Multiple Remote File Include Vulnerability Script: http://code.google.com/p/directnews/downloads/list Author: mat Mail: [email protected]...
Boozt Standard 0.9.8 index.cgi Buffer Overrun Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6281/info A vulnerability has been discovered in Boozt. By passing a malicious parameter of excessive length to the index.cgi script, it is possible to overrun a buffer. This could be exploited by a remote attacker to...
Renista CMS BUG
No description provided by source...
Epic 1.0.1/1.0.x CTCP Nickname Server Message Buffer Overrun Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8999/info A remotely exploitable buffer overrun has been reported in Epic. This issue may reportedly be exploited by a malicious server that supplies an overly long nickname in a CTCP messages, potentially allowing for...
Cisco VPN 5000 Client Buffer Overrun Vulnerabilities (2)
No description provided by source. source: http://www.securityfocus.com/bid/5734/info Buffer overrun vulnerabilities have been reported in the Cisco VPN 5000 UNIX clients available for Linux and Solaris systems. The condition affects the binaries 'closetunnel' and 'opentunnel', both installed...
Verisign MPKI 6.0 Haydn.EXE Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17170/info MPKI 6.0 is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to spoof the results of...
EasyImageCatalogue 1.31 - thumber.php dir Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/28164/info onlinetools.org EasyImageCatalogue is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...
XnView 1.98.8 TIFF Image Processing Heap Overflow (2)
No description provided by source. Application: XnView TIFF Image Processing Heap Overflow Platforms: Windows Secunia: SA48666 PRL: 2012-15 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2 Report Timeline 3...
ZIP Password Recovery Professional 5.1 (.zip) - Crash PoC
No description provided by source. Exploit Title: ZIP Password Recovery Professional 5.1 .zip - Crash POC Date: 30.11.2013 Exploit Author: KAI - KAISAI12 Version: 5.1 Vendor Homepage: http://www.recoverlostpassword.com/ Tested on: Windows 7...
Randshop Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/15599/info Randshop is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit...
Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/20471/info The Netscape Portable Runtime API running on Sun Solaris 10 operating system is prone to a local privilege-escalation vulnerability. A successful exploit of this issue allows an attacker to gain superuser...
MinaliC Webserver 1.0 - Directory Traversal Vulnerability
No description provided by source. ------------------------------------------------------------------------ Software................MinaliC Webserver 1.0 Vulnerability...........Directory Traversal Download................http://sourceforge.net/projects/minalic/ Release Date............10/24/2010...
ezContents 2.0.3 showlinks.php GLOBALS[admin_home] Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote fi...
Cisco Unity Express Multiple Vulnerabilities
No description provided by source. Exploit Title: Cisco Unity Express Multiple Vulnerabilities Reported: December 2012 Disclosed: February 2013 Author: Jacob Holcomb of Independent Security Evaluators CVE: XSS - CVE-2013-1114 and CSRF - CVE-2013-1120...
Microsoft IIS 4.0/5.0 Device File Local DoS Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2973/info Microsoft IIS is prone to denial of service attacks by local users. This issue is exploitable if the local attacker can create an .asp file which makes calls to various devices names. The local attacker must of...
Hanso Player 1.3.0 - (.m3u) Denial of Service Vulnerability
No description provided by source. Exploit Title: Hanso Player Version 1.3.0 .m3u DoS Date: 10/02/2010 Author: xsploited security Software Link: http://www.hansotools.com/downloads/hanso-player-setup.exe Version: 1.3.0 Tested on: Windows XP Pro SP3 CVE : N/A EAX 00000001 ECX 80567B8E EDX EDD619A0...
AWStats 5.7 - 6.2 - Multiple Remote Exploit
No description provided by source. / AWStats v5.7 - v6.2 sileAWSxpl This exploit utilize three methods for exploiter the vulnerability found on AWStats software. an user can execute remote code on vulnerable machine, with httpd privileges. References: www.securityfocus.org/bid/12543 coded by:...
MercuryBoard <= 1.1.4 - SQL Injection Exploit
No description provided by source. !/usr/bin/perl MercuryBoard =1.1.4, MySQL = 4.1 sql injection exploit by RST/GHC note: you need first register on forum for get id and login after what logout from forum and run exploit note2: edit timestamp in sources if exploit not work ; coded by 1dt.w0lf...
Microsoft Windows XP/2003 - RPCSS Service Isolation Local Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/34443/info Microsoft Windows is prone to a privilege-escalation vulnerability. Successful exploits may allow attackers to elevate their privileges to LocalSystem, which would facilitate the complete compromise of affected...
VMware Server <= 2.0.1,ESXi Server <= 3.5 Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/36842/info VMware products are prone to a directory-traversal vulnerability because they fail to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information...
MS13-059 Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
PHProjekt 2.x/3.x Login Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4596/info PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHPProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft Windows...
NetDecision 4.5.1 HTTP Server Buffer Overflow
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
cPanel 5-9 Local Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10407/info cPanel is reported prone to a privilege escalation vulnerability. It is reported that the options used by cPanel to compile Apache 1.3.29 and PHP using the modphpsuexec option are insecure. These settings will...
Sami FTP Server 1.1.3 Invalid Command Argument Local DoS
No description provided by source. source: http://www.securityfocus.com/bid/9657/info Sami FTP Server has been reported prone to multiple remote denial of service vulnerabilities. It has been reported that an attacker who has sufficient credentials to access a vulnerable server, may cause the...
Sami FTP Server 1.1.3 - Library Crafted GET Request Remote DoS
No description provided by source. source: http://www.securityfocus.com/bid/9657/info Sami FTP Server has been reported prone to multiple remote denial of service vulnerabilities. It has been reported that an attacker who has sufficient credentials to access a vulnerable server, may cause the...
amoeba cms 1.01 - Multiple Vulnerabilities
No description provided by source. !/usr/bin/python Amoeba CMS v1.01 multiple remote vulnerabilities: Vendor: http://www.amoebacms.com/ Found by: mrme Contact date: 20/12/2010 2:37pm EST SQL Injection: ============= There is quite a few instances of pre/post auth SQL Injection in the web...
Amlibweb NetOpacs webquery.dll Stack Buffer Overflow
No description provided by source. $Id: amlibwebwebquerydllapp.rb 11039 2010-11-14 19:03:24Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
Joomla Component com_rwcards - Local File Inclusion
No description provided by source. Author : altbta [email protected]:[email protected] Team : Sec Attack Team Home : www.v4-team.com/cchttp://www.v4-team.com/cc Script : Joomla Component comrwcards Bug Type : Local File Inclusion LFI Dork : inurl:comrwcards === Exploit ===...
Group Office Calendar (calendar/json.php) SQL Injection
No description provided by source. /-------------------------------------\ | Group-Office Calendar SQL Injection | -------------------------------------/ Summary ======= Versions of Group-Office a web app for online collaboration prior to 4.0.90 are subject to a SQL injection vulnerability locate...