56796 matches found
AoA MP4 Converter 4.1.2 - ActiveX Exploit
No description provided by source. !-- Exploit Title: AoA MP4 Converter ActiveX Date: 19.05.2014 Author:metacom Website: www.rstforums.com Software Link: www.aoamedia.com/AoAMP4Converter.exe Version: 4.1.2 Tested on: Windows xp sp3EN IE 6.0 -- html object...
Microsoft MPEG Layer-3 Audio Decoder Division By Zero
No description provided by source...
Lazarus Guestbook 1.6 codes-english.php show Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/18956/info Lazarus Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute...
BulletProof FTP Client 2010 - Buffer Overflow Vulnerability
No description provided by source. Title: ====== BulletProof FTP Client 2010 - Buffer Overflow Vulnerability Date: ===== 2012-04-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=475 VL-ID: ===== 475 Introduction: ============= BPFTP Client is a fully automated FTP...
MetaDot Portal Server 5.6.x index.pl Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/9439/info A number of vulnerabilities have been found in all version of MetaDot Corporation's MetaDot Portal Server. Due to a failure of the software to properly validate user input, an attacker may be able to corrupt dat...
netbsd/x86 setreuid(0, 0); execve("/bin//sh", ..., NULL); 29 bytes
No description provided by source. / minervini at neuralnoise dot com c 2005 NetBSD/i386 2.0, setreuid0, 0; execve/bin//sh, ..., NULL; note: unsafe shellcode, but 29 bytes long; doesn't work if eax & 0x40000000 != 0; / include sys/types.h include stdio.h include string.h char scode = \x99 // cltd...
Kroum Grigorov KpyM Telnet Server 1.0 - Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9379/info KpyM Telnet Server has been reported to be prone to a remote denial of service vulnerability. Due to a lack of resource limitations, a remote attacker may negotiate multiple connections to the affected server...
CommuniGate Pro 5.2.14 Web Mail URI Parsing HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35783/info CommuniGate Pro is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to run HTML and script code in the context ...
Gregarius <= 0.5.4 rsargs[] Remote SQL Injection Vulnerability
No description provided by source. GulfTech Security Research July 29, 2008 Vendor : Marco Bonetti URL : http://www.gregarius.net/ Version : Gregarius = 0.5.4 Risk : SQL Injection Description: Gregarius is a popular web-based RSS/RDF/ATOM feed aggregator written in php. There are some SQL Injecti...
Simple one-file gallery gallery.php f Parameter Traversal Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/22700/info Simple one-file gallery is prone to multiple input-validation vulnerabilities, including a local file-include issue and a cross-site scripting issue. An attacker can exploit these issues to steal cookie-based...
iCal 3.7 Malformed HTTP Request Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6505/info A denial of service vulnerability has been reported for iCal. The vulnerability occurs when iCal receives a specially formatted HTTP request. This will cause iCal to crash thereby leading to a denial of service...
Classifieds Script SQL Injection Vulnerability
No description provided by source. 1 1 0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Classifieds SQL Injection Vendor url:http://getaphpsite.com Version...
Magic Photo Storage Website include/db_config.php _config[site_path] Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...
Magic Photo Storage Website admin/delete_member.php _config[site_path] Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...
Pivot <= 1.30 RC2 Privileges Escalation/Remote Code Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo Pivot = 1.30 RC2 privileges escalation / remote commands execution exploit\n; echo by rgod [email protected]\n; echo site: http://retrogod.altervista.org\n; echo dorks: \Powered byPivot\n; echo version specific:...
Gravy Media Photo Host 1.0.8 - Local File Disclosure Vulnerability
No description provided by source. ================================================================== =========Gravy Media Photo Host 1.0.8 Local File Inclusion======== ================================================================== Vendor:http://www.gravy-media.com/ Download:register to...
ossim 0.9.9rc5 (xss/SQL Injection) Multiple Vulnerabilities
No description provided by source. Application: OSSIM http://www.ossim.net Version: 0.9.9rc5 Note: it is possible that the problem affects also earlier OSSIM versions Platforms: Linux Bug: SQL injection, Cross Site Scripting Exploitation: remote Date: 21 Feb 2008 Author: Marcin Kopec E-mail:...
MiniHttpServer Web Forum & File Sharing Server 4.0 Add User Exploit
No description provided by source. /================================================================ MiniHTTPServer.NET 's Web Forum & File Sharing Server Power Pack 4 latest version available for sale on their website http://www.minihttpserver.net/bbs/index.php has multiple vulnerabilities with...
SportsPHool <= 1.0 (mainnav) Remote File Include Vulnerability
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = '63866' ssvid version = '1.0' author = '皮皮' vulDate = '2006-08-21' createDate = '2015-12-24...
Microsoft Internet Explorer 5.0.1/6.0 Structured Graphics Control Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18855/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability because it fails to handle ActiveX controls properly. This issue is triggered when an attacker convinces a victim user to activate a...
Saxon 5.4 Example.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26238/info Saxon is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
MS Virtual Machine 2000/3100/3200/3300 Series com.ms.activeX.ActiveXComponent Arbitrary Program Execution
No description provided by source. source: http://www.securityfocus.com/bid/1754/info If a malicious website operator were to embed a specially crafted java object into a HTML document, it would be possible to execute arbitrary programs on a target host viewing the webpage through either Microsof...
TriO <= 2.1 (browse.php id) Remote SQL Injection Vulnerability
No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ dunatstrcpy.pl TriO = 2.1 Remote SQL Injection Vulnerability Script: TriO, iO's new web-based module, enables you to...
FastStone 4in1 Browser 1.2 Web Server Remote Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12937/info A vulnerability has been identified in the handling of certain types of requests by the 4in1 Browser Web server. Because of this, it is possible for an attacker to gain access to potentially sensitive system...
YaBB 2.0 - Remote UsersRecentPosts Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12756/info A remote cross-site scripting vulnerability affects YaBB. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. A...
OrbitHYIP 2.0 signup.php referral Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17766/info OrbitHYIP is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...
Roundup 0.5/0.6 - Remote File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10495/info Roundup is prone to a remote file disclosure vulnerability. A remote user can disclose files on a vulnerable computer by using the /home/@@file/ prefix and '../' directory traversal sequences. This vulnerabilit...
SoftBiz Image Gallery 0 mage_desc.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/17339/info Softbiz Image Gallery is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A...
LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server Remote Code Execution Vulnerability
No description provided by source. LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server AMTConfig.Business.dll RunAMTCommand Remote Code Execution Vulnerability Tested against: Microsoft Windows Server 2003 r2 sp2 Software home page: http://www.landesk.com/lenovo/thinkmanagement-console.aspx...
NCT Jobs Portal Script - XSS and Authentication Bypass
No description provided by source...
Zoom Media Gallery 2.1.2 Index.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13094/info zOOm Media Gallery is reportedly affected by a remote SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query...
Multiple D-Link Router Models Authentication Bypass Vulnerability
No description provided by source. Exploit Title: Multiple D-Link Router Authentication Bypass Vulnerabilities Date: 12-01-2011 Author: Craig Heffner, /dev/ttyS0 Firmware Link: http://www.dlink.co.uk/ Firmware Versions: All Tested on: DIR-300, DIR-320, DIR-615 revD Multiple D-Link routers that us...
CakePHP <= 1.3.5 / 1.2.8 Cache Corruption Exploit
No description provided by source. $Id: cakephpcachecorruption.rb 11579 2011-01-14 16:25:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
Windows XP Home Edition SP3 English (calc.exe) 37 bytes
No description provided by source. / Windows Xp Home edition SP3 english calc.exe 37 bytes shellcode by: Hazem mofeed The Shellcode: http://www.exploit-db.com/exploits/11598 Modified to working In SP3, Home: www.pentestlabs.com greetz: ProViDoR , ExH , rUnVirUs , Sinaritx , Datafr34k3r , Br1ght...
StoryBoard Quick 6 Stack Buffer Overflow
No description provided by source. NameLStoryBoard Quick 6 Stack Buffer Overflow Vendor Website:http://www.powerproduction.com/ Date Released:29/11/2011 Affected Software: StoryBoard Quick 6 potentially also StoryBoard Artist and StoryBoard Studio Researcher: Nick Freeman...
dotnetindex Professional Download Assistant 0.1 SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/32706/info Professional Download Assistant is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...
Hosting Controller 6.1 resellerresources.asp jresourceid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/13806/info Hosting Controller is reported prone to multiple vulnerabilities. These issues can allow an attacker gain unauthorized access to data and carry out SQL injection attacks. These issues reportedly affect Hosting...
Linux Kernel <= 2.2.25, <= 2.4.24, <= 2.6.2 - "mremap()" Local Proof-of-Concept (2)
No description provided by source. / Proof-of-concept exploit code for domremap 2 Copyright C 2004 Christophe Devine This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either versi...
RTTucson Quotations Database Script (Auth Bypass) SQL Injection Vulnerability
No description provided by source. RTTucson Quotations Database Script Auth Bypass SQL Injection Vulnerability By cr4wl3r http://bastardlabs.info Script: http://www.rttucson.com/files.html Bugs found /quotations/admin/include/login.php --------------------------- 36 if $POST'submit' 37 38 $Userna...
qdPM 7.0 - Arbitrary PHP File Upload Vulnerability
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
phpMDJ 1.0.3 - SQL Injection Vulnerability
No description provided by source. ,--------------------------------------------------------------, Vulnerable Script : phpMDJ 1.0.3 \ Download : http://www.weboac.be/phpmdj/docs/phpmdj1.0.3.zip \ Vulnerability : Remote Sql Injection ...
Newsletter Tailor (Auth Bypass) SQL Injection Vulnerability
No description provided by source...
phpMySport 1.4 - Multiple Vulnerabilities (SQLi, Auth Bypass, Path Disclosure)
No description provided by source. Vulnerability ID: HTB22770 Reference: http://www.htbridge.ch/advisory/sqlinjectioninphpmysport.html Product: phpMySport Vendor: phpMySport http://phpmysport.sourceforge.net/ Vulnerable Version: 1.4 Vendor Notification: 21 December 2010 Vulnerability Type: SQL...
4x cms <= r26 (Auth Bypass) SQL Injection Vulnerability
No description provided by source. ======================================================= 4x cms = r26 Auth Bypass SQL Injection Vulnerability ======================================================= + 4xcms = r26 Auth Bypass SQL Injection Vulnerability + Discovered by: cr4wl3r + My id:...
Open&Compact FTP Server 1.2 (Gabriel's FTP Server) - Auth Bypass & Directory Traversal SAM Retrieval Exploit
No description provided by source. !/usr/bin/python Exploit Title: Open&Compact Ftp Server = 1.2 Auth bypass & directory traversal sam retrieval Date: Aug 7, 2013 By Wireghoul - http://www.justanotherhacker.com Based on Serge Gorbunov's auth bypass http://www.exploit-db.com/exploits/13932/ Softwa...
Uiga Fan Club <= 1.0 (Auth Bypass) SQL Injection Vulnerability
No description provided by source...
WebCalendar 1.2.4 Pre-Auth Remote Code Injection
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Clever Copy <= 3.0 Admin Auth Details / Remote SQL Injection Exploit
No description provided by source. ?php ---CleverCopyV3sqlxpl.php 5.00 11/01/2006 Clever Copy = 3.0 SQL injection / Admin authentication details disclosure coded by rgod site: http://retrogod.altervista.org - this works with magicquotesgpc = Off usage: launch from Apache, fill in requested fields...
Xataface Admin Auth Bypass Vulnerability
No description provided by source. ======================================================= Xataface Admin Auth Bypass Vulnerability ======================================================= + Discovered by : Xinapse + Site : firewire-security.com + Email : [email protected]...
Advance Biz Limited <= 1.0 (Auth Bypass) SQL injection Vulnerability
No description provided by source...