Wordpress Plugin Spreadsheet <= 0.6 - SQL Injection Vulnerability

No description provided by source. =========================================== There's standart sql-injection in Spreadsheet = 0.6 Plugin Author : 1ten0.0net1 Script : Wordpress Plugin Spreadsheet = 0.6 v. Download : http://timrohrer.com/blog/?pageid=71 BUG : Remote SQL-Injection Vulnerability Do...

Wordpress <= 2.0.6 wp-trackback.php Remote SQL Injection Exploit

No description provided by source. ?php printr' --------------------------------------------------------------------------- Wordpress = 2.0.6 wp-trackback.php ZendHashDelKeyOrIndex / / sql injection admin hash disclosure exploit needs registerglobals=on, 4 = PHP 4.4.3, 5.1.4 by rgod dork: is...

Prediction League 0.3.8 CSRF Create Admin User Exploit

No description provided by source...

Advanced Webhost Billing System 2.2.2 Contact.PHP Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/19226/info Advanced Webhost Billing System AWBS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage any of these issues to have...

QNX RTOS 6.2 Application Packager Non-Explicit Path Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6146/info A vulnerability has been discovered in an application packager shipped with QNX RTOS. It should be noted that the vulnerable packager is installed setuid root by default. It has been reported that the packager...

Openpresse 1.01 Local File Include Vulnerability

No description provided by source. ================================================ Openpresse 1.01 Local File Include Vulnerability ================================================ + Openpresse 1.01 Local File Include Vulnerability...

Linux Mandrake <= 10.2 cdrdao Local Root Exploit (unfixed)

No description provided by source. !/bin/sh cdrdao local root exploit newbug at chroot.org IRC: irc.chroot.org chroot May 2005 echo cdrdao private exploit echo This exploit only for Mandrake series echo newbug at chroot.org echo May 2005 echo checking if cdrdao is setuid ...; if ! -u...

CrossWind CyberScheduler 2.1 websyncd remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2628/info CrossWind CyberScheduler is a scheduling and calendaring package. It consists of two distinct parts for - a set of cgi scripts on a web server and a set of daemons or services on a database server. Both parts ar...

EasyPHPCalendar 6.1.5/6.2.x calendar.php serverPath Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/14131/info EasyPHPCalendar is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these...

Crob FTP Server 2.50.4 - Remote Username Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7776/info A vulnerability has been reported for Crob FTP Server. The problem occurs due to invalid format specifiers used when displaying a user-supplied username. As a result, it may be possible for an attacker to embed...

Inout Music 1.0 - Shell Upload Vulnerabilty

No description provided by source. ============================================================== Inout Music version 1.0 Shell upload Vulnerabilty ============================================================== Name : Inout Music version 1.0 Shell upload Vulnerabilty Date : july 9,2010 Critical...

Blue Coat WinProxy Host Header Overflow

No description provided by source. $Id: bluecoatwinproxyhost.rb 9797 2010-07-12 23:25:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...

PHP-Nuke 6.x/7.x FAQ Module categories Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10524/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: PHP-Nuke is prone to multiple...

Avira Internet Security avipbb.sys Filter Bypass and Privilege Escalation

No description provided by source. Exploit Title: Avira internet security avipbb.sys filter bypass and privilege escalation - 0Day Date: 2013-10-17 Exploit Author: Ahmad Moghimi http://mallocat.com http://mallocat.com/, https://twitter.com/mall0cat Vendor Homepage: http://www.avira.com/ Software...

Novell Groupwise Internet Agent LDAP BIND Request Overflow Vulnerability

No description provided by source. Application: Novell Groupwise Platforms: Windows Version: 8.0.2 HP3 and 2012 Secunia: SA50622 PRL: 2012-33 ZDI: ?? Novell TID: 5150711 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1...

OpenBSD 3.3/3.4 sysctl Local Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9073/info A denial of service vulnerability has been reported for OpenBSD, specifically when handling malformed calls to sysctl. By invoking systcl and passing a specific flag in conjunction with a negative argument may...

HyperBook Guestbook 1.3 GBConfiguration.DAT Hashed Password Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22754/info HyperBook Guestbook is prone to an information-disclosure vulnerability because the application fails to protect sensitive information. An attacker can exploit this issue to access sensitive information that ma...

Helios Calendar 1.1/1.2 Admin/Index.PHP Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26312/info Helios Calendar is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in ...

Elkagroup Image Gallery 1.0 'view.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31966/info Elkagroup is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...

Fluid Dynamics Search Engine 2.0 Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5199/info Fluid Dynamics Search Engine is a search application for local and remote web sites, and is designed to work in most UNIX and Microsoft Windows environments. Fluid Dynamics Search Engine and is maintained by...

PeerCast <= 0.1216 URL Handling Buffer Overflow (win32)

No description provided by source. $Id: peercasturl.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

H264WebCam Boundary Condition Error

No description provided by source. / DISCLAIMER THIS PROGRAM IS NOT INTENDED TO BE USED ON OTHER COMPUTERS AND IT IS DESTINED FOR PERSONAL RESEARCH ONLY!!!! Also the free software programs provided by fl0 fl0w may be freely distributed and that the disclaimer below is always attached to it. The...

SPlayer 3.7 Content-Type Buffer Overflow

No description provided by source. $Id: splayercontenttype.rb 12581 2011-05-11 00:18:11Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...

sash <= 3.7 - Local Buffer Overflow Exploit

No description provided by source. / sash-3.7 buffer overflow in c argyment written by lammat for practice purposes http://grpower.ath.cx [email protected] gdb r -c perl -e 'print Ax10256' The program being debugged has been started already. Start it from the beginning? y or n y Starting program:...

Typo3 3.7/3.8/4.0 Class.TX_RTEHTMLArea_PI1.PHP Multiple Remote Command Execution Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/21680/info TYPO3 is prone to multiple vulnerabilities that allow attackers to execute arbitrary commands. This issue occurs because the application fails to properly sanitize user-supplied data. Exploiting these issues...

Novell Netware Enterprise Web Server 5.1/6.0 env.bas Information Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/9479/info Multiple vulnerabilities have been identified in Novell Netware Enterprise Web Server that may allow an attacker to carry out cross-site scripting attacks, disclose sensitive information, and load potentially...

Blue River Mura CMS Directory Traversal

No description provided by source. Sep 24, 2010 Title: Blue River Mura CMS Directory Traversal Version: 1.0 Issue type: Directory Traversal Affected vendor: Blue River Interactive Group Release date: 24/09/2010 Discovered by: Steven Seeley & Rohan Stelling Summary Mura CMS is an open source conte...

Indexu 5.0/5.3 new.php multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the...

M3U/M3L to ASX/WPL 1.1 (ASX,M3U,M3L) Local BOF PoC

No description provided by source. !/usr/bin/perl M3U/M3L to ASX/WPL v1.1 asx,m3u,m3l Local Stack Overflow POC Download: http://proletsoft.freeservers.com/mmb/m3utoasx.html Welcom Back Milw0rm my $crash=\x41 x 5000 ; openmyfile,'PoC.m3u';asx,m3u,m3l print myfile $crash; By ThE g0bL!N Ismail Fiha...

Web Content Management validsession.php strRootpath Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14464/info Web content management is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of...

DeluxeBB 1.0 pm.php uid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14851/info DeluxeBB is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being sent to SQL queries. Successful exploitation could result in a...

Simpnews 2.x Wap_short_news.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18410/info Simpnews is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary...

Gravity Board X 1.1 DeleteThread.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14499/info Gravity Board X GBX is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

Joomla 1.5 com_virtuemart <= 1.1.7 - Blind time-based SQL Injection (MSF)

No description provided by source. Exploit Title: Joomla 1.5 comvirtuemart = 1.1.7 blind time-based sql injection MSF module Date: Thu Jul 28, 2011 Author: TecR0c - tecr0c.mythsec @ gmail.com Version: = 1.1.7 Download: http://dev.virtuemart.net/projects/virtuemart/files Greetz: mythsec team, Jame...

Claroline e-Learning <= 1.6 - Remote Hash SQL Injection Exploit

No description provided by source. ?php T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m Vulnerable: Claroline E-Learning Application Exploit By : MHp0rtal Discovered By: Sieg Fried Gr33tz To == Alphaprogrammer , Oilkarchack , DrCephaleX , Str0ke And Iranian Hacking & Security Teams :...

PHProjekt <= 5.1 - Multiple Remote File Include Vulnerabilities

No description provided by source. / + + - - - DEVIL TEAM THE BEST POLISH TEAM - - + + + - Script name: PHProjekt v. 5.1 - Script site: http://www.phprojekt.com/ + + + - Find by: Kacper a.k.a Rahim + - Contact: [email protected] - or - http://www.devilteam.yum.pl + + + - Greetz: DragonHeart - a...

best software saleslogix 2000.0 - Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11450/info Best Software SalesLogix is affected by multiple vulnerabilities. These issues are due to design errors that reveal sensitive information, access control validation issues that allow unauthorized access and inp...

Asp - comersus7F Shopping Cart Software Backup Dump Vulnerability

No description provided by source. ======================================================================================== | Title : Asp - comersus7F Shopping Cart Software Backup Dump Vulnerability | Author : indoushka | Home : www.iqs3cur1ty.com | Bug : Database Disclosure ====================...

White Label CMS 1.5 - CSRF & Persistent XSS

No description provided by source. Exploit Title: White Label CMS v 1.5 CSRF w/ persistent XSS Date: 21/10/2012 Exploit Author: pcsjj Vendor Homepage: http://www.videousermanuals.com/white-label-cms/ Version: 1.5 Software Link: http://plugins.svn.wordpress.org/white-label-cms/branches/ Downloads:...

Ultra Mini HTTPD 1.21 - POST Request Stack Buffer Overflow

No description provided by source. Exploit Title: Ultra Mini HTTPD stack buffer overflow POST request Date: 16 Feb 2014 Exploit Author: Sumit Vendor Homepage: http://www.picolix.jp/ Software Link: http://www.vector.co.jp/soft/winnt/net/se275154.html Version: 1.21 Tested on: Windows XP Professiona...

Campsite CMS remote Persistent XSS vulnerability

No description provided by source. Exploit Title: Campsite CMS remote Persistent XSS vulnerability Date: 15th july 2010 Author: D4rk357 Critical:Low Contact:bd4rk357atyahoodotin Software Link:bhttp://www.sourcefabric.org/en/home/web/78/Demo--Documentation.htm?tpl=18 Greetz to:bb0nd,...

Joomla Component PAX Gallery 0.1 - Blind SQL Injection Vulnerability

No description provided by source. ■ Joomla Component PAX Gallery v 0.1 gid = Blind SQL Injection Vulnerability --------------------------------------- AuToR: XaDoS SecurityCode Team Contact M&: xados at hotmail dot it B§g: Blind $ql inJection Note: safe mode = ON Autor script: Tobias Floery...

CuteZip 2.1 - Buffer Overflow Exploit

No description provided by source...

Campsite CMS 3.4.0 - Multiple CSRF Vulnerabilities

No description provided by source. !--- Title: Campsite CMS 3.4.0 Multiple CSRF Vulnerabilities Author: 10n1z3d 10n1z3datwdotcn Date: Mon 12 Jul 2010 03:40:46 PM EEST Vendor: http://www.sourcefabric.org/en/home/web/6/Campsite.htm?tpl=18 Download:...

lighttpd 1.4.31 Denial of Service PoC

No description provided by source. !/bin/bash Exploit Title: simple lighttpd 1.4.31 DOS POC Date: 11/21/2012 Exploit Author: [email protected] Vendor Homepage: http://www.lighttpd.net Software Link: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.tar.gz Version: 1.4.31 Tested on:...

Linux Kernel Samba 2.2.8 Share Local Privilege Elevation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9619/info A local privilege escalation vulnerability has been reported to affect the 2.6 Linux kernel. The issue appears to exist due to a lack of sufficient sanity checks performed when executing a file that is hosted on...

XOOPS <= 2.3.3 - Remote File Disclosure Vulnerability (.htaccess)

No description provided by source. ======================================================================== XOOPS = 2.3.3 Remote Arbitrary File Retrieval ======================================================================== Affected Software : XOOPS = 2.3.3 Author : Luca daath De Fulgentis -...

WebKit 'parent/top' Cross Domain Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35441/info WebKit is prone to a cross-domain scripting vulnerability. A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or launch spoofing attac...

Microsoft Internet Explorer 5.0.1 - Cached Content Cross Domain Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35200/info Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to access...

XOOPS 2.3.3 \\\'op\\\' Parameter Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/35895/info XOOPS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browse...