Joomla Component com_djcatalog - SQL/bSQL Injection Vulnerabilities

No description provided by source. ----------------------------------------------------------------------------------------- joomla comdjcatalog component SQL/bsql Injection Multiple Vulnerability ----------------------------------------------------------------------------------------- Author :...

MetaCart2 SearchAction.ASP Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/13393/info MetaCart2 is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. An attacker may exploi...

Technology for Solutions 1.0 'id' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37811/info Technology for Solutions is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

Clansys 1.1 (showid) - Remote SQL Injection Exploit

No description provided by source...

ACDSee PRO 5.1 PCT Image Processing Heap Overflow

No description provided by source. Application: ACDSee PRO PCT Image Processing Heap Overflow Platforms: Windows Secunia: SA48804 PRL: 2012-21 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2 Report Timeline 3...

Compaq Web-Based Management Agent Remote File Verification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8019/info Compaq Web-Based Management Agent has been reported vulnerable to a remote file verification vulnerability. This information leak could be exploited by an attacker to verify the existence of sensitive files on a...

wordpress postie plugin 1.4.3 - Stored XSS

No description provided by source. !/usr/bin/python ''' Author: loneferret of Offensive Security Product: Postie Version: 1.4.3 Software Download: http://wordpress.org/extend/plugins/postie/ Timeline: 29 May 2012: Vulnerability reported to CERT 30 May 2012: Response received from CERT with...

Pre News Manager 1.0 - Remote SQL Injection Vulnerability

No description provided by source. ============================================== Pre News Manager v1.0 Remote SQL Injection ============================================== Found: Cyber-Security.org ============================================== Script site: http://www.preproject.com/news.asp...

LiSK CMS 4.4 - SQL Injection Vulnerability

No description provided by source. Vulnerability ID: HTB22373 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityinliskcms1.html Product: LiSK CMS Vendor: Createch-group Vulnerable Version: 4.4 Vendor Notification: 06 May 2010 Vulnerability Type: SQL Injection Status: Not Fixed,...

WP Comment Remix 1.4.3 - Remote SQL Injection Exploit

No description provided by source. ?php / WP Comment Remix 1.4.3 SQL Injection Proof of Concept By g30rg3x g30rg3xatchxsecuritydotorg Advisory: http://chxsecurity.org/advisories/adv-3-full.txt PoC Mirror: http://chxsecurity.org/proof-of-concepts/wp-comment-remix-143.zip Attention: This is a...

Sysax <= 5.62 Admin Interface Local Buffer Overflow

No description provided by source. !/usr/bin/python Title: Sysax = 5.62 Admin Interface Local Buffer Overflow Author: Craig Freyman @cd1zz Tested on: XP SP3 32bit Date Discovered: June 15, 2012 Vendor Contacted: June 19, 2012 Details:...

FortiGate Firewall 2.x dlg Admin Interface XSS

No description provided by source. source: http://www.securityfocus.com/bid/9033/info Multiple cross-site scripting vulnerabilities have been reported in the FortiGate Firewall web administrative interface. These issues could be exploited by enticing an administrative user to follow a malicious...

MyAuth3 - Blind SQL Injection

No description provided by source. Exploit Title: MyAuth3 Blind SQL Injection / Root Shell Access 0day exploit Google Dork: allinurl:1881/?console=panel Date: 09/06/2011 Author: Marcio Almeida marcioatalligatorteamdot org | @marcioalm Version: 3.0 Tested on: Linux EDB-Note: apparently no true...

Netgear ProSafe - Denial of Service Vulnerability

No description provided by source. !/usr/bin/python Netgear ProSafe - CVE-2013-4776 PoC written by Juan J. Guelfo @ Encripto AS [email protected] Copyright 2013 Encripto AS. All rights reserved. This software is licensed under the FreeBSD license. http://www.encripto.no/tools/license.php import sy...

AWBS 2.9.2 (cart.php) Blind SQL Injection Vulnerability

No description provided by source. AWBS 2.9.2 Blind SQL Injection 0day ============================================================================================= Dork....: inurl:/cart?ca=addother&oid= Date....: 01-16-2011 Author..: ShivX Contact.: shivanxatgmaildotcom Vendor..:...

NETGEAR Wireless Cable Modem Gateway Auth Bypass and CSRF

No description provided by source. Sense of Security - Security Advisory - SOS-11-011 Release Date. 20-Sep-2011 Last Update. - Vendor Notification Date. 22-Mar-2011 Product. NETGEAR Wireless Cable Modem Gateway CG814WG Affected versions. Hardware 1.03, Software V3.9.26 R14 verified, possibly othe...

Softbiz Classifieds Script admin/index.php msg Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/32569/info Softbiz Classifieds Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary scri...

FortiGate Firewall 2.x listdel Admin Interface XSS

No description provided by source. source: http://www.securityfocus.com/bid/9033/info Multiple cross-site scripting vulnerabilities have been reported in the FortiGate Firewall web administrative interface. These issues could be exploited by enticing an administrative user to follow a malicious...

Linux Kernel 2.6.34+ - CAP_SYS_ADMIN x86 Local Privilege Escalation Exploit

No description provided by source. / Linux Kernel CAPSYSADMIN to root exploit by Dan Rosenberg @djrbliss on twitter Usage: gcc -w caps-to-root.c -o caps-to-root sudo setcap capsysadmin+ep caps-to-root ./caps-to-root This exploit is NOT stable: It only works on 32-bit x86 machines It only works on...

ManageEngine Security Manager Plus <= 5.5 build 5505 Remote SYSTEM SQLi (MSF)

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

Web Wiz Forum 6.34 Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7380/info Web Wiz Forum has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying Access database file that is used by the Forum application...

basebuilder <= 2.0.1 (main.inc.php) Remote File Inclusion Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ dunatstrcpy.pl basebuilder = 2.0.1 Remote File Inclusion Vulnerability Script site:...

Cezanne 7 - CFLookup.asp FUNID Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/28773/info Cezanne Software is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker ...

Festalon 0.5 HES Files Remote Heap Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19402/info A buffer-overflow vulnerability occurs in the Festalon application because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. This issue...

Sun Java Plug-In 1.4.2 _01 Cross-Site Applet Sandbox Security Model Violation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8857/info A vulnerability has been reported in Java implementations that may potentially allow Java applets from two different domains to violate the sandbox security model and share read/write access to data areas. This...

MNOGoSearch 3.1.20 Search.CGI UL Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/7865/info mnoGoSearch 'search.cgi' has been reported prone to a buffer overflow vulnerability. The issue is a result of a lack of sufficient bounds checking performed on user-supplied URI parameters that are passed to the...

PHPcounter <= 1.3.2 (index.php name) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/php -q ?php // PHPcounter = 1.3.2 Remote SQL Injection Exploit // Discovered By: StAkeR - StAkeRathotmaildotit // Discovered On: 28/09/2008 // Download: http://sourceforge.net/projects/phpcounter/ errorreporting0; $host = $argv1 or banner; $path = $arg...

Phoenix View CMS <= Pre Alpha2 (SQL/LFI/XSS) Multiple Vulnerabilities

No description provided by source. Phoenix View CMS = Pre Alpha2 Multiple Vulnerabilities LFISQLIXSS Found by : tw8 Date : 8.05.2008 Website && Forum : http://rstzone.org && http://rstzone.org/forum/ Bug type : LFI, SQLI & XSS Affected software description: Application : Phoenix View CMS Version ...

Wordpress Plugin Spreadsheet <= 0.6 - SQL Injection Vulnerability

No description provided by source. =========================================== There's standart sql-injection in Spreadsheet = 0.6 Plugin Author : 1ten0.0net1 Script : Wordpress Plugin Spreadsheet = 0.6 v. Download : http://timrohrer.com/blog/?pageid=71 BUG : Remote SQL-Injection Vulnerability Do...

Wordpress <= 2.0.6 wp-trackback.php Remote SQL Injection Exploit

No description provided by source. ?php printr' --------------------------------------------------------------------------- Wordpress = 2.0.6 wp-trackback.php ZendHashDelKeyOrIndex / / sql injection admin hash disclosure exploit needs registerglobals=on, 4 = PHP 4.4.3, 5.1.4 by rgod dork: is...

Prediction League 0.3.8 CSRF Create Admin User Exploit

No description provided by source...

Advanced Webhost Billing System 2.2.2 Contact.PHP Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/19226/info Advanced Webhost Billing System AWBS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage any of these issues to have...

QNX RTOS 6.2 Application Packager Non-Explicit Path Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6146/info A vulnerability has been discovered in an application packager shipped with QNX RTOS. It should be noted that the vulnerable packager is installed setuid root by default. It has been reported that the packager...

Openpresse 1.01 Local File Include Vulnerability

No description provided by source. ================================================ Openpresse 1.01 Local File Include Vulnerability ================================================ + Openpresse 1.01 Local File Include Vulnerability...

Linux Mandrake <= 10.2 cdrdao Local Root Exploit (unfixed)

No description provided by source. !/bin/sh cdrdao local root exploit newbug at chroot.org IRC: irc.chroot.org chroot May 2005 echo cdrdao private exploit echo This exploit only for Mandrake series echo newbug at chroot.org echo May 2005 echo checking if cdrdao is setuid ...; if ! -u...

CrossWind CyberScheduler 2.1 websyncd remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2628/info CrossWind CyberScheduler is a scheduling and calendaring package. It consists of two distinct parts for - a set of cgi scripts on a web server and a set of daemons or services on a database server. Both parts ar...

EasyPHPCalendar 6.1.5/6.2.x calendar.php serverPath Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/14131/info EasyPHPCalendar is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these...

Crob FTP Server 2.50.4 - Remote Username Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7776/info A vulnerability has been reported for Crob FTP Server. The problem occurs due to invalid format specifiers used when displaying a user-supplied username. As a result, it may be possible for an attacker to embed...

Inout Music 1.0 - Shell Upload Vulnerabilty

No description provided by source. ============================================================== Inout Music version 1.0 Shell upload Vulnerabilty ============================================================== Name : Inout Music version 1.0 Shell upload Vulnerabilty Date : july 9,2010 Critical...

Blue Coat WinProxy Host Header Overflow

No description provided by source. $Id: bluecoatwinproxyhost.rb 9797 2010-07-12 23:25:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...

PHP-Nuke 6.x/7.x FAQ Module categories Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10524/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: PHP-Nuke is prone to multiple...

Softbiz Classifieds PLUS Multiple SQL Injection Vulnerabilities

No description provided by source. ----------------------------Information------------------------------------------------ +Name : Softbiz Classifieds PLUS SQL Injection gallery.php +Autor : Easy Laster +Date : 25.02.2010 +Script : Softbiz Classifieds PLUS +Price : 99$ +Language : PHP +Discovered...

Avira Internet Security avipbb.sys Filter Bypass and Privilege Escalation

No description provided by source. Exploit Title: Avira internet security avipbb.sys filter bypass and privilege escalation - 0Day Date: 2013-10-17 Exploit Author: Ahmad Moghimi http://mallocat.com http://mallocat.com/, https://twitter.com/mall0cat Vendor Homepage: http://www.avira.com/ Software...

Novell Groupwise Internet Agent LDAP BIND Request Overflow Vulnerability

No description provided by source. Application: Novell Groupwise Platforms: Windows Version: 8.0.2 HP3 and 2012 Secunia: SA50622 PRL: 2012-33 ZDI: ?? Novell TID: 5150711 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1...

OpenBSD 3.3/3.4 sysctl Local Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9073/info A denial of service vulnerability has been reported for OpenBSD, specifically when handling malformed calls to sysctl. By invoking systcl and passing a specific flag in conjunction with a negative argument may...

HyperBook Guestbook 1.3 GBConfiguration.DAT Hashed Password Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22754/info HyperBook Guestbook is prone to an information-disclosure vulnerability because the application fails to protect sensitive information. An attacker can exploit this issue to access sensitive information that ma...

dvbbs 8.2 - 'login.asp' Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/29429/info The 'dvbbs' program is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attack...

Helios Calendar 1.1/1.2 Admin/Index.PHP Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26312/info Helios Calendar is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in ...

Elkagroup Image Gallery 1.0 'view.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31966/info Elkagroup is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...

Fluid Dynamics Search Engine 2.0 Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5199/info Fluid Dynamics Search Engine is a search application for local and remote web sites, and is designed to work in most UNIX and Microsoft Windows environments. Fluid Dynamics Search Engine and is maintained by...