56796 matches found
Snitz Forums 2000 3.4 .03 Search.ASP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7922/info Snitz Forums is prone to cross-site scripting attacks. This is due to insufficient sanitization of data passed to the search facility via URI parameters. Exploitation may allow theft of cookie-based authenticati...
Wordpress Spider Catalog Plugin 1.4.6 - Multiple Vulnerabilities
No description provided by source. waraxe-2013-SA105 - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin =================================================================================== Author: Janek Vind waraxe Date: 22. May 2013 Location: Estonia, Tartu Web:...
Campsite 2.6.1 Section.php g_documentRoot Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. Exploiting this issue allows remote attackers to execute code in the context of the webserver. This issue affects Campsite 2.6.1. Earlier...
Sudo 1.6.x Environment Variable Handling Security Bypass Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables. A local attacker with the...
Avahi < 0.6.24 (mDNS Daemon) Remote Denial of Service Exploit
No description provided by source. / cve-2008-5081.c Avahi mDNS Daemon Remote DoS 0.6.24 Jon Oberheide [email protected] http://jon.oberheide.org Usage: gcc cve-2008-5081.c -ldnet -o cve-2008-5081 ./cve-2008-5081 1.2.3.4 Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5081...
Huawei EchoLife HG520 3.10.18.5-1.0.5.0 - Remote Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/39646/info The Huawei EchoLife HG520 is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The following Huawei EchoLife...
GNU Indent 2.2.9 - Local Heap Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9297/info It has been reported that GNU Indent may be prone to a local heap overflow vulnerability that can be exploited through a malicious C source input file. It has been reported that indent copies data from the file ...
phpMDJ <= 1.0.3 (id_animateur) Blind SQL Injection Exploit
No description provided by source. --+++=========================================================+++-- --+++====== phpMDJ = 1.0.3 Blind SQL Injection Exploit ======+++-- --+++=========================================================+++-- ?php function query $usr, $chr, $pos $query = x' OR...
Wordpress Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability
No description provided by source. Exploit Title: Wordpress Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Google Dork: inurl:wp-content/plugins/custom-content-type-manager/ Date: 11/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://www.fireproofsocks.com/ Software Lin...
PunBB Reputation.php Mod <= 2.0.4 - Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl 0-Day PunBB Reputation.php Mod = v2.0.4 Remote Blind SQL Injection Exploit Coded By Dante90, WaRWolFz Crew Bug Discovered By: Dante90, WaRWolFz Crew use strict; use LWP::UserAgent; use HTTP::Cookies; use HTTP::Request::Common; use Time::HiRes; use...
PHP-Nuke <= 8.1.0.3.5b (Downloads) Remote Blind SQL Injection
No description provided by source. !/usr/bin/perl 0-Day PHP-Nuke = 8.1.0.3.5b Downloads Remote Blind SQL Injection Date: 2010.07.04 after 50 days the bug was discovered. Author/s: Dante90, WaRWolFz Crew Crew Members: 4lasthor, Andryxxx, Cod3, Gho5t, HeRtZ, N.o.3.X, RingZero, s3rg3770, Shades...
Concrete5 5.6.2.1 (index.php, cID param) - SQL Injection
No description provided by source. Exploit Title: Concrete5 sql injection Date: 18/02/2014 Exploit Author: [email protected] Vendor Homepage: https://www.concrete5.org/ Software Link: http://www.concrete5.org/downloadfile/-/view/58379/8497/ Version: 5.6.2.1 stable Tested on: Virtualbox debian UR...
HP Data Protector - Remote Root Shell (Linux Version)
No description provided by source. !/bin/bash Exploit Title: HP Data Protector Remote Root Shell for Linux Date: 2011-08-10 Author: SZ Software Link:http://www8.hp.com/us/en/software/software- product.html?compURI=tcm:245-936920&pageTitle=data-protector Version: 0.9 Tested on: HP-UX, Linux CVE:...
PhpGedView 4.1 Login.PHP Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25458/info PhpGedView is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks...
Multiple Vendor ICMP Implementation Malformed Path MTU DoS
No description provided by source. source: http://www.securityfocus.com/bid/13124/info Multiple vendor implementations of TCP/IP Internet Control Message Protocol ICMP are reported prone to several denial-of-service attacks. ICMP is employed by network nodes to determine certain automatic actions...
pc_cookbook Mambo Component <= 0.3 Include Vulnerability
No description provided by source. --------------------------------------------------------------------------------- pccookbook Joomla Component = v0.3 Remote File Include Vulnerabilities --------------------------------------------------------------------------------- Author : Matdhule Contact :...
HP OpenView Network Node Manager ovwebsnmpsrv.exe main Buffer Overflow
No description provided by source. $Id: hpnnmovwebsnmpsrvmain.rb 12097 2011-03-23 15:45:48Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
IDEAL Administration 2011 11.4 - Local SEH Buffer Overflow Exploit
No description provided by source. !/usr/bin/env python IDEAL Administration 2011 v11.4 Local SEH Buffer Overflow Exploit Found By: DrIDE Usage: Migrate - Open Migration Project - Bind Shell Download: www.pointdev.com Tested On: Windows XPSP3 Notes: Another version, another exploit... come on guy...
PHPAdsNew 2.0.4 AdFrame.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12803/info phpAdsNew is reportedly affected by a remote cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue t...
otalCalendar 0 about.php inc_dir Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/17618/info TotalCalendar is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to...
Magneto ICMP ActiveX 4.0.0.20 - ICMPSendEchoRequest Remote Code Execute
No description provided by source. Magneto ICMP ActiveX v4.0.0.20 ICMPSendEchoRequest Remote Code Execute Date: 2011-5-27 Discovered by: boahat vendor: http://www.magnetosoft.com/ Download: http://www.magnetosoft.com/downloads/skicmpsetup.exe SKIcmp.ocx Function ICMPSendEchoRequest ByVal...
Integramod Portal <= 2.x (functions_portal.php) Remote Include Exploit
No description provided by source. !/usr/bin/perl Method found and exploit scripted by nukedx Contacts ICQ: 10072 Web: http://www.nukedx.com MAIL/MSN: [email protected] Original advisory can be found at: http://www.nukedx.com/?viewdoc=47 Integramod Portal = 2.x Remote Command Execution Exploit Th...
Golden FTP Server <= 1.92 (APPE) Remote Overflow Exploit (meta)
No description provided by source. Written by Tim Shelton [email protected] GoldenFTPd package Msf::Exploit::goldenftpdappe; use base Msf::Exploit; use strict; use Pex::Text; my $advanced = ; my $info = 'Name' = 'GoldenFTPd APPE = 1.92 Stack Overflow', 'Version' = '$Revision: 1.0 $', 'Authors' ...
blur6ex <= 0.3.462 (ID) Admin Disclosure / Blind SQL Injection Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo blur6ex = 0.3.462 'ID' blind SQL injection / admin credentials disclosure\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo dork: \powered by blur6ex\r\n\r\n; / works...
Joomla! and Mambo Joomlearn LMS Component - 'cat' Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28586/info The Joomlearn LMS component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue...
pointcomma <= 3.8b2 - Remote File Inclusion Vulnerability
No description provided by source. Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg PointComma = 3.8b2 Remote File Include Vulnerability Download Script : http://nchc.dl.sourceforge.net/project/pointcomma/pointcomma/ Dork : dieHacking attempt; :D Vuln :...
Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) (2)
No description provided by source. sploit creater by [email protected] ms06-005 advisory proof of concept heap overflow in wmf.dll @ 0x0035920a denial of service, cuz we can't get this to play nice shamelessly stolen from CANVAS code def intelorderi: str= a=chri % 256 i=i 8 b=chri % 256 i...
IBM Tivoli Endpoint 4.1.1 - Remote SYSTEM Exploit
No description provided by source. !/usr/bin/python tiv-sys.py IBM Tivoli Endpoint 4.1.1 Remote SYSTEM Exploit Jeremy Brown 0xjbrown41-gmail-com June 2011 Discovered by: Brian Adeloye of Tenable Network Security This exploit makes use of two vulnerabilities: 1 Base64 authentication credentials...
logahead UNU edition 1.0 - Remote Upload File / Code Execution Vuln
No description provided by source. -=--------------------ADVISORY-------------------=- logahead UNU edition 1.0 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: logahead UNU edition -=+ Version: 1.0 -=+ Vendor's URL: http://typo.i24.cc/logahea...
Bandwebsite <= 1.5 (Login) Remote Add Admin Exploit
No description provided by source...
betaparticle blog 2.0/3.0 upload.asp Unauthenticated File Upload
No description provided by source. source: http://www.securityfocus.com/bid/12861/info betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported: It is reported that betaparticle blog fails to sufficiently secure the authentication credential...
Lucent Access Point 300/600/1500 IP Services Router Long HTTP Request DoS
No description provided by source. source: http://www.securityfocus.com/bid/5333/info The Lucent Access Point series of routers support a web based administrative interface. An error has been reported in the embedded HTTP server. It has been reported that sending a HTTP request consisting of...
alstrasoft E-Friends <= 4.98 (seid) Multiple SQL Injection Vulnerabilities
No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV85$2007 ----------------------------------------------------------------------------------------- ECHOADV85$2007 alstrasoft E-Friends = 4.98 seid Multiple Remote SQL...
AlstraSoft E-Friends <= 4.85 Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl AlstraSoft Efriends 4.85 Remote Command Execution Exploit Site : http://www.alstrasoft.com/efriends.htm Coded by Kw3RLn from Romanian Security Team a.K.A http://RST-CREW.NET Contact: [email protected] or [email protected] PS: fuck CarcaBot...
alstrasoft e-friends 4.96 Multiple Vulnerabilities
No description provided by source. AlstraSoft E-Friends 4.96 Multiple Remote Vulnerabilities Name AlstraSoft E-Friends Vendor http://www.alstrasoft.com Versions Affected 4.96 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Dat...
Junsoft JSparm 4.0 Logging Output File Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2515/info JSparm is the Junsoft Performance Analysis Report Maker package. This software package provides an enhanced perfmon performance monitoring package and interface, as well as a performance report generation...
Interbase 6.0 GDS_Drop Interbase Environment Variable Buffer Overflow (2)
No description provided by source. source: http://www.securityfocus.com/bid/5044/info Interbase is a database distributed and maintained by Borland. It is available for Unix and Linux operating systems. A buffer overflow has been discovered in the gdsdrop program packaged with Interbase. This...
gnu wget 1.x Multiple Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/11871/info Multiple remote vulnerabilities reportedly affect GNU wget. These issues are due to the application's failure to properly sanitize user-supplied input and to properly validate the presence of files before writi...
JAWS Glossary 0.4/0.5 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13796/info JAWS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'Glossary' module. This may facilitate the theft of...
Microsoft Windows XP/2000 PostThreadMessage() Arbitrary Process Killing Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8747/info A vulnerability has been discovered in the Microsoft Windows operating system. The flaw lies in the way that processes handle messages sent from another process via the PostThreadMessage API call. Reports indica...
Red Hat Directory Server 7.1 - Multiple Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/23709/info Red Hat Directory Server is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal...
Clip Bucket <= 1.7.1 Insecure Cookie Handling Vulnerability
No description provided by source. || || | || o,7 || . o7 || q||| o\, : / / . /QQQQQQQQQQQQQQQQQQQ\ /QQQ/\QQQ\ /QQQQQ/ \QQQQQQ\ /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ |QQQQ/ By Qabandi \QQQQ| |QQQQ| |QQQQ| |QQQQ| From Kuwait, PEACE... |QQQQ| |QQQQ| |QQQQ| |QQQQ\ iqaahotmail.fr /QQQQ| \QQQQ\ /QQQQ/ \QQQQ...
Scripts Genie Hot Scripts Clone (showcategory.php, cid param) - SQL Injection Vulnerability
No description provided by source. -+=--+=--+=--+=--+=--+=--+=--+=--+=--+=- + Security Flaw + -+=--+=--+=--+=--+=--+=--+=--+=--+=--+=- + + + /\ \ | | + +/ |/ / | | | |/ / / \ | + +\ \ / | || / /\ / / | + +|/||,\ / || + -+=--+=--+=--+=--+=--+=--+=--+=--+=--+-+ +Scripts Genie Hot Scripts...
SiteX <= 0.7.4.418 (THEME_FOLDER) Local File Inclusion Vulnerabilities
No description provided by source. =-=-local file include-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-= script:SiteX074build418.zip ------------------------------------------------- Author: ahmadbady my site :Coming Soon =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= download...
webSPELL <= 4.01.02 Multiple Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV3 print \n \'/ ; print \n -.- ; print \n -------------------oOO------OOo--------------------; print \n | webSPELL = v4.01.02 Multiple Remote SQL Injection |; print \n | coded by DNX |; print \n...
UseModWiki 1.0 Wiki.PL Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11924/info It is reported that UseModWiki is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input before outputting it in Web...
ULoki Community Forum 2.1 - (usercp.php) XSS Vulnerability
No description provided by source. Exploit Title: ULoki Community Forum v2.1 usercp.php Cross Site Scripting Date: 10/02/2010 Author: Sioma Labs Software Link: http://www.uloki.com/download/ulokiforum06may2009.zip Version: v2.1 Tested on: Windows SP 2 / WAMP CVE : Code : / | | | | | \ | |/ | ' ...
RealPlayer 15.0.6.14 .3gp Crash PoC
No description provided by source. !/usr/bin/perl Title : RealPlayer 3GP file handling memory corruption Version : 15.0.6.14 Date : 2012-10-18 Vendor : http://www.real.com/ Impact : High Contact : coolkaveh at rocketmail.com Twitter : @coolkaveh tested : XP SP3 ENG Author : coolkaveh Bug : ----...
tbdev 01-01-2008 Multiple Vulnerabilities
No description provided by source. TBDev - Cross Site Scripting and HTML Injection Vulnerabilities Version Affected: 01-01-2008 16th January 2008 newest Info: TBDEV.NET is a project to further enhance, update and develop a software php peer-to-peer from the original torrentbits/bytemonsoon source...
Midicart PHP Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5851/info A problem with the default installation of Midicart PHP may make it possible for remote users to gain access to sensitive information. The default installation of Midicart PHP does not place sufficient access...