56796 matches found
WM Downloader 3.0.0.9 (.asx) Local Buffer Overflow
No description provided by source. !/usr/bin/python Title: WM Downloader 3.0.0.9 .asx Local Buffer Overflow Date: 03-29-2010 Author: b0telh0 Tested on: Windows XP SP3 windows/exec - 227 bytes EXITFUNC=process, CMD=calc.exe shellcode = \x29\xc9\xb1\x33\xda\xd3\xbd\x07\x4a\x9e\x37\xd9\x74\x24\xf4...
Adobe Illustrator CS4 DLL Hijacking Exploit (aires.dll)
No description provided by source. / Exploit Title: Adobe Illustrator CS4 DLL Hijacking Exploit aires.dll Date: August 25, 2010 Author: Glafkos Charalambous glafkos@astalavistadotcom Version: CS4 v14.0.0 Tested on: Windows 7 x64 Ultimate Vulnerable extensions: .ait .eps Greetz: Astalavista, OffSE...
TagScanner 5.1 - Stack Buffer Overflow Vulnerability
No description provided by source. Title: ====== TagScanner v5.1 - Stack Buffer Overflow Vulnerability Date: ===== 2013-01-22 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=831 VL-ID: ===== 831 Introduction: ============= TagScanner is a multifunction program for...
IBM AIX <= 3.2.5 IFS Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/454/info Under older versions of AIX By changing the IFS enviroment variable to / setuid root programs that use system or popen can be fooled into running user provided programs. !/bin/csh IFS hole in AIX3.2 rmail gives...
Joomla Component QuickTime VR 0.1 - Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w Joomla Component QuickTime VR v 0.1 Remote SQL Injection Found by : Houssamix From H-T Team H-T Team HouSSaMix + ToXiC350 Greetz : Mr.Al3FrItE & Islamic Security Team & Mounita20 & CoNaN and all musulmans hackers ComponentName: QuickTime VR...
WM Downloader 3.1.2.2 2010.04.15 (.m3u) Buffer Overflow + DEP Bypass
No description provided by source. !/usr/bin/env python WM Downloader 3.1.2.2 2010.04.15 .m3u Buffer Overflow + DEP Bypass Author: sickness Download : http://mini-stream.net/wm-downloader/ Tested : Windows XP Professional SP3 EN latest updates with IE8 and IE7 DATE : 29/01/2011 You might need to...
Ezboard 'invitefriends.php3' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8519/info The 'invitefriends.php3' script of Ezboard has been reported prone to cross-site scripting attacks. The issue occurs due to a lack of sufficient sanitization performed on user-supplied URI parameters. This issue...
Software DEP Classified Script 2.5 - SQL Injection Vulnerability
No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Software DEP Classified Script 2.5 SQL Injection Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Author: h0rd Contact: h0rdatnull.net homepage: http://h0rd.net download:...
FoxPlayer 2.6.0 - Denial of Service
No description provided by source. Denial of Service in FoxPlayer version 2.6.0 =================================================================================== Exploit Title:Denial of Service in FoxPlayer version 2.6.0 Download link :http://www.foxmediatools.com/installers/fox-player-setup.ex...
Mercur Messaging 2005 <= SP4 - IMAP Remote Exploit (egghunter mod)
No description provided by source. !/usr/bin/python Mercur Messaging 2005 SP3 IMAP service - Egghunter mod [email protected] http://www.offensive-security.com Original exploit by Winny Thomas Thanks Thomas, this code really came in handy ! VMWare seems to alter the stack a bit as the...
Brooky CubeCart 2.0.1 - SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11337/info It is reported that CubeCart is susceptible to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI data prior to including it in an SQL query...
dislocate 1.3 - Local i386 Exploit
No description provided by source. / MasterSecuritY www.mastersecurity.fr dislocate.c - Local i386 exploit in v1.3 Secure Locate v2.3 Copyright C 2000 Michel MaXX Kaempf [email protected] Updated versions of this exploit and the corresponding advisory will be made available at:...
MTP Image Gallery 1.0 (edit_photos.php, title param) - XSS Vulnerability
No description provided by source. ?!-- MTP Image Gallery 1.0 title Remote Script Insertion Vulnerability Vendor: MTP Scripts Product web page: http://www.morephp.net Affected version: 1.0 Summary: MTP Image Gallery offers more control, better uploading and enhanced performance. With MTP Image...
myPHPNuke 1.8.8 Links.php Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6892/info Reportedly, myPHPNuke 'links.php' does not adequately filter HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code...
Novell Netware - NWFTPD RMD/RNFR/DELE Argument Parsing Buffer Overflow
No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Day 7 - Binary Analysis | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-7-novell-netware-nwftpd-rmdrnfrdele-argument-parsing-buffer-overflow/ ''' ''' Title...
tincan ltd (section) SQL Injection Vulnerability
No description provided by source. +/=============================================+ + Title : tincan ltd section SQL Injection Vulnerability + site s.p : www.tincan.co.ukhttp://www.tincan.co.uk + Author : altbta + Email : [email protected] + home : v4-team.comhttp://v4-team.com & tryag.cc...
DevelopItEasy News And Article System 1.4 - SQL Injection Vulns
No description provided by source. || || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ \ | | \ \ /\ /\ \ \ \ /...
SunOS <= 4.1.1 /usr/release/bin/winstall Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22/info This applies to sites that have installed Sun Source tapes only. The Sun distribution of sources sunsrc has an installation procedure which creates the directory /usr/release/bin and installs two setuid root files...
Social Site Generator 2.0 - Multiple Remote File Disclosure Vulnerabilities
No description provided by source. Application Name : Social Site Generator Download : http://rapidshare.com/files/118424866/Social.Site.Generator.v2.iAG.Nulled.rar Vulnerable Type : Remote File disclouse Dork : search it :p Vulnerable file : filedload.php author : Stack & Jadi Team : v4 Team...
Active Web Helpdesk 2 - (Auth Bypass) SQL Injection Vulnerability
No description provided by source. ! ! ! OOOO O OOOOOOOOO ! ! O O O O O ! ! O O O ! ! O OOOO OOOO OOOOOO OOOO OOO OO O OOOO OO OO OOOO ! ! O OOO OOO O O O O OO O O O O OO O O O ! ! O OO OO O O OOOOOO O O O O O O OOOOOO ! ! O O OOOO O O O O O O O O O O O...
BP Blog 6.0/7.0/8.0/9.0 - Remote Database Disclosure Vulnerability
No description provided by source. BP Blog V6.0 & V7.0 & V8.0 & V9.0 Database Disclosure Vulnerability I BP Blog V6.0 & V7.0 & V8.0 & V9.0 I Script Website : http://blog.betaparticle.com/ I Found by : Dxil I Contact : [email protected] D powered by BP Blog 7.0 or powered by BP Blog 8.0 E...
CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1645/info CGI Script Center's Auction Weaver does not verify the validity of the value in the variable 'fromfile'. Therefore it is possible to perform arbitrary commands on a remote system under the UID of the http daemon...
AIOCP 1.3.x cp_dpage.php choosed_language Parameter XSS
No description provided by source...
Zeeways SHAADICLONE 2.0 'admin/home.php' Authentication Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/32222/info Zeeways SHAADICLONE is prone to an authentication-bypass vulnerability. Attackers can exploit this issue to gain administrative access to the affected application. SHAADICLONE 2.0 is vulnerable; other versions...
Cisco Wireless Lan Solution Engine ArchiveApplyDisplay.JSP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17604/info CiscoWorks Wireless LAN Solution Engine WLSE is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...
BitchX <= 1.0c20 Local Buffer Overflow Exploit
No description provided by source. / Tested on BitchX-1.0c19 /str0ke / / P.o.C Exploit Code for BitchX made for Version BitchX-1.0c20cvs -- Date 20020325 C 2004. GroundZero Security Research and Software Development http://www.groundzero-security.com released under the GNU GPL -...
Xerver 4.32 - Source Disclosure and HTTP Authentication Bypass
No description provided by source. Exploit Title: Xerver Source Disclosure and HTTP Auth Bypass Date: 01 Aug 2010 Author: Ben Schmidt aka supernothing Software: http://www.javascript.nu/xerver/ Version: 4.32 and prior Tested on: Windows XP SP3 CVE: N/A This file is derived from part of the...
phpBBViet <= 02.03.2007 (phpbb_root_path) Remote File Inclusion
No description provided by source. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- phpBBViet 0.22 phpbbrootpath Remote File Include =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Found: xoron...
Zoom Player Pro 3.30 (.m3u) - File Buffer Overflow Exploit (seh)
No description provided by source. ?php / Zoom Player Pro v.3.30 .m3u file buffer overflow exploit seh by Nine:Situations:Group::surfista seems the same of http://secunia.com/advisories/28214/ bug found by Luigi Auriemma no full working exploit out, so I made my test version / / //original...
Quick Classifieds 1.0 - controlpannel/mailadmin.php3 DOCUMENT_ROOT Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the applicati...
Webbler CMS 3.1.3 Index.PHP Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/25040/info The 'webbler' is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...
SudBox Boutique 1.2 login.PHP Authentication Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7651/info A vulnerability has been reported for SudBox Boutique. The problem occurs due to insufficient initialization of variables and may allow an unauthorized user to gain authenticate. Specifically, by making a...
Linksys E-series - Unauthenticated Remote Code Execution Exploit
No description provided by source. !/usr/bin/php ?php / Exploit for 0day linksys unauthenticated remote code execution vulnerability. As exploited by TheMoon worm; Discovered in the wild on Feb 13, 2013 by Johannes Ullrich. I was hoping this would stay under-wraps until a firmware patch could be...
PgMarket <= 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerability
No description provided by source. C Y B E R - W A R R i O R T I M PgMarket 2.2.3 CFGlibdir Remote File Inclusion Vulnerabilities Author: xoron Class : Remote cont@ct: x0r0nathotmaildotcom Code: include $CFGlibdir . stdlib.inc.php; Exploit:...
Berlios GPSD Format String Vulnerability
No description provided by source. $Id: gpsdformatstring.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
phpBB News Defilante Horizontale <= 4.1.1 - Remote Include Exploit
No description provided by source...
PHP-Nuke Module print 6.0 (print&sid) SQL Injection Vulnerability
No description provided by source...
68 Classifieds 4.1 category.php cat Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/36208/info '68 Classifieds' is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in th...
Calendarix 0.7.20070307 Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/24633/info Calendarix is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...
FSFDT v3.000 d9 - (HELP) Remote Buffer Overflow Exploit
No description provided by source. $ nc -l -p 4321 Microsoft Windows 2000 Version 5.00.2195 C Copyright 1985-2000 Microsoft Corp. E:\draft\fsd1110\windows ------------------------------------------- !/usr/bin/perl FSFDT remote exploit by weakatfraglab.at spawns reverse shell to 10.0.0.100:4321...
PABox 2.0 Post Icon HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12796/info paBox is reportedly affected by a HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. The...
PHPNews 1.3 Link_Temp.PHP Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/21404/info PHPNews is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the...
sudo 1.8.0-1.8.3p1 (sudo_debug) - Root Exploit + glibc FORTIFY_SOURCE Bypass
No description provided by source. / death-star.c sudo v1.8.0-1.8.3p1 sudodebug format string root exploit + glibc FORTIFYSOURCE bypass by aeon - http://infosecabsurdity.wordpress.com/ This PoC exploits: - CVE-2012-0864 - FORTIFYSOURCE format string protection bypass via nargs integer overflow -...
HTMLArea3 Mambo Module <= 1.5 - Remote Include Vulnerability
No description provided by source. HTMLArea3 addon - ImageManager Author : Ahmad Maulana a.k.a Matdhule Date : July 12th 2006 Location : Indonesia, Jakarta Web : http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt Critical Lvl : Highly critical Impact : System access Where : From Remote...
Absolute Form Processor XE-V 1.5 - Remote Change Pasword Exploit
No description provided by source. title Absolute Form Processor XE-V 1.5 Remote Change Pasword /title body bgcolor=FFFFFF text=000000 form name=form1 method=post action=http://www.xigla.com/absolutefp/demo/edituser.asp table width=96% border=0 cellspacing=2 cellpadding=2 align=center tr...
LoudBlog <= 0.5 (id) SQL Injection / Admin Credentials Disclosure
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo LoudBlog = 0.5 'id' SQL injection / admin credentials disclosure\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo a dork: \Powered by LoudBlog\r\n\r\n; / works regardless of...
Nova CMS Directory Traversal
No description provided by source...
CMS Mini 0.2.2 - Multiple Vulnerabilities
No description provided by source. ------------------------------------------------------------------------------------------ Exploit Title: CMSMini - Multiple Vulnerability Author: SANTHO @s4n7h0 Vendor Homepage: http://sourceforge.net/projects/cmsmini/ Download link:...
BitchX IRC Client 75p1/75p3/1.0 c16 "/INVITE" Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1436/info BitchX IRC clients, versions 75 up to and including 1.0c16, are vulnerable to a Denial of Service and possible remote execution of code. By /invite-ing someone to a channel name containing formatting characters...
Mambo com_serverstat Component <= 0.4.4 File Include Vulnerability
No description provided by source. =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + +Mambo comserverstat Component =0.4.4 Remote File Include Vulnerability + =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + +Author: xoron turkish...