56796 matches found
Epiri Professional Web Browser 3.0 - Remote Crash Exploit
No description provided by source. ' Title: Epiri Professional Web Browser 3.0 Remote Crash Exploit ' Vendor: Horizon ' Product Web Page: http://www.horizonum.com/ ' Current Version: 3.0.0.00 ' Notiz: Microsoft Silverlight ' Vulnerable Mode: Browse Internet ' Tested On Microsoft Windows XP...
Web Terra 1.1 - books.cgi Remote Command Execution
No description provided by source...
Sygate Personal Firewall Pro 5.5 - Local Fail-Close Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10540/info A vulnerability is reported to affect the Sygate Personal Firewall fail-closed functionality. It is reported that the kernel-space NDIS driver does not verify the origin of messages that are received through th...
exbb <= 0.22 (lfi/rfi) Multiple Vulnerabilities
No description provided by source. ==================================================================================================== / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / /...
Grayscale BandSite CMS 1.1 shows_content.php the_band Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive informatio...
PHP Arena paFileDB 1.1.3/2.1.1/3.0/3.1 - Arbitrary File Upload And Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8271/info It has been reported that a script contained in paFileDB does not properly verify user credentials before accepting files for upload. As a result, remote attackers may be able to upload files to the Web server...
Internet Security Systems 3.6 ZWDeleteFile Function Arbitrary File Deletion Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/20546/info Internet Security Systems ISS BlackICE PC Protection is prone to a file-deletion vulnerability. An attacker can exploit this issue to delete arbitrary files within the context of the affected application. This...
FreeWnn 1.1 jserver JS_MKDIR Metacharacter Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3860/info FreeWnn 1.1.0 is a kana-kanji japanese translation system. This software is a client-server type application, with the jserver portion acting as a server and performing translations for clients. The jserver...
Apple Bonjour for Windows 1.0.4 - mDNSResponder NULL Pointer Dereference Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/31091/info Apple Bonjour for Windows is prone to a denial-of-service issue because of a NULL-pointer dereference. Successfully exploiting this issue will allow attackers to crash the mDNSResponder system service, denying...
Stake AntiSniff 1.0.1/Researchers Version 1.0 - DNS Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/1207/info Certain versions of @Stake Inc.'s Antisniffer software contain a remotely exploitable buffer overflow. AntiSniff is a program that was released by L0pht Heavy Industries in July of 1999. It attempts, through a...
Electrasoft 32Bit FTP 9.49.1 Client Long Server Banner Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6764/info It has been reported that Electrasoft 32Bit FTP client may be prone to a buffer overflow condition. This issue is due to the client not implementing bounds checking on banner data copied into local memory buffer...
Flash Movie Player 1.5 - File Magic Denial of Service Vulnerability
No description provided by source. Flash Movie Player v1.5 File Magic Crash http://www.eolsoft.com/ http://www.eolsoft.com/freeware/flashmovieplayer/ Author: Matthew Bergin Website: http://berginpentesting.com Date: August 25, 2010 Description: Flash Movie Player is a free stand-alone player for...
Half-Life AdminMod 2.50 Plugin Remote Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6580/info A format string vulnerability has been discovered in the Half-Life AdminMod plugin. The problem occurs in commands which call the selfmessage function, which is used by other functions to write a message to the...
kon2 Local Buffer Overflow Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/7790/info A buffer overflow vulnerability has been reported for the kon2 utility shipped with various Linux distributions. Exploitation of this vulnerability may result in a local attacker obtaining elevated privileges on...
eSignal and eSignal Pro <= 10.6.2425.1208 Multiple Vulnerabilites
No description provided by source. Luigi Auriemma Application: eSignal and eSignal Pro http://www.esignal.com/esignal/default.aspx Versions: = 10.6.2425.1208 Platforms: Windows Bugs: A code execution B heap overflow Exploitation: file Date: 06 Sep 2011 Author: Luigi Auriemma e-mail:...
Hassan Consulting Shopping Cart 1.23 Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3308/info Hassan Consulting's Shopping Cart is commercial web store software. Shopping Cart does not filter certain types of user-supplied input from web requests. This makes it possible for a malicious user to submit a...
IglooFTP PRO 3.8 - Multiple Buffer Overflow Vulnerabilities (2)
No description provided by source. source: http://www.securityfocus.com/bid/8117/info IglooFTP PRO for Windows platforms has been reported prone to multiple buffer overrun vulnerabilities. The issue likely presents itself due do a lack of sufficient bounds checking performed on data that is copie...
Blackboard Academic Suite 6/7 - webapps/blackboard/execute/viewCatalog searchText Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/28455/info Blackboard Academic Suite is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...
161 bytes Drop suid shell root in /tmp/.hiddenshell Linux Polymorphic Shellcode
No description provided by source. / Author : gunslinger yudha.gunslingeratgmail.com Web : http://devilzc0de.org blog : http://gunslingerc0de.wordpress.com tested on : linux debian special thanks to : r0073r inj3ct0r.com, d3hydr8 darkc0de.com, ty miller projectshellcode.com, jonathan...
ezContents CMS 2.0.3 - Multiple Local File Inclusion Vulnerabilities
No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-038 Application: ezContents CMS Versions Affected: 2.0.3 Application URL: http://www.ezcontents.org/ Vendor URL: http://www.visualshapers.com/ Bug: Multiple Local File Include Exploits: YES Reported:...
Netgear FM114P ProSafe Wireless Router UPnP Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7267/info The Netgear FM114P ProSafe Wireless Router is vulnerable to information disclosure. If Remote Access and Universal Plug and Play are both enabled on the WAN interface, a UPnP SOAP request can retrieve the userna...
Check Point Software Firewall-1 3.0 Script Tag Checking Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/954/info Firewall-1 includes the ability to alter script tags in HTML pages before passing them to the client's browser. This alteration invalidates the tag, rendering the script unexecutable by the browser. In version 3,...
Commercial Interactive Media SCOOP! 2.3 requestDemo.asp Invalid Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/16015/info Commercial Interactive Media SCOOP! is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...
chkrootkit 0.49 - Local Root Vulnerability
No description provided by source. We just found a serious vulnerability in the chkrootkit package, which may allow local attackers to gain root access to a box in certain configurations /tmp not mounted noexec. The vulnerability is located in the function slapper in the shellscript chkrootkit:...
Movable Type Pro 5.13en Stored XSS Vulnerability
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Source URL: http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html Keywords: CVE-2012-1503, Movable Type Pro 5.13en, Stored XSS, JavaScript Injection, Vendor Unresponsive, Full Disclosure...
Adobe ColdFusion 9 Administrative Login Bypass
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0819-2 | | http://packetstormsecurity.com/ |...
Adobe Flash Player Integer Underflow Remote Code Execution
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer def...
MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Able2Doc and Able2Doc Professional 6.0 - Memory Corruption
No description provided by source. Exploit Title: Able2Doc and Able2Doc Professional v 6.0 memory corruption Date: June 24 2012 Exploit Author: Carlos Mario Penagos Hollmann Vendor Homepage: www.investintech.com Version:6.0 Tested on: Windows 7 CVE : cve-2011-4221 payload =B13000 crash=startxref...
PHPMyChat Plus 1.9 - Multiple Local File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/20972/info phpMyChat is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an unauthorized user to view files and execute loca...
CubeCart <= 3.0.6 - Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl cijfer-ccxpl - CubeCart =3.0.6 Remote Command Execution Exploit Copyright c 2005 cijfer [email protected] All rights reserved. 1. example cijfer@kalma:/research$ perl ./cijfer-ccxpl.pl -h www.xxx.com -d [email protected] /$ id;uname -a uid=48apache...
PHPDirector Game Edition (game.php) SQL Injection Vulnerability
No description provided by source. PHPDirector Game Edition game.php Sql Injection Vulnerability ================================================================ .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://scriptsgratuits.info/Scripts/PHP/Jeux/PHPDirector-Game-Edition7.html .:...
K Web CMS 'sayfala.asp' SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30745/info K Web CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
EType EServ 2.98/2.99/3.0 Resource Exhaustion Denial of Service Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/7552/info A denial of service vulnerability has been reported for EServ. The vulnerability exists due to the way the server handles connections. Specifically, memory allocated for open connections are not properly freed...
Opera Browser 10.60 - Clickjacking Vulnerability
No description provided by source...
Adobe On Location CS4 DLL Hijacking Exploit (ibfs32.dll)
No description provided by source. / Exploit Title: Adobe On Location CS4 DLL Hijacking Exploit ibfs32.dll Date: August 25, 2010 Author: Glafkos Charalambous glafkos@astalavistadotcom Version: CS4 Build 315 Tested on: Windows 7 x64 Ultimate Vulnerable extensions: .olproj Greetz: Astalavista,...
Call of Duty 4 1.5 - Malformed 'stats' command Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29026/info Call of Duty is prone to a denial-of-service vulnerability because the application fails to handle specially crafted commands. An attacker can exploit this issue to crash the affected application, denying servi...
Wordpress Persuasion Theme 2.x - Arbitrary File Download and File Deletion Exploit
No description provided by source...
Oracle OTRCREP Oracle 8/9 Home Environment Variable Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3139/info Oracle is an Enterprise level SQL database, supporting numerous features and options. It is distributed and maintained by Oracle Corporation. A buffer overflow has been discovered in the handling of $ORACLEHOME ...
GreenSQL Firewall 0.9.x WHERE Clause Secuity Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/36209/info GreenSQL Firewall is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions. Successfully exploiting this issue may aid in SQL attacks on the...
Terminal Server Client .rdp Denial of Service
No description provided by source. !/usr/bin/perl Exploit Title: Terminal Server Client .rdp Dos Date: 2011-02-01 Author: D3V!L FUCKER Software Link: sudo apt-get install tsclient ^^ Version: All Version Tested on: ubuntu 10.10 press to open then chois the T-T34M.rdp file then connect ^^ C0d3d By...
W-Agora 4.2 BBCode Script Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17751/info W-Agora is prone to a script-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated content. W-Agora can...
FreeBSD <= 3.4,NetBSD <= 1.4.1,OpenBSD <= 2.6 /proc File Sytem Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/940/info Certain BSD derivative operating systems use an implantation of the /proc filesystem which is vulnerable to attack from malicious local users. This attack will gain the user root access to the host. The proc file...
MoinMoin 1.5.8/1.9 Cross-Site Scripting and Information Disclosure Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/32208/info MoinMoin is prone to cross-site scripting and information-disclosure vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script...
PHP Advanced Transfer Manager <= 1.30 Source Code Disclosure Exploit
No description provided by source. ? / ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+ +:+:+ +:...
BIND 9 0.3beta - DNS Cache Poisoning Exploit
No description provided by source. !/usr/bin/env python DNS Cache Poison v0.3beta by posedge based on the Amit Klein paper: http://www.trusteer.com/docs/bind9dns.html output: time:ip:port: id: id q: query g: good e: error id: ID to predict q: number of queries from the DNS server only queries wit...
Emil 2.x Multiple Buffer Overrun and Format String Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/9974/info Multiple locally and remotely exploitable buffer overrun and format strings were reported in emil. This could permit execution of arbitrary code in the context of the software...
KDE KTVision 0.1 File Overwrite Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2913/info KTVision works with frame-grabber cards and KDE Unix K Desktop Environment to support TV video display on the PC screen. KTVision is vulnerable to symbolic link attacks. It is possible for an attacker to...
zenphoto 1.4.3.3 - Multiple Vulnerabilities
No description provided by source. waraxe-2012-SA096 - Multiple Vulnerabilities in Zenphoto 1.4.3.3 =============================================================================== Author: Janek Vind waraxe Date: 03. November 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-96.html...
wordpress wp-topbar 4.02 - Multiple Vulnerabilities
No description provided by source. Exploit Title: WP-TopBar 4.02 CSRF Date: 2012-09-13 Author: Blake Entrekin Version: 4.02 Download Link: http://downloads.wordpress.org/plugin/wp-topbar.4.02.zip Vendor Link: http://wordpress.org/extend/plugins/wp-topbar/ ------------------- CSRF...