56796 matches found
WINMOD 1.4 - (.lst) Local Stack Overflow Exploit
No description provided by source. !/usr/bin/perl Winmod 1.4 .lst Local Stack Overflow Exploit Exploit by CWH Underground Tested on Win XP SP2 EN Download: http://www.software112.com/products/winmod+download.html print \n==================================================\n; print Winmod 1.4 .lst...
Telnet-Ftp Service Server 1.x - Multiple Vulnerabilities (Post Auth)
No description provided by source. / Telnet-Ftp Service Server v1.x ------------------------------ Multiple Vulnerability: -Remote Creat File -Remote Delet File -Remote Creat Directory -Remote Delet Directory -Remote Get File -Remote Crash...
OpenBB 1.0 .0 RC3 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4824/info OpenBB is web forum software written in PHP. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. It has been reported that OpenBB is vulnerable to a cross-site...
JBoss JMX Console Deployer Upload and Execute
No description provided by source...
OpenDocMan 1.2.7 - Multiple Vulnerabilities
No description provided by source...
Sun J2EE/RI 1.4,Sun JDK 1.4.2 JDBC Database Insecure Default Policy Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/9444/info It has been reported that multiple JDBC database implementations include insecure default security policies. This could expose vulnerable databases to denial of service attacks. This could also permit remote...
MS IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (7)
No description provided by source. !/usr/bin/perl IIS 4.0/5.0 Unicode Exploit Checks for each script that has been posted on the BugTraq Lis Shouts to bighawkthats for help, datagram, Ghost Rider, The Duke, p4, kript0n and others Since It Uses fork, you gotta keep up with whats happening. Or Just...
KDE 1.1.2 KApplication configfile vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can modify ownership of arbitrary fil...
Lmail 2.7 Temporary File Race Condition Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2984/info Jon Zeeff's lmail is a local mail delivery agent LDA designed to provide mail-to-pipe and mail-to-file aliasing for smail. A race condition vulnerability exists in lmail. The lmail program makes insecure use of...
Virtual Hosting Control System 2.2/2.4 Error Message Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15538/info Virtual Hosting Control System is prone to cross-site scripting attacks. The vulnerability arises when error messages are rendered and could let an attacker inject hostile HTML and script code into the browser...
Virtual Hosting Control System 2.4.7 .1 Server_day_stats.PHP Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/17790/info Virtual Hosting Control System is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have...
DNS Reverse Download and Exec Shellcode
No description provided by source. Shellcode: download and execute file via reverse DNS channel Features: Windows 7 tested UAC without work svchost.exe makes requests via getaddrinfo Firewall/Router/Nat/Proxy bypass reverse connection like dnscat do, but without sockets and stable! NO SOCKET DNS...
OpenDocMan 1.2.6.1 - Password Change CSRF
No description provided by source. Exploit Title: OpenDocMan Password Change CSRF Date: 22/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.opendocman.com/ Software Link: https://github.com/downloads/opendocman/opendocman/opendocman-1.2.6.1.tar.gz Version: 1.2.6.1 Gr33Tz:...
Dispair 0.1/0.2 - Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5392/info Dispair fails to sufficiently validate user-supplied input before it is passed to the shell via the Perl open function. Remote attackers may potentially exploit this issue to execute arbitrary commands on the...
Oracle Document Capture Insecure READ Method
No description provided by source. Source: http://packetstormsecurity.org/files/view/97872/DSECRG-11-007.txt Digital Security Research Group DSecRG Advisory DSECRG-11-007 Internal DSECRG-00117 Application: Oracle Document Capture Versions Affected: 10.1350.0005 Vendor URL:...
DNS Recursion Bandwidth Amplification - Denial of Service PoC
No description provided by source. !/usr/bin/perl Get Net::RawIP at http://search.cpan.org/CPAN/authors/id/S/SZ/SZABGAB/Net-RawIP-0.2101.tar.gz cpan Net::DNS:Resolver seems to work fine on each machine I throw it on, as well. PS: To see if you can spoof, check out the ANA Spoofer project...
FreeSchool <= 1.1.0 - Multiple Remote File Inclusion Vulnerabilities
No description provided by source. x FreeSchool = 1.1.0 Mutiple Remote File Include Vulnerability ! Download Script : http://sourceforge.net/projects/freeschool/files/ ! Author : cr4wl3r ! Contact : cr4wl3r4tlinuxmaildotorg ! Location : Gorontalo - INDONESIA ! Dork : FuCk y0u MaLaYsia x 3xplo!t :...
FreeBSD 4.4 AIO Library Cross Process Memory Write Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3661/info aio.h is a library implementing the POSIX standard for asynchronous I/O. Support for AIO may be enabled in FreeBSD by compiling the kernel with the VFSAIO option. This option is not enabled in the default kernel...
AskMe Pro 2.1 (que_id) SQL Injection Vulnerability
No description provided by source. / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID...
Gattaca Server 2003 POP3 DoS
No description provided by source. source: http://www.securityfocus.com/bid/10728/info It is reported that Gattaca Server 2003 contains multiple denial of service vulnerabilities. These vulnerabilities allow a remote attacker to crash the application, denying service to legitimate users. Version...
Siemens FactoryLink 8 CSService Logging Path Param Buffer Overflow
No description provided by source. $Id: factorylinkcsservice.rb 13019 2011-06-25 00:54:18Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
SAP SAPLPD 6.28 Buffer Overflow
No description provided by source. $Id: saplpd.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
TFTgallery <= 0.13.1 - Local File Inclusion Vulnerability
No description provided by source...
Psychoblogger PB-beta1 errormessage XSS
No description provided by source. source: http://www.securityfocus.com/bid/9293/info It has been reported that Psychoblogger may be prone to multiple cross-site scripting vulnerabilities that may allow a remote attacker to execute HTML or script code in a user's browser. The issues are reported ...
TFTgallery 0.13 'sample' Parameter Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/36898/info TFTgallery is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in th...
LBreakOut2 2.x Login Remote Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8021/info It has been reported that lbreakout2 is vulnerable to a format string issue in the login component. This may result in an attacker executing arbitrary code on a vulnerable host. / lbreakout2-2.5+: remote format...
TR Forum 1.5 Mullti Vulnerability
No description provided by source...
phpPC <= 1.04 Multiple Remote File Inclusion Vulnerabilities
No description provided by source. phpPC 1.04 Multiples Remote File Inclusion Script : PHP Poll Creator Version : 1.04 Vendor URL : http://www.phppc.de Impact : Remote File Inclusion Discovered by : iss4m Contact : [email protected] Vulnerable code in poll.php -------------------------------- ?ph...
WordPress SCORM Cloud plugin <= 1.0.6.6 - SQL Injection Vulnerability
No description provided by source. Exploit Title: WordPress SCORM Cloud plugin = 1.0.6.6 SQL Injection Vulnerability Date: 2011-09-07 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/scormcloud.1.0.6.6.zip Version: 1.0.6.6 tested...
Easyedit CMS page.php intPageID Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/32369/info Easyedit is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...
Oxynews Index.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17132/info Oxynews is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow a...
Roxio Photosuite 9 DLL Hijacking Exploit (homeutils9.dll)
No description provided by source. / Greetz to :b0nd, Fbih2s,r45c4l,Charles ,j4ckh4x0r, punter,eberly, Charles, Dinesh Arora Exploit Title: Roxio photosuite 9 DLL Hijacking Exploit Date: 25/08/2010 Author: Beenu Arora Tested on: Windows XP SP3 , Photosuite 9.0 Vulnerable extensions: .dmsp , .pspd...
TikiWiki Project 1.8 tiki-list_faqs.php offset Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting,...
Horde 1.2.x/2.1.3 and Imp 2.2.x/3.1.2 File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3067/info A vulnerability has been discovered in Horde Imp which may allow an attacker to access arbitrary system files. The issue occurs due to insufficient sanity checks on user-supplied URI parameters. By specifying a...
Zenoss 2.3.3 Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/37802/info Zenoss is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...
LxBlog Multiple Cross Site Scripting and SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/35071/info LxBlog is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker ...
FSD 2.052/3.000 sysuser.cc sysuser::exechelp Function HELP Command Remote Overflow
No description provided by source. source: http://www.securityfocus.com/bid/25883/info FSD is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit these issues to execute arbitrary...
Uebimiau 2.7.x Index.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25912/info UebiMiau is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks o...
HP JetDirect PJL Interface Universal Path Traversal
No description provided by source. Exploit Title: HP JetDirect PJL Interface Universal Path Traversal Date: Aug 7, 2011 Author: Myo Soe YGN Ethical Hacker Group - http://yehg.net/ Software Link: http://www.hp.com Version: All Tested on: HP LaserJet Pxxxx Series $Id: $ This file is part of the...
Yoxel <= 1.23beta (itpm_estimate.php a) Remote Code Execution Vuln
No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ dunatstrcpy.pl Yoxel = 1.23beta PHP code Injection Vulnerability Script: Yoxel is a hidden gem. This Open Source...
OpenDocMan 1.2.5 view_file.php XSS
No description provided by source. source: http://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...
Symantec SYMTDI.SYS Device Driver - Local Denial of Service (DoS) Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22977/info Symantec 'SYMTDI.SYS' device driver is prone to a local denial-of-service vulnerability. A local authenticated attacker may exploit this issue to crash affected computers, denying service to legitimate users...
coppermine 1.5.18 - Multiple Vulnerabilities
No description provided by source. waraxe-2012-SA081 - Multiple Vulnerabilities in Coppermine 1.5.18 ============================================================================== Author: Janek Vind waraxe Date: 29. March 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-81.html...
Joomla Component com_juliaportfolio Local File Inclusion
No description provided by source. InformatioN Title : Joomla Component comjuliaportfolio Local File Inclusion Author : DevilZ TM By D3v1l Homepage : http://www.DEVILZTM.com Contact : [email protected] & [email protected] ExploiT Vulnerable File :...
phpcollab 2.5 - Multiple Vulnerabilities
No description provided by source. Vulnerability ID: HTB22916 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011 Vulnerabili...
AoAAudioExtractor 2.0.0.0 ActiveX PoC (SEH)
No description provided by source. html object classid='clsid:125C3F0B-1073-4783-9A7B-D33E54269CA5' id='target' /object script language='vbscript' 'AoAAudioExtractor 2.0.0.0 ActiveX PoC SEH ' Author: Hadji Samir ,[email protected] ' Tested on: Windows XP SP2 FR / IE6 ' Down:...
PHP 3-5 Ini_Restore() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19933/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations. This...
ZyXEL Prestige 681 SDSL Router IP Fragment Reassembly Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3711/info Prestige is a product line of DSL routers produced and distributed by Zyxel. When a Zyxel router receives fragmented packets that after reassembly is greater than 64 kilobytes in length, the router crashes. The...
Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow Vulnerabilities (2)
No description provided by source. source: http://www.securityfocus.com/bid/23648/info Asterisk is prone to multiple remote stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers...
Sophos Web Protection Appliance 3.7.8.1 - Multiple Vulnerabilities
No description provided by source...