Qualcomm Eudora 6.0.1/6.1.1 Attachment LaunchProtect Warning Bypass Weakness (1)

No description provided by source. source: http://www.securityfocus.com/bid/9101/info A problem has been identified in the implementation of LaunchProtect within Eudora. Because of this, it may be possible to trick users into performing dangerous actions. May 21, 2004 - Eudora version 6.1.1 has...

Mini-stream Ripper 3.0.1.1 (.smi) Local Buffer Overflow PoC

No description provided by source. !/usr/bin/python Tested on: win XPsp3 webpage: d3b4g.info EAX 00E1C880 EDX 00000001 EBX 41414141------------------------------------------------ ESP 000D198C EBP 00E1C880 controle over registers ESI 41414141------------------------------------------------ EDI...

Ruby on Rails 1.2.3 To_JSON - Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24161/info Ruby on Rails is prone to a script-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied script code...

Ruby on Rails Known Secret Session Cookie Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Alt-N MDaemon 6.x/WorldClient Form2Raw Raw Message Handler Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/9317/info It has been reported that MDaemon/WorldClient mail server may be prone to a buffer overflow vulnerability when handling certain messages with a 'From' field of over 249 bytes. This issue may allow a remote...

ZaireWeb Solutions Newsletter ZWS Administrative Interface Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10605/info Newsletter ZWS is reported prone to an administrative interface authentication bypass vulnerability. The vulnerability exists due to a design error in the implementation of the authentication system for the...

HM Software S to Infinity 3.0 - Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/1368/info A number of vulnerabilities exist in HM Software S to Infinity, a security access control, desktop lockdown and transparent encryption application. Intended features include restriction of access to folders,...

Doruk100Net Info.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23675/info Doruk100Net is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the...

Bitweaver 1.1.1 my.php sort_mode Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/15962/info bitweaver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities...

City Directory Review and Rating Script (search.php) SQL Injection Vulnerability

No description provided by source. Exploit Title: City Directory Review and Rating Script SQL Injection Vulnerability Date: 22.12.2012 Author: 3spi0n Script Vendor or Software Link: http://b-scripts.com/en/18-city-reviewer-yelp-clone.html Category: WebApps Type: SQL Injection MySQLi Tested On:...

HP Power Manager 'formExportDataLogs' Buffer Overflow

No description provided by source. $Id: hppowermanagerfilename.rb 14016 2011-10-20 17:40:21Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

IRIX 6.2/6.3 lpstat Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1529/info Certain versions of IRIX ship with a version of lpstat which is vulnerable to a buffer overflow attack. The program, lpstat, is used to check the status of the printer being used by the IRIX machine. The problem...

3Com TFTP Service <= 2.0.1 (Long Transporting Mode) Overflow PoC

No description provided by source. !/usr/bin/python Buffer Overflow Long transporting mode Vulnerability Exploit This is just a DoS exploiting code Tested on Windows xp SP2 Requires python and impacket Coded by Liu Qixu Of NCNIPC SUMMARY: 3CTftpSvc TFTP Server is a Freeware TFTP server for Window...

Ipswitch IMail 5.0 IMonitor Buffer Overflow DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/504/info The IMail IMonitor service can be crashed by exploiting a buffer overflow vulnerability. Telnet to target machine, port 8181 Send: glob1 hit enter twice Where glob1 is 2045 characters...

Blue Coat Authentication and Authorization Agent (BCAAA) 5 Buffer Overflow

No description provided by source. $Id: bcaaabof.rb 13137 2011-07-09 04:10:52Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

iphone ishred 1.93 - Directory Traversal

No description provided by source. ---------------------------------------------------------------- Software : iPhone ishred 1.93 Type of vunlnerability : Directory Traversal Tested On : iPhone 4 IOS 4.0.1 Risk of use : High ---------------------------------------------------------------- Program...

BPM Studio Pro 4.2 HTTPD Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4198/info BPM Studio Pro is a shareware MP3 mixer and player. It runs on Microsoft Windows operating systems. BPM Studio Pro includes a HTTP server for managing the player via a web interface. The BPM Studio Pro HTTPD doe...

WordPress <= 2.3.3 - 'cat' Parameter Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28845/info WordPress is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to access sensitive information that coul...

Simple PHP Blog <= 0.4.7.1 - Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl use IO::Socket; print Simple PHP Blog = 0.4.7.1 cmmnds xctn exploit\r\n; print through arbitrary local inclusion\r\n; print rgod [email protected]\r\n; print - this works with magicquotesgpc = Off\r\n\r\n; short explaination: we have this code in...

Interspire Knowledge Manager 5 'callback.snipshot.php' Arbitrary File Creation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38186/info Interspire Knowledge Manager is prone to a vulnerability that allows attackers to create arbitrary files on a vulnerable computer. An attacker may exploit this issue to create arbitrary files, which may then be...

JomSocial 1.8.8 Shell Upload Vulnerability

No description provided by source. There is a file upload vulnerability in version 1.8.8 and earlier of JomSocial, the popular community extension for Joomla!. Successful exploitation of this exploit requires the site to be configured to allow users to upload video files directly, which is disabl...

CMS Ignition SQL Injection Exploit

No description provided by source. |------------------------------------------------| | neavorc@gmaildotcom | ================================================== + SQL Injection Vulnerability + Dorks: allinurl:shop.htm?shopMGID= + Bug in shop.htm?shopMGID + Exploit:...

MyWebServer 1.0.2 Search Request Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5469/info MyWebServer is an application and web server for Microsoft Windows operating systems. MyWebServer includes a number of web based functions, including a search engine. MyWebServer suffers from a remote buffer...

Portrait Software Portrait Campaign Manager 4.6.1.22 Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/38252/info Portrait Campaign Manager is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary scrip...

DaLogin Multiple Vulnerabilities

No description provided by source. dalogin 2.2 multiple vulnerabilites app desc: Configurable WebSite. PHP + Mysql: news zone with rss feed, private zone, languages, themes, administration panel app source: http://dalogin.sourceforge.net/ author: hc0 1 config file disclosure you can access...

VariCAD 2010-2.05 EN Local buffer overflow

No description provided by source. / Exploit Title: VariCAD 2010-2.05 EN Local buffer overflow : Date: 15 March 2010 Author: n00b Realname: carl cope Software Link: http://www.varicad.com/en/home/ Version: All versions are affected. Tested on: Windows xp sp3,Vista sp2,Linux unbuntu CVE : if exist...

Snort unified 1 IDS Logging Alert Evasion, Logfile Corruption/Alert Falsify

No description provided by source. Advisory: ========= Snort unified 1 IDS Logging Alert Evasion, Logfile Corruption/Alert Falsify Log: ==== 30/06/2009 Bug detected. 20/07/2009 First mail with snort team. 20/07/2009 Snort team answer they will fix it in the next release 2.8.5. 16/09/2009 Snort...

PHP121 Instant Messenger <= 1.4 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo PHP121 Instant Messenger = 1.4 $SESSIONsessusername remote cmmnds xctn \r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; echo - works with magicquotesgpc = Off\r\n\r\n; echo a...

Supernews <= 2.6.1 - SQL Injection Exploit

No description provided by source. ?php Exploit Title: Supernews = 2.6.1 SQL Injection Exploit Google Dork: intext:2003 - 2004 : SuperNews : Todos os direitos reservados Date: 2012/ Author: WhiteCollarGroup Software Link: http://phpbrasil.com/script/vT0FaOCySSH/supernews Version: 2.6.1 Tested on:...

mcGuestbook 1.3 admin.php lang Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/18476/info mcGuestbook is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote file...

ICONICS WebHMI ActiveX Buffer Overflow

No description provided by source. $Id: iconicswebhmisetactivexguid.rb 12584 2011-05-11 20:45:54Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing...

Joomla Component Camelcitydb2 2.2 - SQL Injection Vulnerabilities

No description provided by source. Joomla Component Camelcitydb2 SQL Injection Vulnerability Vulnerability found by: H!tm@N Contact: khghitmanatgmaildotcom Site: www.khg-crew.ws Greetz: boom3rang, KHG, urtan, warning, chs, redc00de - -=Kosova Hackers Group=- ScriptName: Joomla Component:...

TJSChat 0.95 You.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23593/info TJSChat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

Siemens SIMATIC WinCC Flexible (Runtime) Multiple Vulnerabilities

No description provided by source. Luigi Auriemma Application: Siemens SIMATIC WinCC flexible Runtime http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/Pages/Default.aspx Versions: 2008 SP2 + security patch 1 Platforms:...

Travelsized CMS 0.4.1 - 'index.php' Multiple Local File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/28218/info Travelsized CMS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an attacker to access potentially sensitive...

PeerCast <= 0.1216 (nextCGIarg) Remote Buffer Overflow Exploit (2)

No description provided by source. / \ PeerCast =0.1216 remote exploit / by Darkeagle \ / 09.03.06 \ / \ gr33tz: bl4ck guys, unl0ck guys, rst/ghc guys, 0x557 guys, ph4nt0m guys, sh0k and many otherz. / \ / http://unl0ck.net root@localhost darkeagle telnet localhost 36864 Trying 127.0.0.1...

Windows Movie Maker 2.1.4026.0 - (.wav) Crash PoC

No description provided by source. Exploit Title: Windows Movie Maker Version 2.1.4026.0 .wav - Crash POC Date: 16-07-2013 Exploit Author: ariarat Vendor Homepage: http://www.microsoft.com Software Link: included in windows xp sp2 and sp3 Version: 2.1.4026.0 Tested on: Windows XP sp3 CVE :...

Free Realty 3.1-0.6 - Multiple Vulnerabilities

No description provided by source...

KMail 1.x GnuPG Arbitrary Content Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22759/info KMail is prone to a vulnerability that may allow an attacker to add arbitrary content into a message without the end user knowing. An attacker may be able to exploit this issue to add arbitrary content into a...

alt-n webadmin 3.0.2 - Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12395/info Alt-n WebAdmin is reportedly affected by multiple remote vulnerabilities. The application is affected by multiple cross-site scripting issues. An attacker may leverage these issues to execute arbitrary HTML and...

Quick Classifieds 1.0 - controlpannel/alterCats.php3 DOCUMENT_ROOT Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the applicati...

JBoss 3.x/4.0.2 Malformed HTTP Request Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13985/info JBoss is prone to a remote information-disclosure vulnerability. The issue occurs in the 'org.jboss.web.WebServer' class and is due to a lack of sufficient sanitization of user-supplied request data. Informatio...

VBulletin 2.0.3 Calendar.PHP Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5820/info A remote command execution vulnerability has been reported for vBulletin. The vulnerability is due to vBulletin failing to properly sanitize user-supplied input from URI parameters. An attacker can exploit this...

Joomla Component simpleshop <= 3.4 - SQL Injection

No description provided by source. /---------------------------------------------------------------\ \ / / Joomla Component simpleshop Remote SQL injection \ \ / ---------------------------------------------------------------/ Author : His0k4 ALGERIAN HaCkEr Dork : inurl:comsimpleshop Dork :...

CA BrightStor ARCserve License Service GCR NETWORK Buffer Overflow

No description provided by source. $Id: licensegcr.rb 10892 2010-11-03 22:09:44Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

MySource 2.14 Date.php PEAR_PATH Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these...

cms - (id) 5.0 - SQL Injection Vulnerability

No description provided by source. ----------------------------------------------------------------------- CmS id SQL Injection Vulnerability ----------------------------------------------------------------------- Author : spykit Site : http://devilzc0de.org/ Date : April, 22-2010 Location :...

Microsoft Internet Explorer 6.0 Unspecified Code Execution Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/20797/info Microsoft Internet Explorer is prone to an unspecified vulnerability that results in arbitrary code execution. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the...

RedHat Linux 5.2 i386/6.0 No Logging Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/320/info A vulnerability in PAM allows local malicious users to brute force passwords via the su command without any logging of their activity. su is a command that allows users to change identifies by supplying a passwor...

Microsoft Windows Media Services 4.0/4.1 DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1282/info Windows Media Encoder is part of Windows Media Services. It's purpose is to convert content into a suitable format for video or audio streaming through the Media Services. If a specially malformed request is sen...