56796 matches found
SiteBar <= 3.3.8 (translator.php) upd cmd Action edit Variable Arbitrary PHP Code Execution
No description provided by source. source: http://www.securityfocus.com/bid/26126/info SiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. These issues include: - A local file-include vulnerability - Multiple...
Bitrix Site Manager 6/7 Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/33689/info Bitrix Site Manager is prone to multiple input-validation vulnerabilities: - An authentication-bypass vulnerability - A cross-site scripting vulnerability An attacker may leverage these issues to gain...
vBulletin 3.0.10 Portal.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18197/info vBulletin is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow...
InstantASP 4.1 Members1.aspx Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/22052/info InstantForum.NET is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based...
artmedic webdesign weblog Multiple Local File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/27797/info artmedic webdesign weblog is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an attacker to access potentially...
ultrascripts ultraboard 1.6 - Directory Traversal vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1164/info UltraBoard 1.6 and possibly all 1.x versions is vulnerable to a directory traversal attack that will allow any remote browser to download any file that the webserver has read access to. On Windows instalations,...
VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow
No description provided by source. $Id: vlcmodplugs3m.rb 12282 2011-04-08 15:48:53Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 beta Mail Logging Buffer Overflow (2)
No description provided by source. source: http://www.securityfocus.com/bid/1158/info Sniffit is a freely available, open source network monitoring tool. It is designed for use on the Unix and Linux Operating Systems. Sniffit contains a remotely exploitable buffer overflow vulnerability. If Sniff...
Softbiz Classifieds Script gallery.php radio Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/32569/info Softbiz Classifieds Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary scri...
Skype Technologies Skype 1.5 NSRunAlertPanel Remote Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/20218/info Skype is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before using it in the format-specification argument of a formatted-printing functio...
YenerTurk Haber Script 1.0 - Remote SQL Injection Vulnerability
No description provided by source. YenerTurk Haber Script v1.0 SQL Injection Vulnebrality Credit:ASIANEAGLE Contact:[email protected] Exploit: Admin Nick: http://SITE/Path to...
Yealink VoIP Phone SIP-T38G - Local File Inclusion
No description provided by source. Title: Yealink VoIP Phone SIP-T38G Local File Inclusion Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team Vendor Homepage: http://www.yealink.com/Companyprofile.aspx Version: VoIP Phone SIP-T38G CVE: CVE-2013-5756, CVE-2013-5757 Description: Web interface...
Gopher <= 3.0.9 (+VIEWS) Remote (Client Side) Buffer Overflow Exploit
No description provided by source. / gopherv3.0.9+: remote client buffer overflow exploit. by: vade79/v9 [email protected] fakehalo/realhalo compile: gcc xgopher-client.c -o xgopher-client syntax: ./xgopher-client port bindshell port The Internet Gopher Client is based on the UMN Gopher/Gopherd 2.3....
Foxit WAC Remote Access Server 2.0 Build 3503 - Heap Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27873/info Foxit WAC Remote Access Server is prone to a heap-based buffer-overflow vulnerability. Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application...
RedHat 6.2/7.0/7.1 Lpd Remote Command Execution via DVI Printfilter Configuration Error
No description provided by source. source: http://www.securityfocus.com/bid/3241/info 'dvips' is a utility that converts DVI documents to PostScript. It is an optional component of the TeTeX text formatting package. When installed on a system where LPRnG and TeTeX are in use, 'dvips' will be...
phpcksec 0.2 'phpcksec.php' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/32890/info The 'phpcksec' script is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...
Jamroom <= 3.3.8 Cookie Authentication Bypass Vulnerability and Multiple Unspecified Security Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/30406/info Jamroom is prone to fourteen security vulnerabilities, including an authentication-bypass vulnerability that occurs because the application fails to verify user-supplied data. Very few technical details are...
Compaq Web-Based Management Agent Access Violation Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8015/info Compaq Web-Based Management Agent has been reported prone to a remote denial of service vulnerability when handling malformed GET requests. The resulting error reports an access violation, effectively causing th...
HP-UX FTPD <= 1.1.214.4 "REST" Remote Brute Force Exploit
No description provided by source. / Author: phased /str0ke / include sys/types.h include sys/socket.h include netinet/in.h include arpa/inet.h include netdb.h include stdio.h include unistd.h int main int argc, char argv int sock, rc; long int i; struct sockaddrin saddr; struct hostent h; char...
Okyanusmedya Index.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24285/info Okyanusmedya is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
FTPx FTP Explorer 1.0 .00.10 Weak Password Encryption Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1003/info FTP Explorer includes the option to store profiles of visited FTP sites. The user's name and password can also be stored. These stored values are kept in the registry, under the key HKCU\Software\FTP...
VerliAdmin 0.3 'index.php' Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/34845/info VerliAdmin is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script cod...
MySource 2.14 mimeDecode.php PEAR_PATH Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these...
Kerio Mailserver 5.6.3 do_map Module Overflow
No description provided by source. source: http://www.securityfocus.com/bid/7967/info Multiple buffer overrun vulnerabilities have been discovered in Kerio MailServer, which affect the webmail component. The problem occurs when handling usernames of excessive length and likely occurs due to...
Joomla Tags (index.php, tag parameter) SQL Injection
No description provided by source. Exploit Title: Joomla tag Remote Sql Exploit dork: inurl:index.php?option=comtag Date: 18-10-2012 Author: Daniel Barragan D4NB4R Twitter: @D4NB4R Vendor: http://www.joomlatags.org Version: all License: Non-Commercial Download:...
WinWebMail 3.7.3 - IMAP Login Data Handling Denial Of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28721/info WinWebMail is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied input. Remote attackers can exploit this issue to crash the server and deny service...
Netcut 2.0 - Denial of Service Vulnerability
No description provided by source. !/usr/bin/env python Exploit Title: Netcut Denial of Service Vulnerability Author: MaYaSeVeN Blog: http://mayaseven.blogspot.com PoC: Video http://www.youtube.com/user/mayaseven Picture...
EQDKP <= 1.3.1 Show Variable Cross-Site Scripting Vulnerability
No description provided by source...
SQL Injection Entry Level Content Management System (EL CMS)
No description provided by source. + Contact : vir0e5athackermaildotcom + Group : TECON The Eye COnference Indonesia + Site : http://tecon-crew.org Software Information +SOftware : Entry Level Content Management System EL CMS +vendor : http://www.entrylevelcms.com/ +Vulnerability : SQL Injection...
WD-CMS 3.0 - Multiple Vulnerabilities
No description provided by source. Exploit Title: WD-CMS 3.0 Multiple Vulnerabilities Date: December 31st, 2009 Author: Sora Software Link: http://www.webdiamond.net/cms.html Version: 3.0 Tested on: Windows Vista and Linux Backtrack 3 --------------------------------------------------------------...
MySmartBB 1.7 Multiple Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/38385/info MySmartBB is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the...
Linux Kernel 2.4.22 "do_brk()" local Root Exploit (PoC)
No description provided by source. ; Christophe Devine devine at cr0.net and Julien Tinnes julien at cr0.org ; ; This exploit uses sysbrk directly to expand his break and doesn't rely ; on the ELF loader to do it. ; ; To bypass a check in sysbrk against available memory, we use a high ; virtual...
PostNuke 0.76 RC2 Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/18319/info PostNuke is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection vulnerabilities, because the application fails to properly sanitize user-supplied input. A...
PHP 5.2.11/5.3.0 - Multiple Vulnerabilities
No description provided by source. ?php / PHP 5.2.11/5.3.0 symlink openbasedir bypass by Maksymilian Arciemowicz http://securityreason.com/ cxib a.T securityreason d0t com CHUJWAMWMUZG / $fakedir=cx; $fakedep=16; $num=0; // offset of symlink.$num if!empty$GET'file' $file=$GET'file'; else...
eFront 3.5.5 'langname' Parameter Local File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38787/info eFront is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execut...
Aestiva HTML/OS 2.4 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5618/info Aestiva HTML/OS is a database engine and development suite for building websites and web-based software products. HTML/OS does not sufficiently sanitize metacharacters from error message output. In particular,...
Mandrake 6.x,RedHat 6.x,Turbolinux 3.5 b2/4.x/6.0.2 userhelper/PAM Path Vulnerability (1)
No description provided by source. Mandrake 6.0/6.1,RedHat 6.0/6.1,Turbolinux 3.5 b2/4.2/4.4/6.0.2 userhelper/PAM Path Vulnerability 1 source: http://www.securityfocus.com/bid/913/info Because of double path vulnerabilities in the binary userhelper and PAM, it is possible to get root locally on...
Cisco PIX 4.x/5.x TACACS+ Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2551/info PIX is an enterprise firewall engineered and maintained by Cisco Systems. It is designed to provide robust features and multiple methods of access control and filtering. A problem with the PIX could allow a deni...
Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27706/info Apache Tomcat is prone to an information-disclosure vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to access potentially sensitive data that may aid i...
Microsoft Word 97/98/2002 Malformed Document Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8761/info It has been reported that Microsoft Word is prone to a vulnerability that may allow an attacker to crash the software. The problem occurs when an attacker modifies the memory structure of a Word document. If a...
Mesh Viewer 0.2.2 - Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12025/info It is reported that Mesh Viewer is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it into a...
Mambo phpShop Component <= 1.2 RC2b File Include Vulnerability
No description provided by source. Affected Application: Mambo phpShop v1.2 RC2b Mambo CMS Component . . : contact : . . . . . . . . . . . . . . . . . . . . . . . . . . . Discoverd/Found by: Charles Nelwan a.k.a Cmaster4 Team: BatamHacker irc.dal.net crew URL: http://www.batamhacker.info/forum...
BigAnt Server 2.50 SP1 - Buffer Overflow
No description provided by source. $Id: bigantserver250.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
Sun Java System Application Server 7.0/8.0 - Remote Installation Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10424/info It is reported that Java System Application Server is prone to a remote installation path disclosure vulnerability. This issue is due to a failure of the application to properly filter user requests. Successful...
MySimpleNews 1.0 PHP Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5865/info MySimpleNews allows users to enter news articles through a web interface. It will allow PHP code to be injected into URI parameters of the 'users.php' script, which will be stored into a MySimpleNews file...
LifeSize Room Command Injection
No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initializeinfo = superupdateinfoinfo, 'Name' = 'LifeSize Room Command Injection', 'Description' = %q This module exploits a vulnerable...
IceWarp Merak Mail Server 9.4.1 'Forgot Password' Input Validation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/34827/info IceWarp Merak Mail Server is prone to an input-validation vulnerability because it uses client-supplied data when performing a 'Forgot Password' function. Attackers can exploit this issue via social-engineering...
Audiotran 1.4.1 - Direct RET BoF
No description provided by source...
FuseTalk Forum 4.0 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/11407/info FuseTalk Forum is reported prone to multiple input validation vulnerabilities. These issues may allow a remote attacker to carry out cross-site scripting attacks. The cause of these issues is insufficient...
AppServ Open Project 2.4.5 - Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16166/info AppServ Open Project is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute...