Android Web Browser - BMP File Integer Overflow Vulnerability

source: http://www.securityfocus.com/bid/28006/info Android Web Browser is prone to an integer-overflow vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts wil...

Avant Browser 11.7 Build 9 - JavaScript Engine Integer Overflow Vulnerability

source: http://www.securityfocus.com/bid/31155/info Avant Browser is prone to an integer-overflow vulnerability that occurs in the JavaScript engine. An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious site. Successfully exploiting this issue may allow...

AlienVault 4.5.0 Authenticated SQL Injection

No description provided by source. The following request is vulnerable to a SQL injection attack from authenticated users. GET /ossim/report/BusinessAndComplianceISOPCI/ISO27001Bar1.php?datefrom=2014-02-28&dateto=2014-03-30 HTTP/1.1 Host: 172.31.16.150 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux...

Micro CMS <= 0.3.5 (microcms_path) Remote File Include Vulnerability

No description provided by source. W W W . S Y S T E M D E F A C E R S . O R G Find By: CeNGiZ-HaN [email protected] Risk : High Script : micro cms www.impliedbydesign.com GreeTz Al S-D-T Members //// Remote File inclusion //// microcmspath...

WebPortal CMS <= 0.7.4 (download.php aid) SQL Injection Exploit

No description provided by source. !/usr/bin/perl --==+============================================================================+==-- --==+ WebPortal = 0.7.4 Remote SQL Injection Exploit +==-- --==+============================================================================+==-- Discovered By:...

bandwebsite 1.5 (sql/xss) Multiple Vulnerabilities

No description provided by source. Bandwebsite Version 1.5 Sql & XSS Multiple Remote Vuln. download: http://membres.lycos.fr/fluxx/bandwebsite.php ---------------------------------------------------------- Discovered By: ZoRLu msn: [email protected] Date: 24.11.2008 Home: www.z0rlu.blogspot.co...

Linux Kernel 2.6.x 'drivers/char/tty_ldisc.c' NULL Pointer Dereference Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36191/info The Linux kernel is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users. Given the nature of this issue, attacker...

SCMS 1 - (index.php p) Local File Inclusion Vulnerability

No description provided by source. --:local file include:-- --------------------------------- script:simple content management system v 1 ------------------------------------------------------- download from:http://futurekast.com/fcms/php/SCMSv1.zip...

Winamp <= 5.57 - Stack Overflow

No description provided by source. Exploit Title: Winamp = 5.57 Stack Overflow Date: 22 Dec 2009 Author: scriptjunkie, scriptjunkie.1 nospam googlemail nospam com Software Link: http://www.winamp.com/media-player Version: 5.57, 5.56 Tested on: Windows XP, Windows 7 CVE: none at time of writing...

PXE Server 2.0 - Remote Buffer Overrun Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7129/info A vulnerability has been discovered in PXE which is included with Red Hat Linux. Specifically, it is possible for a remote attacker to overrun a buffer by passing excessive data to the service. This may result i...

SQL-Ledger 2.6.x/LedgerSMB 1.0 Terminal Parameter Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19960/info SQL-Ledger and LedgerSMB are prone to a remote directory-traversal vulnerability. An attacker can exploit this issue to include arbitrary files located on the vulnerable computer in the context of the webserver...

Membership Site Script SQL Injection Vulnerability

No description provided by source. :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Information Advisory/Exploit Title = Membership Site Script SQL Injection Vulnerability Author = Valentin Hoebel Contact = [email protected]...

AFFCommerce Shopping Cart 1.1.4 ItemInfo.php item_id Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15545/info AFFCommerce Shopping Cart is prone to multiple SQL injection vulnerabilities. These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query...

Netref 3.0 Index.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15862/info Netref is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromi...

AzDGVote 0 Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17447/info AzDGVote is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary...

Plume CMS 1.0.4 search.php _PX_config[manager_path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/18780/info Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows the attacker to execute arbitrary...

cPanel 10.x showfile.html file Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/19624/info cPanel is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary script cod...

php_news 2.0 admin/news.php language Parameter Remote File Inclusion

No description provided by source...

Dol Storye Dettaglio.ASP Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/21463/info The 'dol storye' application is prone to multiple SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an...

CPanel 10.9.1 Resname Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25047/info cPanel is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browse...

Live For Speed 2 Version Z .Mpr - Local buffer Overflow Exploit

No description provided by source. / Live For Speed 2 Version Z .Mpr Local buffer Overflow Exploit !! X version .mpr header specifications can be found at http://www.lfs.net/?page=MPR Version :Patch Z and all previous versions. Vendor :http://www.lfs.net/ Release date: July 14th 2009 Patch for th...

Alkacon OpenCms 7.0.3 - 'users_list.jsp' Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/28411/info Alkacon OpenCms is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary scrip...

Joomla! and Mambo 'com_smslist' Component - 'listid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27818/info The Joomla! and Mambo 'comsmslist' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...

Aj Classifieds - Real Estate 3.0 - Remote Shell Upload Vulnerability

No description provided by source. AJClassifieds Realestate RFu script down: http://www.ajclassifieds.net/demo/ajclassifiedsme/ClassifiedsRealestate/ ---------------------------------------------------------- Discovered By: ZoRLu msn: [email protected] Date: 16.01.09 Home: z0rlu.blogspot.com /...

CRS Manager Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/26034/info CRS Manager is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and...

Java Applet Driver Manager Privileged toString() Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...

Belchior Foundry VCard 2.9 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15207/info vCard is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote...

pcAnywhere 8.0/9.0/11.x Authentication Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15646/info Symantec pcAnywhere is vulnerable to a buffer overflow vulnerability. Because the flaw can be triggered prior to authentication, the vulnerability is exploitable by remote attackers without valid credentials. I...

F5 Firepass 4100 SSL VPN Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17175/info FirePass 4100 SSL VPN is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12459/info A remote URI-redirection vulnerability affects Microsoft Outlook Web Access. This issue occurs because the application fails to properly sanitize URI-supplied data. An attacker may leverage this issue to carry...

Chameleon LE 1.203 Index.PHP Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19107/info Chameleon LE is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable...

MiraksGalerie 2.62 galsecurity.lib.php listconfigfile[0] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/18313/info MiraksGalerie is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to...

Sun Java Applet Font.createFont Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17981/info Sun Java is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain Java applets. Successfully exploiting this issue will cause the application to create a...

4Images 1.7 Details.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20488/info 4images is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser o...

News File Grabber 4.1.0.1 Subject Line Stack Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/22617/info News File Grabber is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory...

Quicksilver Forums <= 1.4.2 RCE Exploit (windows only)

No description provided by source. Author: GiReX Homepage: girex.altervista.org Date: 24/11/2008 CMS: Quicksilver Forums = 1.4.2 Site: http://www.quicksilverforums.com/ Bug: Local File Inclusion Exploit: Remote Command Execution Note: Works with windows servers only Works regardless php.ini...

Fhimage 1.2.1 - Remote Index Change Exploit

No description provided by source. !/usr/bin/perl ----------------------------------------------------------------------------------------------- INFORMATIONS ----------------------------------------------------------------------------------------------- Fhimage 1.2.1...

mcshoutbox 1.1 (sql/xss/shell) Multiple Vulnerabilities

No description provided by source. + MCshoutbox 1.1 SQL/XSS/Shell Multiple Remote Vulnerabilities + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org Homepage : http://www.maniacomputer.com/dload/MCshoutboxDownloadPage.html + SQL Injection Login Bypass - Note : magicquotesgpc =...

Mail.App 10.5.0 - Image Attachment Command Execution (OS X)

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

iOS FileApp 1.7 - Remote DoS Exploit

No description provided by source. !/usr/bin/perl Exploit: FileApp - Remote Dos Exploit Date: 17/02/10 Author: Ale46 Software Link: http://www.digidna.net/products/fileapp Version: 1.7 Tested on: Iphone 3GS with 3.1.2 firmware Go in the sharing section of FileApp and run this script, the...

All Browsers - Long Unicode DoS PoC

No description provided by source. html titleDrIDE - All Browsers - Long Unicode DoS PoC/title head script function boom //The number of strings increases the amount of memory consumed, quicker crash where applicable. var longunistring1 = unescape%u4141%u4141; var longunistring2 =...

The Uploader 2.0 - Remote File Upload Vulnerability

No description provided by source. ======================================================================================================= Script Name : The Uploader 2.0 Language : php Author : Master Mind Home : www.vbspiders.com ============================================== Exploit : example:...

ARM Bindshell port 0x1337

No description provided by source. / Title: arm-bind-listen Brief: Bind a shell to port 0x1337 on any local address and wait for connections Author: Daniel Godas-Lopez gmail account dgodas / / socdes = socketAFINET, SOCKSTREAM, IPPROTOTCP; / mov %r0, $2 / AFINET / mov %r1, $1 / SOCKSTREAM / mov...

Kimai 0.9.2.1306-3 - SQL Injection Vulnerability

No description provided by source. Exploit Title: Kimai 0.9.2.1306-3 SQLi Date: 05/20/2013 Exploit Author: drone @dronesec Vendor Homepage: http://www.kimai.org/ Software Link: https://downloads.sourceforge.net/project/kimai/0.9.x/kimai.0.9.2.1306-3.zip Version: 0.9.2.1306-3 Fixed in: source...

Ghostscript 8.0.1/8.15 - zseticcspace() Function Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28017/info Ghostscript is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting this issue may allow remote attackers to execute...

ColdCalendar 2.06 SQL Injection Exploit

No description provided by source...

LifeType 1.2.10 HTTP Referer stored XSS

No description provided by source. Exploit Title: lifetype 1.2.10 http referer XSS Date: 11-1-2010 Author: Saif El-Sherei Software Link: http://lifetype.net/page/downloads Version: 1.2.10 Tested on: firefox 3.0.15 failure to sanitize the http referer header in index.php results in a cross site...

Open Blog 1.2.1 - CSRF Vulnerability

No description provided by source...

Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12480/info A remote buffer overflow vulnerability affects Microsoft Office XP. The problem presents itself when an unsuspecting user follows a malicious HTML link that points to a Office document. A boundary condition err...

Libmodplug ReadS3M Stack Overflow

No description provided by source. Source: https://www.sec-consult.com/files/20110407-0libmodplugstackoverflow.txt SEC Consult Vulnerability Lab Security Advisory 20110407-0 ======================================================================= title: Libmodplug ReadS3M Stack Overflow product:...