DomPHP <= v0.83 - SQL Injection Vulnerability

------------------------------------------------------------- DomPHP = v0.83 SQL Injection Vulnerability ------------------------------------------------------------- = Author : Houssamix = Script : DomPHP = v0.83 = Download : http://www.domphp.com/download/ = BUG : SQL Injection Vulnerability =...

BitComet 1.02 URI Handling Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30255/info BitComet is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the application. Given the nature of this vulnerability, the attacker may also be able to execute arbitrary...

PicoPhone Internet Phone 1.63 Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9969/info It has been reported that Picophone is prone to a remote buffer overflow vulnerability. This issue is due to the application failing to verify the size of user input before storing it in a finite buffer...

phpdirectorysource (xss/sql) Multiple Vulnerabilities

No description provided by source. ============================================================================== » ! Coder - Developer HTML / CSS / PHP / Vb6 . ! ============================================================================== » Web Business Directory 1.0 search.php Multiple Remote...

Hanso Player 1.4.0 - (.m3u) Denial of Service Vulnerability

No description provided by source. =================================================== Hanso Player Version 1.4.0 .m3u Denial of Service Vulnerability =================================================== .....................X-SHADOW ; ThBa7 ; KloofQ8 ; LeGEnD ; abada...

Microsoft Internet Explorer 6.0 Script Execution Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/8577/info Multiple issues have been reported in Microsoft Internet Explorer. Though these issues have been reported by a reliable source, communication issues have presented difficulty in obtaining details surrounding the...

ZeeCareers 2.x - PHP HR Manager Website [ XSS / Auth Bypass ]

No description provided by source. Title: ZeeCareers v2x - PHP HR Manager Website XSS / Auth Bypass Date: 12/12/2009 Author: bi0 Software Link: http://www.zeecareers.com/ Version: 2x CVE : Code : /\ == \ /\ \ /\ \ \ \ \ \ \ \ \ /\ \ \ \ \ \ \ \ // // // 01000010 01101001 01001111...

Mambo <= 4.5.3 & Joomla <= 1.0.7 - (feed) Denial of Service Exploit

No description provided by source. ?php Mambo/Joomla Path Disclosure & Remote DOS Exploit by trueend5 Computer Security Science Researchers Institute http://www.KAPDA.ir errorreporting0; inisetmaxexecutiontime,0; inisetdefaultsockettimeout, 5; obimplicitflush 1; echo'html head meta...

RoseOnlineCMS <= 3 B1 (admin) Local File Inclusion

漏洞出现在modules/admincp.php中 Click here to go back home'; obendflush; ? $admin直接通过GET方式获取 没有经过过滤 后面直接用include包含了 所以在PHP5.3的情况下 可以 通过%00截断 达到任意文件包含 payload http://0.0.0.0/modules/admincp.php?admin=LFI%00 '/ -.- --------------------oOO------OOo------------------- | RoseOnlineCMS = 3 B1 admin Local Fil...

MJM QuickPlayer 1.00 beta 60a / QuickPlayer 2010 .s3m Stack Buffer Overflow

No description provided by source. $Id: mjmquickplayers3m.rb 12474 2011-04-30 02:37:14Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...

Cisco Collaboration Server 5 XSS, Source Code Disclosure

No description provided by source. Cisco Collaboration Server 5 XSS, Source Code Disclosure Discovered by: s4squatch of SecureState R&D Team www.securestate.com Discovered: 08/26/2008 Note: End of Engineering --...

X-Cart Pro 4.0.13 - SQL Injection Proof of Concept

No description provided by source. X-Cart Pro v4.0.13 SQL Injection Proof of Concept Discovered By: s4squatch of SecureState R&D Team www.securestate.com Discovered: Mon, 08 Sep 2008 20:29:07 GMT Version: 4.0.13 obtained from www.website.com/README Can't find reference to this old vuln elsewhere...

Brooky CubeCart 2.0.1/2.0.4 ndex.php language Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/12549/info Brooky CubeCart is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow remote attackers to disclose arbitrary files and carry out...

ezbounce 1.0/1.5 Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8071/info It has been reported that ezbounce is affected by a format string vulnerability. The condition is present in the file ezbounce/commands.cpp and can be triggered when session support is enabled. To exploit this...

aMSN 0.98.9 Web App - Multiple Vulnerabilities

No description provided by source. Exploit Title: aMSN LFI/SQLi Date: 10/09/2013 Exploit author: drone @dronesec Vendor homepage: http://www.amsn-project.net Software link: sourceforge.net/projects/amsn/files/amsn/0.98.9/aMSN-0.98.9-tcl85-windows-installer.exe Version: 0.98.9 Fixed in: SVN...

Novell iPrint Client Browser Plugin - ExecuteRequest debug Stack Overflow

No description provided by source. !-- | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-14-novell-iprint-client-browser-plugin-executerequest-debug-parameter-stack-overflow/ Title : Novell iPrint...

Brooky CubeCart 2.0.1/2.0.4 index.php language Parameter Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/12549/info Brooky CubeCart is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow remote attackers to disclose arbitrary files and carry out...

Open Realty 2.x and 3.x Persistent XSS Vulnerability

No description provided by source...

TextAds error.php error Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/19932/info TextAds is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execut...

Joomla Component MS Comment 0.8.0b - LFI Vulnerability

No description provided by source...

Darwin Kernel 7.1 Mach File Parsing Local Integer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12314/info Reportedly a local integer overflow vulnerability affects the Darwin Kernel. This issue is due to a failure of the affected to properly handle integer signedness. An attacker may leverage this issue to cause th...

AMSN 0.96 Malformed Message Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23583/info aMsn is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. An attacker can exploit this issue to crash the affected application, denying service to...

Netzbrett 1.5.1 P_Entry Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15593/info Netzbrett is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...

TextSend <= 1.5 (config/sender.php) Remote File Include Vulnerability

No description provided by source. +------------------------------------------------------------------------------------------- + TextSend = 1.5 config/sender.php Remote File Include Vulnerability +------------------------------------------------------------------------------------------- + Vendo...

Joomla Component DBQuery <= 1.4.1.1 RFI Vulnerability

No description provided by source. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@...

CORE FORCE Firewall 0.95.167 and Registry Modules Multiple Local Kernel Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/27341/info CORE FORCE Firewall and Registry modules are prone to multiple local kernel buffer-overflow vulnerabilities because the software fails to adequately verify user-supplied input. Local attackers can exploit these...

Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require...

PhpGedView 2.x Descendancy.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11868/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remo...

Open-Realty <= 2.4.3 (last_module) Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl Vendor url: www.open-realty.org note: exploit requires Registerglobals = On in php.ini Iron http://www.randombase.com require LWP::UserAgent; print Open-Realty = 2.4.3 Remote Code Execution exploit By Iron - randombase.com Greets to everyone at...

MAXdev MD-Pro 1.0.76 User.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20752/info MAXdev MD-Pro is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser...

Cuteflow Bin 1.5 - pages/edittemplate_step2.php language Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/28500/info CuteFlow Bin is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include a SQL-injection vulnerability and multiple cross-site scriptin...

RealNetworks RealGames StubbyUtil.ShellCtl.1 ActiveX Control Multiple Remote Command Execution

No description provided by source. RealNetworks RealGames StubbyUtil.ShellCtl.1 ActiveX Control InstallerDlg.dll v2.6.0.445 Multiple Remote Commands Execution and Code Execution Vulnerabilities tested against Internet Explorer 9, Vista sp2 download url: http://www.gamehouse.com/ background: When...

radnics gold 5.0 - Multiple Vulnerabilities

No description provided by source. -----------------------------I AM MUSLIM !!------------------------------ ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...

Papoo 2.1.2 index.php menuid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/16020/info Papoo is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation...

Qbik WinGate WWW Proxy Server URL Processing Overflow

No description provided by source. $Id: qbikwingatewwwproxy.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...

TrueCrypt 4.3 - Privilege Escalation Exploit

No description provided by source. $Id: raptortruecrypt,v 1.1.1.1 2007/04/04 11:31:56 raptor Exp $ raptortruecrypt - setuid truecrypt privilege escalation Copyright c 2007 Marco Ivaldi [email protected] TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of servic...

A-PDF WAV to MP3 1.0.0 - Universal Local SEH Exploit

No description provided by source. !/usr/bin/env python Title: A-PDF WAV to MP3 v1.0.0 Universal Local SEH Exploit Exloit By: DrIDE Tested On: XPSP3 Date: August 18, 2010 Download: http://www.brothersoft.com/a-pdf-wav-to-mp3-converter-394393.html Reference: http://www.exploit-db.com/exploits/1467...

activePDF WebGrabber ActiveX Control Buffer Overflow

No description provided by source. $Id: activepdfwebgrabber.rb 10998 2010-11-11 22:43:22Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...

phpInstantGallery 2.0 - image.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/29152/info phpInstantGallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in t...

ClonusWiki 0.5 Index.PHP HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24101/info ClonusWiki is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...

LoudBlog <= 0.5 (id) SQL Injection / Admin Credentials Disclosure

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo LoudBlog = 0.5 'id' SQL injection / admin credentials disclosure\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo a dork: \Powered by LoudBlog\r\n\r\n; / works regardless of...

Kerio Firewall 2.1.4 Authentication Packet Overflow

No description provided by source. $Id: kerioauth.rb 9525 2010-06-15 07:18:08Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

MS13-059 Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

DESlock+ <= 3.2.7 - Local Kernel Overflow PoC

No description provided by source. / deslock-overflow.c Copyright c 2008 by [email protected] DESlock+ = 3.2.7 local kernel overflow POC by mu-b - Sat 23 Feb 2008 - Tested on: DLMFENC.sys 1.0.0.28 http://www.cctmark.gov.uk/CCTMAwards/DataEncryptionSystemsLtd/tabid/103/Default.aspx - I wonder wh...

IBM DB2 Universal Database for Windows NT 6.1/7.1 SQL DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2067/info IBM DB2 Universal Database is a distributed database application. It may be possible for a database user to crash the server through a bug in handling certain queries. If a certain query is executed that contain...

LoudBlog <= 0.6.1 (parsedpage) Remote Code Execution Vulnerability

No description provided by source. ---- Loudblog Remote Code Execution ... ITDefence.ru Antichat.ru Loudblog = 0.6.1 Remote Code Execution Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / / /\ / / / / / / / / / / / //\ \ / / / / // / // /...

Sun Java Web Start Plugin Command Line Argument Injection

No description provided by source. $Id: javawsarginjectaltjvm.rb 10404 2010-09-21 00:13:30Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

PluggedOut Blog 1.51/1.60 Blog_Exec.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10885/info PluggedOut Blog is reported prone to a cross-site scripting vulnerability. This could allow for execution of hostile HTML and script code in the web client of a user who visits a malicious link to the vulnerabl...

FaScript FaPhoto 1.0 - (show.php id) SQL Injection Vulnerability

No description provided by source. AUTHOR : IRCRASH Dr.Crash Script Download : http://en.fascript.com/en.faphoto.zip Injection Adress : http://Sitename/faname/show.php?id=SqL Code Help : In This Script Admin Username and Password Save in ./admin/pconfig.php You can open this file with loadfile...

DevelopItEasy News And Article System 1.4 - SQL Injection Vulns

No description provided by source. || || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ \ | | \ \ /\ /\ \ \ \ /...