Mozilla Thunderbird DLL Hijacking Exploit (dwmapi.dll)

No description provided by source. / Exploit Title: Mozilla Thunderbird DLL Hijacking Exploit dwmapi.dll Date: 26/08/2010 Author: h4ck3r47 http://twitter.com/hxteam Version: Latest Mozilla Thunderbird 3.1.2 Tested on: Windows XP SP3 The code is based on the exploit from TheLeader Vulnerable...

TinyMCE 2.0.1 - (index.php menuID) Remote SQL Injection Vulnerability

No description provided by source. removed from the frontend, the product affected isn't TinyMCE. if you know which CMS this is please contact me /str0ke TinyMCE Remote SQL Injection Prodcut: TinyMCE Version 2.0.1 Home : http://tinymce.moxiecode.com Vunlerability : 2/ SQL Injection Risk : high !!...

VWar 1.5 war.php vwar_root Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/19387/info VWar is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file...

VLC 0.8.6d - httpd_FileCallBack Remote Format String Exploit

No description provided by source. / Epibite // bite since 1442 pown meme ta mamie / / Advisory from Luigi Auriemma CVE-2007-6682 / format string in VideoLAN VLC 0.8.6d Description : Format string vulnerability in the httpdFileCallBack function network/httpd.c in VideoLAN VLC 0.8.6d allows remote...

FlexBB <= 0.6.3 Cookies Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl use Tk; use Tk::BrowseEntry; use Tk::DialogBox; use LWP::UserAgent; $mw = new MainWindowtitle = UnderWHAT?! ; $mw-geometry '420x343' ; $mw-resizable0,0; $mw-Label-text = '', -font = 'Verdana 8',-foreground='red'-pack; $mw-Label-text = 'FlexBB =...

BPTutors Tutoring site script - [ CSRF ] Create Administrator Account

No description provided by source. Title: BPTutors Tutoring site script - CSRF Create Administrator Account Date: 26/3/2010 Author: bi0 Software: http://bpowerhouse.info/tutoring-site-script.htm Version: 1.0 Code : /\ == \ /\ \ /\ \ \ \ \ \ \ \ \ /\ \ \ \ \ \ \ \ // // // 01000010 01101001...

postecards (sql/dd) Multiple Vulnerabilities

No description provided by source. -------------------------------AlpHaNiX---------------------------------- Found By : AlpHaNiX website : www.offensivetrack.org contact : AlpHaATHACKERDOTBZ script : PostEcards download : http://www.funscripts.net/oldcoldfusion/download.php?fname=postcards Exploi...

PhpMyDesktop/Arcade 1.0 Final - (phpdns_basedir) RFI Vulnerability

No description provided by source. Name : PhpMyDesktop|arcade 1.0 Final phpdnsbasedir Remote File Include Download From : http://mesh.dl.sourceforge.net/sourceforge/pmd-arcade/pmdarcade10final.zip Found By : RoMaNcYxHaCkEr Home Page : Not Yet : Google Dork : Powered by phpMyDesktop|arcade v1.0...

Thatware <= 0.5.3 - Multiple Remote File Include Exploit

No description provided by source. Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg Thatware = 0.5.3 Multiple Remote File Include Exploit Download Script : http://sourceforge.net/projects/thatware/files Vuln : ./thatwarepath/config.php line 4 ?php include $rootpath.dbsettings.php; ? PoC :...

RedHat Linux 6.0/6.1/6.2 pam_console Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1176/info A vulnerability exists in the pamconsole PAM module, included as part of any Linux system running PAM. pamconsole exists to own certain devices to users logging in to the console of a Linux machine. It is design...

E-Xoops 1.0.5/1.0.8 modules/arcade/index.php gid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/26796/info E-Xoops is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...

Centrinity FirstClass Desktop Client 7.1 - Local Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10074/info It has been reported that FirstClass Desktop Client may be prone to a local buffer overflow vulnerability that could allow attackers to execute arbitrary code on a vulnerable system that may lead to elevated...

InterVideo WinDVD 5 DLL Hijacking Exploit (cpqdvd.dll)

No description provided by source. / Greetz to :b0nd, Fbih2s,r45c4l,Charles ,j4ckh4x0r, punter,eberly, Charles, Dinesh Arora , Ganesha Site : www.BeenuArora.com Exploit Title: InterVideo WinDVD 5 DLL Hijacking Exploit Date: 25/08/2010 Author: Beenu Arora Tested on: Windows XP SP3 , WinDVD 5...

AdminStudio LaunchHelp.dll ActiveX Arbitrary Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Jax PHP Scripts 1.0/1.34/2.14/3.31 jax_linklists.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

Wordpress SfBrowser 1.4.5 - Arbitrary File Upload Vulnerability

No description provided by source. Exploit Title: Wordpress SfBrowser Version 1.4.5 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/sfbrowser/connectors/php/ Date: 11/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://www.sjeiti.com/ Software Link:...

NETGEAR ReadyNAS Perl Code Evaluation

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpClient def initializein...

Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4...

BlackBoard Internet Newsboard System 1.5.1 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11336/info BlackBoard Internet Newsboard System is reported prone to a remote file include vulnerability. This issue presents itself because the application fails to sanitize user-supplied data properly. This issue may...

PHP Web Statistik 1.4 Content Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/15603/info PHP Web Statistik is prone to multiple content injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The vulnerabilities could allow for HTML...

QuickPayPro 3.1 tracking.details.php trackingid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15863/info QuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities...

hMailServer 5.3.3 IMAP Remote Crash PoC

No description provided by source. Exploit Title: hMailServer 5.3.3 IMAP Remote Crash PoC Date: 10/27/2012 Vendor Homepage: http://hmailserver.com Software Link: http://www.hmailserver.com/index.php?page=backgrounddownloadfile&downloadid=207 Version: hMailServer 5.3.3 - Build 1879 Tested on: -...

Grayscale BandSite CMS 1.1 news_content.php the_band Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive informatio...

JPEGsnoop <= 1.5.2 WriteAV Crash PoC

No description provided by source. !/usr/bin/perl JPEGsnoop 1.5.2 = WriteAV Arbitrary Code Execution Author: Jean Pascal Pereira [email protected] Vendor URI: http://sourceforge.net/projects/jpegsnoop/ Vendor Description: JPEGsnoop is a detailed JPEG image decoder and analysis tool. It reports al...

SQLiteManager 1.2 Main.PHP Multiple HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/22731/info SQLiteManager is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to execute HTML and script cod...

FreeBSD 8.0 - Local Denial of Service (forced reboot)

No description provided by source. Exploit Title: FreeBSD local denial of service - forced reboot Date: 28. January 2011 Author: Kingcope Software Link: http://www.freebsd.org Operating System: FreeBSD Tested on: 8.0-RELEASE This source code when compiled and executed will reboot at least FreeBSD...

PhotoGal 1.0/1.5 News_File Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14190/info PhotoGal is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of this issue will allow an attacker...

Memorial Web Site Script - Reset Password & Insecure Cookie Handling

No description provided by source. ----------------------------------------------------------------------- Memorial Web Site Script -- Reset Password & Insecure Cookie Handling ----------------------------------------------------------------------- Author : Chip D3 Bi0s Email :...

iOS iFTPStorage <= 1.3 - Directory Traversal

No description provided by source. x3l http://gahor-krisztian.hu/xel [email protected] Exploit: iFTPStorage for iPhone / iPod touch = 1.3 - Directory Traversal Date: 02/12/2010 Author: x3l Software Link: http://itunes.apple.com/us/app/iftpstorage/id333357690?mt=8 Version: 1.3 Tested on: iPho...

Joomla Component (com_equipment) SQL Injection Vulnerability

No description provided by source. Exploit Title : Joomla comequipment Sql Injection Vulnerability Date : 16 - 8 - 2010 Author : Forza-Dz Vendor : http://joomlaequipment.com/ Version : All Versions Tested on : Win Sp2 and Mac Dork = inurl:comequipment --- SQL Injection Vulenrability --- SQL...

Online Grades & Attendance 3.2.6 - Multiple Local File Inclusion Vulns

No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! --...

Celerondude Uploader 6.1 'account.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31010/info Celerondude Uploader is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

Novell Groupwise Internet Agent LDAP BIND Request Overflow Vulnerability

No description provided by source. Application: Novell Groupwise Platforms: Windows Version: 8.0.2 HP3 and 2012 Secunia: SA50622 PRL: 2012-33 ZDI: ?? Novell TID: 5150711 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1...

Microsoft Office Excel 2007 - WriteAV Crash PoC

No description provided by source. Title : Microsoft Office Excel 2007 WriteAV Vulnerability Version : Microsoft Office professional Plus 2007 SP2 Date : 2012-11-08 Vendor : http://office.microsoft.com Impact : Med/High Contact : coolkaveh at rocketmail.com Twitter : @coolkaveh tested : XP SP3 EN...

PHPMyFAQ 1.5.1 - Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14929/info PHPMyFAQ is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

Hughes Technologies Mini SQL (mSQL) 2.0.11 w3-msql Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/898/info w3-msql is a cgi-program shipped with Mini-SQL which acts as a web interface for msql. There are a number of buffer overflow vulnerabilities in it with one proven to be exploitable. The exploitable buffer is the...

Frontbase <= 4.2.7 - Remote Buffer Overflow Exploit (windows)

No description provided by source. / Dreatica-FXP crew ---------------------------------------- Target : Frontbase = 4.2.7 for Windows Site : http://www.frontbase.com Found by : Netragard, L.L.C Advisory ---------------------------------------- Exploit date : 25.03.2007 Exploit writer : Heretic2...

MiniWebsvr 0.0.7 - Remote Directory Transversal Exploit

No description provided by source. pre codespan style=font: 10pt Courier New;span class=general1-symbol------------------------------------------------------------- bMiniWebsvr 0.0.7 Directory transversal vulnerability/b url: http://miniwebsvr.sourceforge.net/ author: shinnai mail:...

Goolery 0.3 viewalbum.php page Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/11587/info It is reported that Goollery is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These problems presen...

SnowCade 3.0 - SQL Injection Vulnerability

No description provided by source. / - SnowCade v3 SQL Injection Vulnerability - ---Date : 2010-06-19 ---Author : ahwak2000 ---Email : z.u5athotmail.com - Script Info - ---Home : http://www.arcadecreate.com/ - Vulnerability - http://site.com/path/index.php?action=browse&cat=SQL INj...

KSP 2006 FINAL (.M3U) Universal Local Buffer Exploit (SEH)

No description provided by source. !/usr/bin/perl by hack4love [email protected] KSP 2006 FINAL .M3U Universal Local Buffer Exploit SEH http://download.cnet.com/KSP/3000-21394-10540099.html?tag=mncol easy this work sooooooooo good USEKSPPLAYLISTLOADHACK4LOVE.M3U BOOM CALC INFO::WE HAVE ONLEY...

FaScript FaMp3 1.0 - (show.php) Remote SQL Injection Vulnerability

No description provided by source...

JPortal 2.3.1 Banner.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13103/info JPortal is reportedly affected by an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...

Phenix 3.5b - SQL Injection Vulnerability

No description provided by source. Dear Sir / Madam The ItSecTeam has discovered a new Multiple bug in phenix Lastest Version 35b and will be glad to report and public it . More information about this bug is listed below :...

gtcatalog <= 0.9.1 (index.php) Remote File Include Vulnerability

No description provided by source. ============================================================================================= Shopping Catalog RFI ============================================================================================= Info:- Scripts: ShoppingCatalog download :...

eTicket 1.5.5.2 admin.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/27173/info eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, a cross-site...

BMForum 3.0 forums.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14396/info BMForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to...

AROUNDMe <= 0.5.2 (templatePath) Remote File Include Vulnerability

No description provided by source. --------------------------------------------------------------------------- AROUNDMe = 0.5.2 templatePath Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team :...

ASUS RT-N56U - Remote Root Shell Buffer Overflow (ROP)

No description provided by source. !/usr/bin/env python from time import sleep from sys import exit import urllib2, signal, struct, base64, socket, ssl Title: ASUS RT-N56U Remote Root Shell Exploit - appsname Discovered and Reported: October 2013 Discovered/Exploited By: Jacob Holcomb/Gimppy -...

Sourcebans <= 1.4.2 Arbitrary Change Admin Email Vulnerability

No description provided by source. Sourcebans PHP sb-callback.php Author: Mr. Anonymous ------ Vendor:http://www.sourcebans.com Affected Versions: = 1.4.2 ----- Exploit sb-callback lines 185-204: ------------- function ChangeEmail$aid, $email ...SNIP... $GLOBALS'db'-ExecuteUPDATE .DBPREFIX.admins...