56796 matches found
Eduha Meeting Index.PHP Arbitrary File Upload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18499/info Eduha Meeting is prone to an arbitrary file-upload vulnerability. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate...
Microsoft DirectX DirectShow SAMI Buffer Overflow
No description provided by source. $Id: ms07064sami.rb 10550 2010-10-05 01:05:49Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
RedHat Linux 7.0 Roaring Penguin PPPoE Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2098/info Roaring Penguin Software's PPPoE is a freeware PPP over Ethernet client often used by ADSL subscribers running Linux or NetBSD. PPPoE contains a possibly remotely exploitable denial of service vulnerability in i...
Sitecom WLM-2501 CSRF Vulnerabilities
No description provided by source. +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Sitecom WLM-2501 Change Wireless Passphrase Date : 13-03-2012 Author : Ivano Binetti http://www.ivanobinetti.com...
IBM iSeries AS400 LDAP Server Remote Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12991/info A remote information disclosure issue affects IBM iSeries AS400 LDAP Server. This issue is due to a failure of the application to properly secure sensitive information. An authenticated attacker may leverage th...
joomla component & plugin JE Tooltip 1.0 - Local File Inclusion
No description provided by source. --------------------------------------------------------------------------------- joomla component & plugin JE Tooltip Local File Inclusion --------------------------------------------------------------------------------- Author : Chip D3 Bi0s Group :...
Gphotos 1.4/1.5 index.php rep Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17967/info Gphotos is prone to multiple input-validation vulnerabilities. The issues include information-disclosure and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properl...
Joomla Component com_jcollection Directory Traversal
No description provided by source. @=======================================@ @=Script : Joomla Component comjcollection @=Author : FL0RiX @=Greez : Dost mu var? @=Bug Type : Directory Traversal @=Dork : inurl:comjcollection @=Note: Kimseye Hakettiginden Fazla Deger Vermeyeceksin...
zenphoto 1.4.3.3 - Multiple Vulnerabilities
No description provided by source. waraxe-2012-SA096 - Multiple Vulnerabilities in Zenphoto 1.4.3.3 =============================================================================== Author: Janek Vind waraxe Date: 03. November 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-96.html...
PHPWCMS 1.2.5 -DEV Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register from urlparse import urljoin class TestPOCPOCBase: vulID = 'SSV-80148' vul ID version = '1' author = 'fenghh' vulDate =...
C-News 1.0.1 - 'install.php' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28989/info C-News is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
PunBB 1.2.x Search.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15114/info PunBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result...
Pacific Software Carello 1.2.1 Shopping Cart Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2729/info It is possible for a remote user to execute arbitrary commands on a host using Carello Shopping Cart software. A specially crafted HTTP request could cause inetinfo.exe to consume all available system resources,...
AutoLinks 2.1 Pro Al_initialize.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14686/info AutoLinks Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrar...
E-Uploader Pro <= 1.0 - Multiple Remote SQL Injection Vulnerabilities
No description provided by source. E-Uploader Pro = 1.0 SQL Injection Vulnerability Author: !DoktOR! Date found: 26.08.08 Product: E-Uploader Pro Version: 1.0 Price: $49 URL: www.scriptsfrenzy.com Download script: http://rapidshare.com/files/18285945/E-UploaderPro.PHP.NULL-DGTlicense.zip...
PsychoStats 2.x Login Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12089/info PsychoStats is reported prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. The problem presents itself when malicious...
CUPS 1.1.x HPGL File Processor Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11968/info CUPS is reported prone to a remote buffer overflow vulnerability. The issue is reported to exist in the 'hpgl-input.c' source file and is because of a lack of sufficient boundary checks performed on data...
Microsoft Windows XP Self-Executing Folder Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10363/info A vulnerability has been reported in Microsoft Windows XP that may cause malicious code to run in the context of the currently logged-in user. The flaw exists in Windows Explorer and may allow executable conten...
Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6662/info A vulnerability has been reported in Apache Web server for Microsoft Windows. The vulnerability exists in the way some HTTP requests are handled by the Apache Web server. Specifically, HTTP GET requests that...
VisualPic 0.3.1 Cross-Site Scripting Vulnerability
No description provided by source...
Polycom ViaVideo 2.2/3.0 - Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5962/info Polycom ViaVideo devices are prone to a denial of service condition upon receipt of numerous incomplete HTTP requests. This may restrict availability of the device for legitimate users. The device may need to be...
Novell Netware XNFS.NLM NFS Rename Remote Code Execution
No description provided by source. Application: Novell Netware XNFS.NLM NFS Rename Remote Code Execution Vulnerability Platforms: Novell Netware 6.5 SP8 Exploitation: Remote code execution CVE Number: Novell TID: 5117430 ZDI: ZDI-12-06 PRL: 2012-02 Author: Francis Provencher Protek Research Lab's...
Joomla! and Mambo com_profile Component - 'oid' Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27851/info The Joomla! and Mambo 'comprofile' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...
Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload Vulnerability
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
TurboTrafficTrader C 1.0 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/10359/info It has been reported that TurboTrafficTrader C does not properly sanitize input received from users. It has been conjectured that this may allow a remote user to launch cross-site scripting and HTML injection...
jetAudio 8.0.16.2000 Plus VX - (.wav) - Crash PoC
No description provided by source. Exploit Title: jetAudio Version 8.0.16.2000 Plus VX - .wav - Crash POC Date: 03-09-2013 Exploit Author: ariarat Software Link: http://www.jetaudio.com/download/ Version: 8.0.16.2000 Probably old version of software and the LATEST version too Vendor Homepage:...
EZHomePagePro 1.5 users_calendar.asp page Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17236/info EZHomePagePro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to...
Open Educational System 0.1 beta 'CONF_INCLUDE_PATH' Parameter Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/38449/info Open Educational System is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...
Altap Salamander 2.5 PE Viewer Buffer Overflow
No description provided by source. $Id: altapsalamanderpdb.rb 11353 2010-12-16 20:11:01Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...
VBulletin 3.0.14 global.php Encoded URL XSS
No description provided by source. source: http://www.securityfocus.com/bid/19358/info vBulletin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the...
RealNetwork RealPlayer 10.5 MID File Handling Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22050/info RealNetwork RealPlayer is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted files. Exploiting this issue allows remote attackers to crash the applicatio...
Orbz Game <= 2.10 Remote Buffer Overflow Exploit
No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h include time.h / Read/Write bits to buffer 0.1.1 by Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org max 32 bits numbers supported from 0 to 4294967295. Probabl...
CorelDRAW X3 13.0.0.576 - DLL Hijacking Exploit (crlrib.dll)
No description provided by source. / CorelDRAW X3 v13.0.0.576 crlrib.dll DLL Hijacking Exploit Vendor: Corel Corporation Product Web Page: http://www.corel.com Affected Version: X3 v13.0.0.576 Summary: Graphic design software for striking visual communication. Desc: CorelDRAW X3 suffers from a dl...
Simple Message Board 2.0 beta1 Thread.CFM Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14268/info A cross-site scripting vulnerability affects Simple Message Board. This issue is due to a failure of the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitra...
WinRAR <= 3.60 beta 6 (SFX Path) Local Stack Overflow Exploit
No description provided by source. WinRAR - Stack Overflows in SelF - eXtracting Archives ====================================================== Tested Versions..: WinRAR 3.60 beta 4 Original Author.............: posidron Shellcode Stuffing .........: muts import os, sys winrar = 'C:\WinRAR.exe'...
EasyRealtorPRO 2008 'site_search.php' Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/31401/info EasyRealtorPRO is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker t...
Elecard AVC_HD/MPEG Player 5.7 - Buffer Overflow
No description provided by source. !/usr/bin/env python Software: Elecard AVCHD/MPEG Player 5.7 SEH Author: sickness Download : http://www.elecard.com/en/products/end-user-software/playback/avchd-player.html PoC for Elecard MPEG: http://www.exploit-db.com/exploits/16237/ Tested : Windows XP...
iScripts CyberMatch 1.0 - Blind SQL Injection Vulnerability
No description provided by source. iScripts CyberMatch 1.0 Blind SQL Injection Vulnerability Name iScripts CyberMatch Vendor http://www.iscripts.com Versions Affected 1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date...
pastelcms 0.8.0 (lfi/sql) Multiple Vulnerabilities
No description provided by source. + PastelCMS 0.8.0 LFI/SQL Multiple Remote Vulnerabilities + Discovered By SirGod + www.mortal-team.net + www.h4cky0u.org + Download : http://pastel.pri.ee/?id=58 + Local File Inclusion PoC : http://127.0.0.1/path/?setlng=../../../../../../BOOTSECT.BAK%00 + SQL...
Vt-Forum Lite 1.3 vf_newtopic.asp IFRAME Element XSS
No description provided by source. source: http://www.securityfocus.com/bid/21428/info Vt-Forum Lite is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in...
OSTicket 1.x Open_form.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18190/info osTicket is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary...
damianov.net Shoutbox XSS Vulnerability
No description provided by source. Exploit Title: damianov.net Shoutbox XSS Vulnerability Date: 13.05.2010 Author: Valentin Category: webapps/0day Version: 1.0 Tested on: Debian, Apache2, PHP5 CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General...
Xavi X7028r DSL Router 0 UPNP Long Request Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8252/info A problem has been reported in the handling of requests of excessive length placed to the service on port 280 by the Xavi X7028r DSL router. This may allow an attacker to crash a vulnerable router. perl -e 'prin...
Invision Power Board 2.0.1 QPid Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13375/info Invision Power Board is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitati...
Advanced Guestbook 2.3.1/2.4 Index.PHP Entry Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13548/info Advanced Guestbook is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromis...
Nucleus CMS 3.0.1 Index.PHP Cross-Site Scripting Vulnerability
No description provided by source...
BlueSkyChat ActiveX Control 8.1.2 Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25149/info BlueSkyChat ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this...
Beanwebb Guestbook 1.0 Unauthorized Administrative Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7232/info A vulnerability has been reported for Guestbook that may allow remote attackers to obtain unauthorized access to administrative functions. The vulnerability is likely due to insufficient permissions on the...
IRIX 6.5.x Performance Co-Pilot Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4642/info Performance Co-Pilot PCP is a set of services to support system-level performance monitoring developed by SGI. It has traditionally been an IRIX product, however SGI has made it open source and it is now availab...
Cacti <= 0.8.7 'data_input.php' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/34991/info Cacti is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...