Novell Groupwise Internet Agent LDAP BIND Request Overflow Vulnerability

No description provided by source. Application: Novell Groupwise Platforms: Windows Version: 8.0.2 HP3 and 2012 Secunia: SA50622 PRL: 2012-33 ZDI: ?? Novell TID: 5150711 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1...

Microsoft Office Excel 2007 - WriteAV Crash PoC

No description provided by source. Title : Microsoft Office Excel 2007 WriteAV Vulnerability Version : Microsoft Office professional Plus 2007 SP2 Date : 2012-11-08 Vendor : http://office.microsoft.com Impact : Med/High Contact : coolkaveh at rocketmail.com Twitter : @coolkaveh tested : XP SP3 EN...

PHPMyFAQ 1.5.1 - Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14929/info PHPMyFAQ is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

Hughes Technologies Mini SQL (mSQL) 2.0.11 w3-msql Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/898/info w3-msql is a cgi-program shipped with Mini-SQL which acts as a web interface for msql. There are a number of buffer overflow vulnerabilities in it with one proven to be exploitable. The exploitable buffer is the...

Frontbase <= 4.2.7 - Remote Buffer Overflow Exploit (windows)

No description provided by source. / Dreatica-FXP crew ---------------------------------------- Target : Frontbase = 4.2.7 for Windows Site : http://www.frontbase.com Found by : Netragard, L.L.C Advisory ---------------------------------------- Exploit date : 25.03.2007 Exploit writer : Heretic2...

MiniWebsvr 0.0.7 - Remote Directory Transversal Exploit

No description provided by source. pre codespan style=font: 10pt Courier New;span class=general1-symbol------------------------------------------------------------- bMiniWebsvr 0.0.7 Directory transversal vulnerability/b url: http://miniwebsvr.sourceforge.net/ author: shinnai mail:...

Goolery 0.3 viewalbum.php page Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/11587/info It is reported that Goollery is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These problems presen...

SnowCade 3.0 - SQL Injection Vulnerability

No description provided by source. / - SnowCade v3 SQL Injection Vulnerability - ---Date : 2010-06-19 ---Author : ahwak2000 ---Email : z.u5athotmail.com - Script Info - ---Home : http://www.arcadecreate.com/ - Vulnerability - http://site.com/path/index.php?action=browse&cat=SQL INj...

KSP 2006 FINAL (.M3U) Universal Local Buffer Exploit (SEH)

No description provided by source. !/usr/bin/perl by hack4love [email protected] KSP 2006 FINAL .M3U Universal Local Buffer Exploit SEH http://download.cnet.com/KSP/3000-21394-10540099.html?tag=mncol easy this work sooooooooo good USEKSPPLAYLISTLOADHACK4LOVE.M3U BOOM CALC INFO::WE HAVE ONLEY...

FaScript FaMp3 1.0 - (show.php) Remote SQL Injection Vulnerability

No description provided by source...

JPortal 2.3.1 Banner.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13103/info JPortal is reportedly affected by an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...

Phenix 3.5b - SQL Injection Vulnerability

No description provided by source. Dear Sir / Madam The ItSecTeam has discovered a new Multiple bug in phenix Lastest Version 35b and will be glad to report and public it . More information about this bug is listed below :...

gtcatalog <= 0.9.1 (index.php) Remote File Include Vulnerability

No description provided by source. ============================================================================================= Shopping Catalog RFI ============================================================================================= Info:- Scripts: ShoppingCatalog download :...

eTicket 1.5.5.2 admin.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/27173/info eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, a cross-site...

BMForum 3.0 forums.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14396/info BMForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to...

AROUNDMe <= 0.5.2 (templatePath) Remote File Include Vulnerability

No description provided by source. --------------------------------------------------------------------------- AROUNDMe = 0.5.2 templatePath Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team :...

ASUS RT-N56U - Remote Root Shell Buffer Overflow (ROP)

No description provided by source. !/usr/bin/env python from time import sleep from sys import exit import urllib2, signal, struct, base64, socket, ssl Title: ASUS RT-N56U Remote Root Shell Exploit - appsname Discovered and Reported: October 2013 Discovered/Exploited By: Jacob Holcomb/Gimppy -...

Sourcebans <= 1.4.2 Arbitrary Change Admin Email Vulnerability

No description provided by source. Sourcebans PHP sb-callback.php Author: Mr. Anonymous ------ Vendor:http://www.sourcebans.com Affected Versions: = 1.4.2 ----- Exploit sb-callback lines 185-204: ------------- function ChangeEmail$aid, $email ...SNIP... $GLOBALS'db'-ExecuteUPDATE .DBPREFIX.admins...

NetBSD <= 1.4,OpenBSD <= 2.5,Solaris <= 7.0 profil(2) Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/570/info Some BSD's use a profil2 system call that dates back to version 6 unix. This system call arranges for the kernel to sample the PC and increment an element of an array on every profile clock tick. The security iss...

Campus Bulletin Board 3.4 - post3/Book.asp review Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/29375/info Campus Bulletin Board is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied dat...

PHP <= 5.2.8 'popen()' Function Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/33216/info PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. An attacker can exploit this issue to execut...

Enthrallweb eHomes result.asp Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/21193/info eHome is prone to multiple input-validation vulnerabilities, including cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploi...

Java Applet AverageRangeStatisticImpl Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...

Java Applet Method Handle Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...

Java Applet Field Bytecode Verifier Cache Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

TLS Renegotiation Vulnerability PoC

No description provided by source. !/usr/bin/env python RedTeam Pentesting GmbH [email protected] http://www.redteam-pentesting.de PoC exploit for the TLS renegotiation vulnerability CVE-2009-3555 License ------- CC-BY-SA http://creativecommons.org/licenses/by-sa/3.0/ Timeline -------...

Easy File Management Web Server 5.3 - Stack Buffer Overflow

No description provided by source. !/usr/bin/env python Exploit Title: Easy File Management Web Server 5.3 stack buffer overflow Date: 19 May 2014 Exploit Author: superkojiman - http://www.techorganic.com Vendor Homepage: http://www.efssoft.com Software Link:...

boxalino 09.05.25-0421 - Directory Traversal

No description provided by source...

OpenBSD 3.3/3.4 semctl/semop Local Unexpected Array Indexing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9086/info A local OpenBSD kernel vulnerability has been discovered when handling the semctl and semop system calls. The problem specifically occurs due to improper sanity checking before handling a user-supplied semaphore...

Free MP3 CD Ripper 1.1 - DEP Bypass Exploit

No description provided by source. !/usr/bin/python +Exploit Title: Free MP3 CD Ripper 1.1 Universal DEP Bypass Exploit +Date: 27\08\2011 +Author: C4SS!0 G0M3S +Software Link: http://www.brothersoft.com/free-mp3-cd-ripper-84543.html +Found/Initial Exploit:...

Dnsmasq < 2.50 - Heap Overflow & Null pointer Dereference Vulns

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server 1. Advisory Information Title: Dnsmasq Heap Overflow and...

PostgreSQL 6.3.2/6.5.3 Cleartext Passwords Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1139/info PostgreSQL is a free RDBMS that is released under a Berkeley style license. PostgreSQL stores passwords for database users in a binary file called pgshadow. This file is readable by root and the postgres user...

FForm Sender 1.0 Processform.PHP3 Name Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14324/info A cross-site scripting vulnerability affects Form Sender. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages...

Service d'upload 1.0.0 - Shell Upload Vulnerability

No description provided by source...

Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability (0day)

No description provided by source. wwww.abysssec.com Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability 0day CVE-2012-4959 @abysssec well just one more of our 0day got published after 2 year here is info :...

NFR Agent FSFUI Record File Upload RCE

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Java AtomicReferenceArray Type Violation Vulnerability

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

CNC Technology BizDB 1.0 bizdb-search.cgi Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1104/info BizDB is a web databse integration product using perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open call and can therefore be made to execute commands at th...

Woltlab Burning Board 1.2/2.0/2.3 newthread.php boardid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/18597/info WoltLab Burning Board is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied data before using it in an SQL query. A successf...

PNphpBB2 <= 1.2 - (index.php c) Remote SQL Injection Exploit

No description provided by source. ?/ Exploit Name: PNphpBB2 = 1.2 Remote SQL Injection Exploit Autor: Kacper Contact: [email protected] Homepage: http://www.rahim.webd.pl/ Kacper Hacking & Security Blog: http://kacper.bblog.pl/ Irc: irc.milw0rm.com:6667 devilteam Pozdro dla wszystkich z kanalu...

TemaTres 1.0.3 - Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH!...

XLReader 0.9 - Remote Client-Side Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11970/info A remote, client-side buffer overflow vulnerability affects xlreader. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static...

Lingxia I.C.E CMS Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/python ICE CMS Blind SQLi 0day. mrme@pluto ice$ python icecold.py -p localhost:8080 -t 10.3.100.25:8500 -d /ice/ | ---------------------------------------------------- | | Lingxia I.C.E CMS Remote Blind SQL Injection Exploit | | by mrme - net-ninja.net...

Zwiki 0.10/0.36.2 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11745/info It is reported that Zwiki is susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamic...

BS Scripts Directory (articlesdetails.php) SQL Injection Vulnerability

No description provided by source. Exploit Title: BS Script Directory articlesdetails remote SQL injection vulnerability Date: 16th july 2010 Author: k4k4shi Critical:high contact:lvyatlivedotde Price : 24.95 $ Software Link:http://www.brotherscripts.com/ Shoutz to : http://ahbab-dz.com/fun and a...

Joomla Component BibTeX <= 1.3 - Remote Blind SQL Injection Exploit

No description provided by source. html head titleJoomla Component BibTeX = 1.3 Remote Blind SQL Injection Vulnerability/title /head body !-- Title : Joomla Component BibTeX = 1.3 Remote Blind SQL Injection Vulnerability -- !-- Author : ajann -- !-- Contact : : -- !-- S.Page :...

ActiTime 2.0-MA CSRF Vulnerability

No description provided by source. |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | |...

MultiCart 1.0 - Remote Blind SQL Injection Exploit

No description provided by source. Indonesian Newhack Security Advisory ------------------------------------ MultiCart 1.0 Remote Blind SQL Injection Waktu : Sep 30 2007 02:00AM Software : MultiCart 1.0 Vendor : http://www.iscripts.com/multicart/ Ditemukan oleh : k1tk4t | http://newhack.org Lokas...

Centreon Enterprise Server 2.3.3-2.3.9-4 - Blind SQL Injection Exploit

No description provided by source. !/usr/bin/env python Exploit Title: Centreon 2.3.3 - 2.3.9-4 menuXML.php Blind SQL Injection Exploit Disclosure Date: December 12, 2012 Author: modpr0be @modpr0be Platform: Linux Tested on: Centreon Enterprise Server with Centreon 2.3.9-4 on CentOS 5.5 x8664 Fin...

PostNuke 0.764 Module modload SQL Injection Vulnerability

No description provided by source. PostNuke 0.764 Module modload SQL Injection Vulnerability Author : BILGEKAGAN Homepage : http://www.1923turk.com Script : postnuke http://www.postnuke.com Download : http://www.postnuke.com/module-Content-view-pid-2.html Vulnerable File...