Showing 1 - 25 of 100

Files

CMSLogik 1.2.1 User Enumeration Weakness: Posted Apr 15, 2013; Authored by LiquidWorm | Site zeroscience.mk; CMSLogik version 1.2.1 suffers from a user enumeration weakness vulnerability.; tags | exploit; MD5 | 6f004115f2ebeefbc18d7e2b8a7dc2ae; Download | Favorite | View

Related Files

CMSLogik 1.2.1 Shell Upload: Posted Apr 15, 2013; Authored by LiquidWorm | Site zeroscience.mk; CMSLogik version 1.2.1 remote shell upload exploit that leverages upload_file_ajax().; tags | exploit, remote, shell; MD5 | baaeffbd26f6f66a85728c22ff736084; Download | Favorite | View

CMSLogik 1.2.1 Cross Site Scripting: Posted Apr 15, 2013; Authored by LiquidWorm | Site zeroscience.mk; CMSLogik version 1.2.1 suffers from multiple persistent cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; MD5 | 4e64dbad8be4474869774a7334f9fe2a; Download | Favorite | View

SetSeed CMS 5.8.20 SQL Injection: Posted Nov 2, 2011; Authored by LiquidWorm | Site zeroscience.mk; SetSeed CMS version 5.8.20 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the vulnerable script using the cookie input 'loggedInUser', which could allow the attacker to view, add, modify or delete information in the back-end database.; tags | exploit, remote, sql injection; MD5 | 8c96c57ab1674a5a7830221715da9383; Download | Favorite | View

vtiger CRM 5.2.1 Cross Site Scripting: Posted Oct 26, 2011; Authored by LiquidWorm | Site zeroscience.mk; vtiger CRM version 5.2.1 suffers from a cross site scripting vulnerability when parsing user input to the _operation and search parameters in the /modules/mobile/index.php script.; tags | exploit, php, xss; MD5 | a7d89bbf10088e68e0ccfdaa4b470cb0; Download | Favorite | View

Cotonti CMS 0.9.4 Cross Site Scripting / SQL Injection: Posted Oct 11, 2011; Authored by LiquidWorm | Site zeroscience.mk; Cotonti CMS version 0.9.4 suffers from cross site scripting and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; MD5 | 1545975a349602f84b255405ea7dd834; Download | Favorite | View

Ashampoo Burning Studio Elements 10.0.9 Heap Overflow: Posted Oct 3, 2011; Authored by LiquidWorm | Site zeroscience.mk; Ashampoo Burning Studio Elements version 10.0.9 suffers from a heap overflow vulnerability. It fails to properly sanitize user supplied input when parsing .ashprj project file formats resulting in a crash corrupting the heap-based memory. The attacker can use this scenario to lure unsuspecting users to open malicious crafted .ashprj files with a potential for arbitrary code execution on the affected system.; tags | exploit, overflow, arbitrary, code execution; MD5 | f0492e7bbdbe04926e536db6204979b5; Download | Favorite | View

Adobe Photoshop Elements 8.0 Code Execution: Posted Oct 1, 2011; Authored by LiquidWorm | Site zeroscience.mk; Adobe Photoshop Elements 8 suffers from a buffer overflow vulnerability when dealing with .ABR (brushes) and .GRD (gradients) format files. The application fails to sanitize the user input resulting in a memory corruption, overwriting several memory registers which can aid the attacker to gain the power of executing arbitrary code on the affected system or denial of service scenario.; tags | exploit, denial of service, overflow, arbitrary; systems | linux; advisories | CVE-2011-2443; MD5 | 004516d691bbf0e327eed6642cae5fbe; Download | Favorite | View

Toko Lite CMS 1.5.2 HTTP Response Splitting: Posted Sep 19, 2011; Authored by LiquidWorm | Site zeroscience.mk; Toko Lite CMS version 1.5.2 suffers from a HTTP response splitting vulnerability. Input passed to the 'charSet' parameter in 'edit.php' is not properly sanitized before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user.; tags | exploit, web, arbitrary, php; MD5 | 34672c438690517a794e2988f0aa13cb; Download | Favorite | View

Toko Lite CMS 1.5.2 Cross Site Scripting: Posted Sep 19, 2011; Authored by LiquidWorm | Site zeroscience.mk; Toko Lite CMS version 15.2 suffers from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; MD5 | 2cf5a6a9043d77e534c287aa0742d39c; Download | Favorite | View

iGallery Plugin 1.0.0 Cross Site Scripting: Posted Sep 18, 2011; Authored by LiquidWorm | Site zeroscience.mk; iGallery plugin version 1.0.0 suffers from a cross site scripting vulnerability when parsing user input to the 'dir' parameter via GET method in '/scripts/pthumb/demo/phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.; tags | exploit, arbitrary, php, xss; MD5 | dc66196499f702c5331ab7e24d62ef74; Download | Favorite | View

iManager Plugin 1.2.8 Cross Site Scripting: Posted Sep 18, 2011; Authored by LiquidWorm | Site zeroscience.mk; iManager plugin versions 1.2.8 build 02012008 and below suffer from a cross site scripting vulnerability when parsing user input to the 'dir' parameter via GET method in 'random.php' and 'phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.; tags | exploit, arbitrary, php, xss; MD5 | 045faa0e1a51102fa891c0e22e0c6e8a; Download | Favorite | View

iBrowser Plugin 1.4.1 Cross Site Scripting: Posted Sep 18, 2011; Authored by LiquidWorm | Site zeroscience.mk; iBrowser plugin versions 1.4.1 and below suffer from a cross site scripting vulnerability.; tags | exploit, xss; MD5 | 9c5932f540901235e8b6fa62aa3e4f98; Download | Favorite | View

iManager Plugin 1.2.8 Arbitrary File Deletion: Posted Sep 18, 2011; Authored by LiquidWorm | Site zeroscience.mk; iManager plugin version 1.2.8 suffers from an arbitrary file deletion vulnerability.; tags | exploit, arbitrary; MD5 | ee52d4adfa39e998606fa5b8245f162b; Download | Favorite | View

iManager Plugin 1.2.8 Local File Inclusion: Posted Sep 17, 2011; Authored by LiquidWorm | Site zeroscience.mk; iManager plugin version 1.2.8 suffers from a local file inclusion vulnerability / file disclosure vulnerability when input passed thru the 'lang' parameter to imanager.php, rfiles.php, symbols.php, colorpicker.php, loadmsg.php, ov_rfiles.php and examples.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.; tags | exploit, local, php, file inclusion; MD5 | 1f565d16d37a5af74ffc5e704832da2e; Download | Favorite | View

iBrowser Plugin 1.4.1 Local File Inclusion: Posted Sep 16, 2011; Authored by LiquidWorm | Site zeroscience.mk; iBrowser plugin version 1.4.1 suffers from a local file inclusion vulnerability / file disclosure vulnerability when input passed thru the 'lang' parameter to ibrowser.php, loadmsg.php, rfiles.php and symbols.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.; tags | exploit, local, php, file inclusion; MD5 | 21c69e820a3468c7dd0b243efc200013; Download | Favorite | View

Mini FTP Server 1.1 Denial Of Service: Posted Aug 28, 2011; Authored by LiquidWorm | Site zeroscience.mk; Mini FTP Server version 1.1 buffer corruption remote denial of service exploit.; tags | exploit, remote, denial of service; MD5 | ae5338d23b34f5ad338332bbc123fd00; Download | Favorite | View

ManageEngine ServiceDesk Plus 8.0 Cross Site Scripting: Posted Aug 23, 2011; Authored by LiquidWorm | Site zeroscience.mk; ManageEngine ServiceDesk Plus version 8.0 suffers from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; MD5 | 1e00cc8ab3d183d83551ed37a8a419e5; Download | Favorite | View

ATutor 2.0.2 HTTP Response Splitting: Posted Aug 6, 2011; Authored by LiquidWorm | Site zeroscience.mk; ATutor version 2.0.2 suffers from a HTTP response splitting vulnerability.; tags | exploit, web; MD5 | 65493a36e142e548a77b004ccc82dc10; Download | Favorite | View

ATutor 2.0.2 Cross Site Scripting / SQL Injection: Posted Aug 6, 2011; Authored by LiquidWorm | Site zeroscience.mk; ATutor version 2.0.2 suffers from cross site scripting, path disclosure, and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; MD5 | ab2df9c6d8a9277cbfbf7362c5db1e1e; Download | Favorite | View

ATutor AChecker 1.2 Cross Site Scripting / Path Disclosure: Posted Aug 6, 2011; Authored by LiquidWorm | Site zeroscience.mk; ATutor AChecker version 1.2 suffers from cross site scripting and path disclosure vulnerabilities.; tags | exploit, vulnerability, xss; MD5 | 1dfcb0308b1fc9f621d64e75cb0ec0b3; Download | Favorite | View

ATutor AChecker 1.2 SQL Injection: Posted Aug 6, 2011; Authored by LiquidWorm | Site zeroscience.mk; ATutor AChecker version 1.2 suffers from multiple remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection; MD5 | 475954b621b8571b3fe1b0e3220801dd; Download | Favorite | View

ATutor AContent 1.1 Script Insertion: Posted Aug 6, 2011; Authored by LiquidWorm | Site zeroscience.mk; ATutor AContent version 1.1 suffers from a script insertion vulnerability.; tags | exploit; MD5 | 2478dac5eb13b92fa34347528cf29390; Download | Favorite | View

ATutor AContent 1.1 / 1.3 Cross Site Scripting: Posted Aug 6, 2011; Authored by LiquidWorm | Site zeroscience.mk; ATutor AContent version 1.1 suffers from multiple cross site scripting vulnerabilities. This also affects version 1.3 as of 2014/01/05.; tags | exploit, vulnerability, xss; MD5 | ccfe3c05bd73e4627c487bfb8dfe62ed; Download | Favorite | View

ATutor AContent 1.1 SQL Injection: Posted Aug 6, 2011; Authored by LiquidWorm | Site zeroscience.mk; ATutor AContent version 1.1 suffers from multiple remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection; MD5 | 3385f97fa7a85cf1d63e00960be6b12e; Download | Favorite | View

Digital Scribe 1.5 Cross Site Scripting: Posted Jul 31, 2011; Authored by LiquidWorm | Site zeroscience.mk; Digital Scribe version 1.5 suffers from multiple post cross site scripting vulnerabilities. Input thru the POST parameters 'title', 'last' and 'email' in register.php is not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site.; tags | exploit, php, vulnerability, xss; MD5 | 06f72ee6189d18849ce8c40b4cd30f27; Download | Favorite | View

Page 1 of 4 Back 1 2 3 4 Next

Top Authors In Last 30 Days

Red Hat 53 files
Ubuntu 29 files
Gentoo 26 files
malvuln 26 files
Jeremy Brown 7 files
Mesut Cetin 6 files
Aakash Madaan 6 files
SunCSR 6 files
1F98D 5 files
Georg Ph E Heise 5 files

File Archives

Systems

AIX (421)
Apple (1,760)
BSD (368)
Cisco (1,901)
Debian (5,945)
Fedora (1,688)
FreeBSD (1,241)
Gentoo (4,010)
HPUX (873)
iOS (280)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (39,200)
Mac OS X (672)
Mandriva (3,105)
NetBSD (255)
OpenBSD (472)
RedHat (9,543)
Slackware (941)
Solaris (1,597)
SUSE (1,444)
Ubuntu (7,062)
UNIX (8,822)
UnixWare (180)
Windows (5,721)
Other

Files

Related Files

File Archive:

January 2021

Top Authors In Last 30 Days

File Tags

File Archives

Systems