ExploitAlert Database - Exploit Database

Httpdx v1.5.3b Remote Crash Service (if http.log=1) PoC

Fri, 19 Mar 2010 20:30:12 +0100

Program : Httpdx v1.5.3b
PoC : Remote Crash Service (if http.log=1)
Homepage : http://sourceforge.net/projects/httpdx/
Found by : Jonathan Salwan
This Advisory : Jonathan Salwan
Contact : j.salwan@sysdream.com

//----- Application description

Single-process HTTP1.1/FTP server; no threads or processes started per
connection, runs with only few threads. Includes directory listi
...

IBM Lotus 6.x HTTP Response Splitting Vulnerability

Fri, 19 Mar 2010 20:28:31 +0100

=========================================
Yaniv Miron aka "Lament" Advisory March 12, 2010
IBM Lotus 6.x HTTP Response Splitting Vulnerability
=========================================

=====================
I. BACKGROUND
=====================

IBM Lotus Software delivers robust collaboration software that empowers
people to connect, collaborate, and innovate while optimizing the way they
work. With Lotus you
...

Manage Engine Service Desk Plus 7.6 woID SQL Injection Vulnerability

Fri, 19 Mar 2010 20:27:59 +0100

Advisory Name: SQL injection in Manage Engine Service Desk Plus 7.6
Vulnerability Class: SQL injection
Release Date: 03-18-2010
Affected Applications: Confirmed in version 7.6. Other versions may also be
affected.
Affected Platforms: Multiple
Local / Remote: Remote
Severity: High – CVSS: 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Researcher: Nahuel Grisol�a
Vendor Status: Acknowledged. Not fixed.
Vulnerability Description:

...

Shutter 0.1.4 Blind SQL Injection Vulnerability

Fri, 19 Mar 2010 20:24:56 +0100

view source
print?
# Exploit Title: Shutter 0.1.4 Blind SQL Injection
# Date: March 18, 2010
# Author: Blake
# Software Link:
http://sourceforge.net/projects/shutter-php/files/shutter/v0.1.4/shutter_0.
1.4.zip/download
# Version: version 0.1.4

The albumID and photoID parameters are vulnerable to SQL Injection.

POC:
http://server/shutter/admin.html?albumID=2%20and%20substring%28@@version,1,

...

SiteDone Custom Edition 2.0 SQL Injection & XSS Vulnerability

Fri, 19 Mar 2010 20:24:13 +0100

[~] SiteDone Custom Edition 2.0 SQL Injection & XSS Vulnerability
[~]
[~] http://www.sitedone.com
[~]
[~]
[~]
---------------------------------------------------------------------------
--------------------
[~] Bug founded by d3v1l [Avram Marius]
[~]
[~] Date: 18.03.2010
[~]
[~]
[~] http://security-sh3ll.blogspot.com
[~]
[~]
------------------------------------------------------------
...

Quality Point 1.0 NewsFeed (SQL/XSS) Multiple Remote Vulnerabilities

Fri, 19 Mar 2010 20:23:03 +0100

sEc-r1z crEw The Leaders for Penetration Testing In Middle East.
+==========================================================================
=========+
./SEC-R1Z _ __ _ _ _ _ ___ _ _ _ _ __ _ _ _ _ _
/ /_ _ _ _ / _ _\/ _ _ /\ \< |/_ _ _ _ /
\ \_ _ _ _/ /___ / / __ | |) / | | / /
\_ _ _ _/ /___ / / | __ || / | | / /
_______\ \_ _
...