CVE-2013-6058

SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATHINFO to blog-by-cat/...

Supermicro Onboard IPMI close_window.cgi Buffer Overflow

This module exploits a buffer overflow on the Supermicro Onboard IPMI controller web interface. The vulnerability exists on the closewindow.cgi CGI application, and is due to the insecure usage of strcpy. In order to get a session, the module will execute system from libc with an arbitrary CMD...

Supermicro Onboard IPMI Static SSL Certificate Scanner

This module checks for a static SSL certificate shipped with Supermicro Onboard IPMI controllers. An attacker with access to the publicly-available firmware can perform man-in-the-middle attacks and offline decryption of communication to the controller. This module has been on a Supermicro Onboar...

Unicorn Router WB-3300NR CSRF (Factory Reset/DNS Change)

Exploit Title: Unicorn Router WB-3300NR CSRF Factory Reset/DNS Change Exploit Author: absane Blog: http://blog.noobroot.com Discovery date: October 29th 2013 Vendor Homepage: http://www.eunicorn.co.kr/kimsboard7/product.php?inc=wb-3300nr Tested on: Unicorn WB-3300NR v1.0 Firmware Version:...

New home for the Security Group blog

News New home for the Security Group blog Share October 31st, 2013 Welcome to the new home of the Opera Security Group. We have changed our blogging platform. For more more information regarding the switch, please see this post. If you received this blog post in your feed reader, you do not need ...

NAS4Free Arbitrary Remote Code Execution

NAS4Free allows an authenticated user to post PHP code to a special HTTP script and have the code executed remotely. This module was successfully tested against NAS4Free version 9.1.0.1.804. Earlier builds are likely to be vulnerable as well. This module requires Metasploit:...

Dolibarr ERP/CRM 3.4.0 - 'exportcsv.php?sondage' SQL Injection

Exploit Title: Dolibarr 3.4.0 SQLi Date: 10/7/2013 Exploit author: drone @dronesec More information: http://forelsec.blogspot.com/2013/10/dolibarr-340-multiple-vulnerabilities.html Vendor homepage: http://www.dolibarr.org/ Software link: Version: 3.4.0 Fixed in: 3.4.1 Tested on: Ubuntu 12.04...

Stable Channel Update

The Chrome team is excited to announce the promotion of Chrome 30 to the Stable channel for Windows, Mac, Linux and Chrome Frame. Chrome 30.0.1599.66 contains a number of fixes and improvements, including: Easier searching by image A number of new apps/extension APIs Lots of under the hood change...

Exclusive : New Touch ID hack allows hacker to unlock an iPhone by multiple fingerprints

The Iranian group defeated the very basic phenomenon of an iPhone Fingerprinting scanner, which allows them to unlock an iPhone device with multiple Fingerprints. Apple‘s iPhone 5s, was launched just available in stores two weeks before with a new feature of biometrics-based security system calle...

My Blog, 2.0.1 Build 286,

My Blog, 2.0.1 Build 286, SQL Injection...

Z-Blog的php版前台正则SQL盲注漏洞

简要描述： 第二发...另外有点疑惑想问下你们的开发 详细说明： 问题出在 /zbsystem/function/csystemcommon.php function GetVars$name,$type='REQUEST' if $type=='ENV' $array=&$ENV; if $type=='GET' $array=&$GET; if $type=='POST' $array=&$POST; if $type=='COOKIE' $array=&$COOKIE; if $type=='REQUEST' $array=&$REQUEST; if $type=='SERVER'...

Z-Blog PHP版之三低权限管理员POST注入

简要描述： 注册个评论者账号就能注到管理员 详细说明： 木有找到你们接受POST变量的函数在哪，所以认为问题出在/zbsystem/function/lib/dbsql.php public function ParseWhere$where global $zbp; $sqlw=null; if!empty$where $sqlw .= ' WHERE '; $comma = ''; foreach$where as $k = $w $eq=$w0; if$eq=='='|$eq==''|$eq=='LIKE'|$eq==''|$eq=='!=' $x = string$w1; $y ...

Z-Blog的PHP版前台存储型XSS漏洞一

简要描述： 看到你们内测的消息我就屁颠屁颠地跑过来了，花了两个通宵看代码发现几处漏洞.. 这里先绕过了你们XSS过滤脚本.. 详细说明： 问题出在 /zbsystem/function/csystemcommon.php function TransferHTML$source,$para ifstrpos$para, 'nohtml'!==false $source=pregreplace"//si","",$source; ifstrpos$para, 'noscript'!==false $source=pregreplace"/.?/si","",$source;...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed...

UBUNTU-CVE-2013-4341

Multiple cross-site scripting XSS vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed...

CVE-2013-4341

Multiple cross-site scripting XSS vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed...

Moodle 2.3.82.4.5 - Multiple Vulnerabilities

Moodle 2.3.82.4.5 - Multiple Vulnerabilities Ciaran McNally Application: Moodle http://download.moodle.org/ Versions: parameter in an rss feed is vulnerable to javascript injection. This blog post is viewable by everyone on moodle and you can link to it directly. Upon clicking the "Link to origin...

PJ blog plug-in vulnerability of the actuator can be bulk obtained webshell-vulnerability warning-the black bar safety net

pjblog in 0 7 in a civil plug-in vulnerabilities. PJ blog editor of the vulnerability, without filtering sensitive characters. Currently this plugin author has not maintenance updates. Don't use this plugin, the blog will not be affected Can batch get most of the PJ blog WEBSHELL。 ! QQ screenshot...

phpcms v9 arbitrary file read vulnerability exp-vulnerability warning-the black bar safety net

? php / PHPcms V9 arbitrary file read vulnerability Detection Tool @author the Return of the Blog: www.creturn.com Email: [email protected] Note that this app only to learn reference, shall not be used for illegal interactions Otherwise the consequences conceited, and I is independent of! /...

jetAudio 8.0.16.2000 Plus VX - (.wav) - Crash POC

Exploit for windows platform in category dos / poc Exploit Title: jetAudio Version 8.0.16.2000 Plus VX - .wav - Crash POC Date: 03-09-2013 Exploit Author: ariarat Software Link: http://www.jetaudio.com/download/ Version: 8.0.16.2000 Probably old version of software and the LATEST version too Vend...