7736 matches found
PotPlayer 1.5.39036 Proof Of Concept
Exploit Title: PotPlayer Version 1.5.39036 - Beta .wav - Crash POC Date: 03-09-2013 Exploit Author: ariarat Software Link: http://download.cnet.com/Daum-Potplayer/3000-136324-75587055.html Version: 1.5.39036 Tested on: Windows XP sp3...
PJ blog bulk can obtain the webshell-vulnerability warning-the black bar safety net
pjblog in 0 7 in a civil plug-in vulnerabilities. PJ blog editor of the vulnerability, without filtering sensitive characters. Currently this plugin author has not maintenance updates. Don't use this plugin, the blog will not be affected Can batch get most of the PJ blog WEBSHELL。 ! The editor on...
Bo-Blog 2.1.1 Cross Site Scripting / SQL Injection
Exploit Title : Bo-Blog 2.1.1 Multiple Vulnerabilites Exploit Author : Ashiyane Digital Security Team Official site : http://www.bo-blog.com/ Tested on: Windows,Linux /////////////////////////////////////////////// Google Dork : intext:"Powered by Bo-Blog 2.1.1"...
Bo-Blog 2.1.1 - Cross-Site Scripting SQL Injection
Bo-Blog 2.1.1 - Cross-Site Scripting SQL Injection source: https://www.securityfocus.com/bid/61880/info Bo-Blog is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to...
Bo-Blog 2.1.1 - Cross-Site Scripting / SQL Injection
source: https://www.securityfocus.com/bid/61880/info Bo-Blog is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary code in the context of the browser,...
OpenX flowplayer-3.1.1.min.js Backdoor Remote Code Execution
The version of OpenX installed on the remote host contains a backdoor and allows the execution of arbitrary PHP code, subject to the privileges under which the web server operates. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
Ruby on Rails Known Secret Session Cookie Remote Code Execution
This Metasploit module implements remote command execution on Ruby on Rails applications. Prerequisite is knowledge of the "secrettoken" Rails 2/3 or "secretkeybase" Rails 4. The values for those can be usually found in the file "RAILSROOT/config/initializers/secrettoken.rb". The module achieves...
MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/exploit/exe' class...
Easy Blog by JM LLC - Multiple Vulnerabilities
Dear all, I have discovered some vulnerabilities in Easy Blog, developed by JM LLC. Cheers, Sp3ctrecore ADVISORY =========================================== Easy Blog JM LLC - Multiple Vulnerabilities =========================================== Software................: Easy Blog Software...
Easy Blog by JM LLC - Multiple Vulnerabilities
Easy Blog by JM LLC - Multiple Vulnerabilities Dear Offensive Security, I have discovered some vulnerabilities in Easy Blog, developed by JM LLC. Best regards, Sp3ctrecore ADVISORY ============================================== Easy Blog by JM LLC - Multiple Vulnerabilities...
Easy Blog by JM LLC - Multiple Vulnerabilities
Exploit for php platform in category web applications ============================================== Easy Blog by JM LLC - Multiple Vulnerabilities ============================================== Software................: Easy Blog Software link...........:...
MIPS Little Endian Shellcode
MIPS Little Endian Shellcode. CVE-2013-4659. Shellcode exploit for mips platform Disassembled MIPS Little Endian Shellcode Shellcode was designed for ACSD exploit on the ASUS RT-AC66U SOHO router. CVE: CVE-2013-4659 Written by Jacob Holcomb, Security Analyst @ Independent Security Evaluators Blog...
Easy Blog by JM LLC - Multiple Vulnerabilities
Dear Offensive Security, I have discovered some vulnerabilities in Easy Blog, developed by JM LLC. Best regards, Sp3ctrecore ADVISORY ============================================== Easy Blog by JM LLC - Multiple Vulnerabilities ==============================================...
Easy Blog XSS / SQL Injection / Shell Upload
ADVISORY ============================================== Easy Blog by JM LLC - Multiple Vulnerabilities ============================================== Software................: Easy Blog Software link...........: http://www.jmagness.com/download/EasyBlog.zip Vendor..................: JM LLC Vendor...
DDoS Attack Takes Down DNS Provider Network Solutions
A distributed denial of service attack knocked the website of the domain name registrar Network Solutions LLC offline this morning and affected an unknown number of its clients’ sites as well. Network Solutions announced on its Facebook page that it was experiencing a DDoS attack just before 11...
Kate's Video Toolkit 7.0 Crash
Exploit Title: Kate's Video Toolkit Version 7.0 .wav - Crash POC Date: 14-07-2013 Exploit Author: ariarat Vendor Homepage: http://fakewebcam.com/Free-Video-Toolkit.asp Software Link: http://download.cnet.com/Kate-s-Video-Toolkit/3000-21394-10628194.html Version: 7.0 maybe all versions! Tested on:...
Kate's Video Toolkit Version 7.0 (.wav) - Crash POC
Kate's Video Toolkit version 7.0 crash proof of concept denial of service exploit that creates a malicious WAV file. Exploit Title: Kate's Video Toolkit Version 7.0 .wav - Crash POC Date: 14-07-2013 Exploit Author: ariarat Vendor Homepage: http://fakewebcam.com/Free-Video-Toolkit.asp Software Lin...
July 2013 Security Bulletin Webcast, Q&A, and Slide Deck
Today we’re publishing the July 2013 Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded 10 questions covering all updates. All questions are included on the Q&A page. We invite our customers to join us for the next scheduled webcast on Wednesday, August 14th at 11...
A new policy for store apps and the July 2013 security updates
There are those I’ve met who think my life is something akin to the classic comedy Groundhog Day. No, I don’t wake up to the musical stylings of Sonny and Cher each morning, but month after month after month, the second Tuesday rolls around and I’m involved in releasing security updates...
I've only gone and done a blog
I've been promising myself I'd start a blog for about 100 years now, but it's finally here! I decided to build everything from scratch to force myself to learn Vagrant, Puppet and other general sysops stuff that was on my "to explore" list. This was dumb in terms of how long it took me to get...