Realtek Sound Manager AvRack - '.wav' Crash (PoC)

!/usr/bin/python Title: Realtek Sound Manager AvRack - Crach Poc version: all versions link: http://www.realtek.com.tw/ Platform: Windows XP sp3 Author: Asesino04 Blog : http://asesino04.blogspot.com/ junk="\x2E\x73\x6E\x64\x00\x00\x01\x18\x00\x00\x42\xDC\x00\x00\x00\x01"...

Realtek Sound Manager AvRack - .wav Crash (PoC)

Realtek Sound Manager AvRack - .wav Crash PoC !/usr/bin/python Title: Realtek Sound Manager AvRack - Crach Poc version: all versions link: http://www.realtek.com.tw/ Platform: Windows XP sp3 Author: Asesino04 Blog : http://asesino04.blogspot.com/...

Collabtive 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Collabtive 1.0 SQLi Date: 06/17/2013 Exploit Author: drone @dronesec More information: http://forelsec.blogspot.com/2013/06/collabtive-10-sqli.html Vendor homepage: http://collabtive.o-dyn.de/ Software link:...

Google Releases Google Chrome 27.0.1453.116

Google has released Google Chrome 27.0.1453.116 for all Chrome OS devices to address a vulnerability. This vulnerability could allow a remote attacker to obtain sensitive information. US-CERT encourages users and administrators to review the Google Chrome release blog entry and follow best practi...

Adrenalin Player 2.2.5.3 - '.wax' Local Buffer Overflow (SEH)

!/usr/bin/python Title: Adrenalin Player SEH Buffer Overflow software: Adrenalin Player version : 2.2.5.3 Platform: Windows XP sp3 Date: June 16th, 2013 Author: onying @onyiing Blog : http://itsecuritynewbie.blogspot.com/ Thanks to: Information Security Shinobi Camp | http://www.is2c-dojo.com jun...

Redtube Blog Cross Site Scripting

Title : Cross Site Scripting in RedTube Official Blog. Author : Ryuzaki Lawlet Blog : justryuz.blogspot.com / www.justryuz.com E-mail : [email protected] / [email protected] / [email protected] Date: June 6/2013 4.44 pm Vendor: http://wordpress.org/plugins/nextgen-gallery/ Type : Web...

MGASA-2013-0162 Updated moodle package fix security vulnerabilities

The assignment module in Moodle before 2.4.4 was not checking capabilities for users downloading all assignments as a zip CVE-2013-2079. The Gradebook's Overview report in Moodle before 2.4.4 was showing grade totals that may have incorrectly included hidden grades CVE-2013-2080. When registering...

Google Releases Google Chrome 27.0.1453.110

Google has released Google Chrome 27.0.1453.110 for Windows, Macintosh, Linux and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to cause a denial-of-service condition, bypass security controls or execute arbitrary code. US-CERT encourages user...

MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution

This module exploits the MiniUPnP 1.0 SOAP stack buffer overflow vulnerability present in the SOAPAction HTTP header handling. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MiniUPnPd 1.0 Stac...

PHD Help Desk 2.12 - SQL Injection

PHD Help Desk 2.12 - SQL Injection Exploit Title: PHD Help Desk 2.12 SQLi Date: 05/24/2013 Exploit Author: drone @dronesec More information: http://forelsec.blogspot.com/2013/06/phd-help-desk-212-sqli-and-xss.html Vendor Homepage: http://www.p-hd.com.ar/ Software Link:...

CVE-2013-2082

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request...

CVE-2013-2082

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request...

Cross site request forgery (csrf)

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request...

UBUNTU-CVE-2013-2082

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request...

CVE-2013-2082

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request...

CVE-2013-2082

CVE-2013-2082 affects Moodle: versions up to 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 do not enforce capability requirements for reading blog comments, allowing remote attackers to obtain sensitive information via a crafted request. Root cause: missing capability ch...

Financial Times hacked by Syrian Electronic Army

The Financial Times has become the latest news outlet to be hacked by supporters of the Syrian president Bashar al-Assad, following a phishing attack on the company’s email accounts. The posh broadsheet's Tech Blog - at http://blogs.FT.com/beyond-brics was compromised to run stories headlined...

Mutiny 5 Arbitrary File Upload

This module exploits a code execution flaw in the Mutiny 5 appliance. The EditDocument servlet provides a file upload function to authenticated users. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code execution with roo...

Lxblog blog system variables cover the resulting injection+Getshell attached to the use of the exp-bug warning-the black bar safety net

Nonsense: lxblog is www. phpwind. net development of multi-blog system, now seems to have stopped updating! Statement: We only do the technical research, please do not illegally used, together with consequences with himself, independent of it! Text: Key file:/mod/ajaxmod.php if ! empty$POST $POST...

CVE-2013-1782

Cross-site scripting XSS vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons...