How to Protect All Your Internet-Connected Home Devices From Hackers

How many Internet-connected devices do you have in your home? I am surrounded by around 25 such devices. It's not just your PC, smartphone, and tablet that are connected to the Internet. Today our homes are filled with tiny computers embedded in everything from security cameras, TVs and...

jquery-ui: cross-site scripting in dialog closeText

It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user...

Low: Red Hat Security Advisory: python-XStatic-jquery-ui security update

An update for python-XStatic-jquery-ui is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Powerful Extensible Wireless Drop Box: Pina Colada

Powerful Extensible Wireless Drop Box Pina Colada, a powerful and extensible wireless drop box, capable of performing a wide range of remote offensive attacks on a network. It can currently be controlled only via a command line interface, but a Command and Control remote server functionality is...

WordPress Easy Facebook Like Box 4.3.0 CSRF / XSS

Exploit Title : WordPress Plugin Easy Facebook Like Box 4.3.0- Cross-Site Request Forgery / Persistent Cross-Site Scripting Exploit Author : Persian Hack Team Vendor Homepage : https://wordpress.org/plugins/easy-facebook-likebox/ Category: Webapps Tested on: Win Version: 4.3.0 Date: 2016/11/19 Po...

What the Fuzz: Radamsa

What the Fuzz: Radamsa Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestingly different outputs...

Vivaldi 1.4.589.11 DLL Hijacking

Exploit Title: Vivaldi browser DLL Hijacking Author: Ashiyane Digital Security Team Vendor Homepage: https://vivaldi.com/ software link: https://downloads.vivaldi.com/stable/Vivaldi.1.4.589.11.exe Tested on:Windows 7 Date: 13-09-2016...

PizzaInn Beta 3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title :----------------- : PizzaInn Restaurant Scripti Beta v3 - categories-exec.php - Stored XSS Author :------------------------ : Nassim Asrir Author Company :------------------------ : HenceForth Author Email...

OneBlog 2.0 Cross Site Scripting

Exploit Title :----------------- : Oneblog v2.0 - postsnew.php - Stored XSS Author :------------------------ : Nassim Asrir Author Company :------------------------ : HenceForth Author Email :------------------------ : [email protected] Google Dork :---------------- : - Date...

VBScan 0.1.7 - Black Box vBulletin Vulnerability Scanner

OWASP VBScan short for VBulletin Vulnerability Scanner is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them . Why OWASP VBScan ? If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project ...

OLX: Reflected XSS at m.olx.ph

INTRO The m.olx.ph domain is vulnerable to reflected XSS through the search function. EXPLOITABILITY & PoC The following URL contains an XSS vector, which causes an alert box to appear https://m.olx.ph/all-results?q=:%27%3E%3Cimg%20src=/%20onerror=alert%28document.domain%29%3E or...

Syhunt ScanTools - Console Web Vulnerability Scan Tools

Syhunt released the new generation of its console-based scan tools, simply called ScanTools. The first release of ScanTools comes with four console applications: - ScanURL ,ScanCode , ScanLog and ScanConf , incorporating the functionality of the scanners Syhunt Hybrid/Dynamic, Syhunt Code, Syhunt...

Generalized SQL Injection Vulnerability in Xiamen Yaxun PDA System

The "Palm Service" system is an efficient process management system of enterprise mobile informationization based on the application of GPS mobile location management technology in response to the shortcomings of the traditional management mode of the enterprise field personnel and after years of...

WinSCP 5.9.1 DLL Hijacking

Exploit Title: WinSCP DLL Hijacking Exploit shcore.dll Date: 03-09-2016 Author: Ashiyane Digital Security Team Vendor Homepage:http://winscp.net/ Software Link: http://winscp.net/download/WinSCP-5.9.1-Setup.exe Version:5.9.1 Tested on:Windows 7 Exploit by : Amir.ght...

OoVoo 3.7.1 DLL Hijacking

Exploit Title: OoVoo DLL Hijacking Author: Ashiyane Digital Security Team Vendor Homepage:http://www.oovoo.com/ Version: 3.7.1 Tested on:Windows 7 ---------------------------------------------------------------------------------------------------------- vulnerable DLLs :...

CVE-2016-7103

It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user...

BFAC - Backup File Artifacts Checker

An automated tool that checks for backup artifacts that may discloses the web-application's source code. \ \ \ | | /| || / | / / | | || | | | | || | | \ \ | | || | | | | || /\ |/ / |/ |/ |/ -:::Backup File Artifacts Checker:::- An automated tool that checks for backup artifacts that may...

Obihai Patches Memory Corruption, DoS, CSRF Vulnerabilities

Obihai Technology recently patched vulnerabilities in its ObiPhone IP phones that could have led to memory corruption, buffer overflow, and denial of service conditions, among other outcomes. The California-based company manufactures IP-enabled phones and VOIP telephone adapters it calls OBi...

A Shadow of our Former Self

Posted by James Forshaw of Google Project Zero “Necessity is the Mother of Invention” as it’s said, and this is no more true than when looking for and exploiting security vulnerabilities. When new exploit mitigations are introduced, either a way of bypassing the mitigation is needed or an...

Nextcloud: xss for admin of https://newsletter.nextcloud.com

a site https://newsletter.nextcloud.com to have phplist 3.2.5 steps to reproduce: 1. to use firefox browser, latest version 2. go to https://newsletter.nextcloud.com/admin/?page=viewtemplate&id=123%22%3E%3Cscript%3Ealertdocument.domain%3C/script%3E 3. log in as admin 4. alert box with name of...