Citadel Backconnect Server 1.3.5.1 Remote Code Execution vulnerability

start "backgroundexec" cbcs.exe listen -cp:faggot -bp:hacker | echo "" shell.php Usage Info Edit the code and run ! import urllib import urllib2 Citadel Backconnect Server 1.3.5.1 Remote Code Execution vulnerability Work only on windows box def requesturl, params=None, method='GET': if method ==...

UPC Ireland Cisco EPC 2425 Router / Horizon Box

Exploit for hardware platform in category web applications The Cisco EPC 2425 routers supplied by UPC are vulnerable to an offline dictionary attack if the WPA-PSK handshake is obtained by an attacker. The WPA-PSK pass phrase has the following features: • Random • A to Z Uppercase only • 8...

UPC Ireland Cisco EPC 2425 Router Horizon Box - WPA-PSK Handshake Information

UPC Ireland Cisco EPC 2425 Router Horizon Box - WPA-PSK Handshake Information Exploit Title: UPC Ireland Cisco EPC 2425 Router / Horizon Box Google Dork: Date: 11/12/2013 Author: Matt O'Connor / Planit Computing Advisory Link: http://www.planitcomputing.ie/upc-wifi-attack.pdf Version: Category:...

[Wapiti 2.3.0] Web Application Vulnerability Scanner

Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti act...

Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability

A Symantec researcher has discovered a new Linux worm, targeting machine-to-machine devices, and exploits a PHP vulnerability CVE-2012-1823 to propagate that has been patched as far back as May 2012. Linux worm, which has been dubbed Linux.Darlloz, poses a threat to devices such as home routers a...

NetGear router through command injection to obtain ROOT privileges[EXP]-vulnerability warning-the black bar safety net

! NetGear router through command injection to obtain ROOT privileges\EXP\ - ScriptALeRT - Minghacker /Article/UploadPic/2013-11/201311614443412.jpg Abroad a large cattle study found that the NetGear router wndr3700v4 firmware authenticate the existence of the vulnerability. Once the Web interface...

GV32-CMS Code of audit records-vulnerability warning-the black bar safety net

Now the cms most is mvc architecture i.e. model+view+cotroll the. Receiving and processing the parameters in the c layer, with database interaction is in the m layer, the page showed in the v layer. Structured can be better for auditing. Here I mainly find thatsql injectionvulnerabilities...

Wordpress NOSpamPTI Plugin - Blind SQL Injection Vulnerability

Exploit for php platform in category web applications NOSpamPTI Wordpress plugin Blind SQL Injection Vendor product description NOSpamPTI eliminates the spam in your comment box so strong and free, developed from the idea of Nando Vieira http://bit.ly/d38gB8, but some themes do not support change...

WordPress Plugin NOSpamPTI - Blind SQL Injection

NOSpamPTI Wordpress plugin Blind SQL Injection Vendor product description NOSpamPTI eliminates the spam in your comment box so strong and free, developed from the idea of Nando Vieira http://bit.ly/d38gB8, but some themes do not support changes to the functions.php to this we alter this function...

WordPress NOSpamPTI 2.1 Blind SQL Injection Vulnerability

WordPress NOSpamPTI plugin version 2.1 suffers from a remote blind SQL injection vulnerability. NOSpamPTI Wordpress plugin Blind SQL Injection Vendor product description NOSpamPTI eliminates the spam in your comment box so strong and free, developed from the idea of Nando Vieira...

eM Client e-mail client v5.0.18025.0 Stored XSS vulnerability

eM Client e-mail client version 5.0.18025.0 suffers from a stored cross site scripting vulnerability. !/usr/bin/python ''' Author: loneferret of Offensive Security Date: 22-08-2013 Product: eM Client for Windows Version: 5.0.18025.0 previous versions and other platforms may be vulnerable Vendor...

eM Client e-mail client 5.0.18025.0 - Persistent Cross-Site Scripting

eM Client e-mail client 5.0.18025.0 - Persistent Cross-Site Scripting !/usr/bin/python ''' Author: loneferret of Offensive Security Date: 22-08-2013 Product: eM Client for Windows Version: 5.0.18025.0 previous versions and other platforms may be vulnerable Vendor Site: http://www.emclient.com/...

dreamMail e-mail client v4.6.9.2 Stored XSS Vulnerability

Exploit for windows platform in category remote exploits !/usr/bin/python ''' Author: loneferret of Offensive Security Product: dreamMail e-mail client Version: 4.6.9.2 Vendor Site: http://www.dreammail.eu Software Download: http://www.dreammail.eu/intl/en/download.html Tested on: Windows XP SP3...

Jumping Out of IE's Sandbox With One Click

Software vendors often give intentionally vague and boring names to the updates they use to fix security vulnerabilities. The lamer the name, the less attention it may attract from attackers looking to reverse-engineer the patch. There was one patch in Microsoft’s August Patch Tuesday release...

[Introspy] Monitor app in your iDevice

The Problem In 2013, assessing the security of iOS applications still involves a lot of manual, time-consuming tasks - especially when performing a black-box assessment. Without access to source code, a comprehensive review of these application currently requires in-depth knowledge of various API...

Reflected XSS in 'where' param of doSearchSite

Olivier Beg reported quote noformathttps://confluence.atlassian.com/dosearchsite.action?queryString=%22%3E&startIndex=0&lastModified=LASTWEEK&where=confall%22%3E%3Cimg%20src=x%20onerror=alert1%3Enoformat I asume he is DOM based because he works in google chrome. quote This results in code:html co...

XSS attack in macro rendering preview

Example: insert lorem ipsum macro edit macro in lightbox and press preview alter the post request as follows: POST /confluence/rest/tinymce/1/macro/preview HTTP/1.1 Host: test.foo.com Connection: keep-alive Content-Length: 136 Accept: text/html, /; q=0.01 Origin: https://test.foo.com...

XSS vulnerabilities in Atlassian Answers

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47042. panel Some users seem to try XSS attack on Atlassian Answers. How to replicate is the following steps. Go to the top pag...

Olive File Manager 1.0.1 iOS - Multiple Vulnerabilities

Olive File Manager 1.0.1 iOS - Multiple Vulnerabilities Title: ====== Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities Date: ===== 2013-07-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1009 VL-ID: ===== 1009 Common Vulnerability Scoring System:...

Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities

Document Title: =============== Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1009 Release Date: ============= 2013-07-12 Vulnerability Laboratory ID VL-ID: ====================================...