vBulletin 5.1.2 Unserialize Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'vBulletin 5.1.2 Unserialize Code Execution', 'Description' = %q This module exploits a PHP object injection vulnerability in vBullet...

Checkpoint Cross Site Scripting

Exploit Title: Checkpoint.com sub-domains Reflected XSS RXSS Date: 12/11/2015 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.checkpoint.com Version: / Category: Reflected Cross Site Scripting Google dork: Tested on: checkpoint.com sub-domains Checkpoint description :...

WordPress vulnerability analysis CVE-2 0 1 5-5 7 1 4 & CVE-2 0 1 5-5 7 1 5-the vulnerability warning-the black bar safety net

Recently, WordPress released a new version 4. 3. 1, which fixes a few serious security issues, which includes by Check Point filed a cross-site scripting Vulnerability, CVE-2 0 1 5-5 7 1 4 and a privilege escalation Vulnerability, CVE-2 0 1 5-5 7 1 5 It. 8 beginning of the month, Check Point, in...

WordPress Shortcodes Security Patch

WordPress core engine security vulnerabilities aren’t rare, but they are uncommon. Most issues affecting the integrity of sites running on the content management system are introduced by third-party plugins and put those sites at risk for a host of attacks. Today WordPress upgraded to version 4.3...

IKEView.exe Fox Beta 1 - Stack Buffer Overflow (PoC)

IKEView.exe Fox Beta 1 - Stack Buffer Overflow PoC + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-CPIKEVIEW-0911.txt Vendor: ================================ www.checkpoint.com Product: ================================ IKEView.exe...

IKEView.exe Fox Beta 1 - Stack Buffer Overflow (PoC)

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-CPIKEVIEW-0911.txt Vendor: ================================ www.checkpoint.com Product: ================================ IKEView.exe Fox beta 1 IKEVIew.EXE is used to inspect - internet...

200 Million WhatsApp Users Vulnerable to vCard Vulnerability

WhatsApp recently claimed to have hit 900 Million monthly active users, but a dangerous security flaw in the web version of the popular instant messaging app puts up to 200 Million of its users at risk. Yes, the web-based extension of WhatsApp is vulnerable to an exploit that could allow hackers ...

Android devices frequently have pits: Certifi-gate vulnerability control-screen recording-vulnerability warning-the black bar safety net

! This month's black hat conference disclosure vulnerability Certifi-gate exposed android security repeatedly go wrong. The black bar safety net Encyclopedia: what is the Certifi-gate “Certifi-gate”is a vulnerability, this vulnerability exists in the Android phone remote support...

Magento eCommerce - Remote Code Execution Exploit

Magento shoplift exploit that adds an administrator account. Flaw originally discovered by CheckPoint. Exploit Title : Magento Shoplift exploit SUPEE-5344 Author : Manish Kishan Tanwar AKA error1046 Date : 25/08/2015 Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh...

Google Pulls App Exploiting Certifi-Gate Vulnerability

A mobile application exploiting the so-called Certifi-gate vulnerability disclosed at Black Hat has been removed from the Google Play store. Though the number of downloads of Recordable Activator, a screen recorder app for Android devices, hovers between 100,000 and a half-million, researchers at...

"Certifi-Gate" Android Vulnerability Lets Hackers Take Complete Control of Your Device

Android users are busy fighting with Stagefright vulnerability while the popular mobile operating system faces another critical security vulnerability, dubbed as “Certifi-Gate”. Millions of Android devices could be hacked exploiting a plugin that comes pre-installed on your Android devices by the...

Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability

A vulnerability in the Cisco FireSIGHT Management Center could allow an authenticated, remote attacker to perform cross-site scripting XSS attacks. The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker could exploit this...

Check Point response to CVE-2015-3456 (VENOM)

Symptoms - A vulnerability in the virtual floppy drive code was discovered CVE-2015-3456. Solution The relevant fix for Threat Emulation gateway is already available and has been integrated in Threat Emulation engine version 24.990000010 refer to sk95235. Any Threat Emulation engine version that ...

Cisco FireSIGHT Management Center Web Framework Stored Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco FireSIGHT Management Center MC could allow an authenticated, remote attacker to execute a stored cross-site scripting XSS attack against the user of the web interface. The vulnerability is due to improper sanitization of parameter values. An attacker...

Cisco FireSIGHT Management Center Web Framework HTTP Header Redirection Vulnerability

A vulnerability in the web framework of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to inject a crafted HTTP header that causes users to be redirected to a malicious website. The vulnerability is due to insufficient validation of user input before it is used ...

eBay Magento online business systems to find vulnerabilities-vulnerability warning-the black bar safety net

The owner of the site constantly urges the art to fix the“Shoplift”this is a big vulnerability. Including eBay online retail giant's open-source e-Commerce platform Magento included, there are other thousands of e-Commerce websites are put up with their site serious vulnerability, an attacker can...

Critical Vulnerability Found in Magento eCommerce Platform

The most popular e-commerce platform owned by eBay, Magento is once again in the news. This time for a critical Remote Code Execution RCE vulnerability, affecting hundreds of thousands of online merchants worldwide. If exploited, the critical vulnerability could allow a hacker to compromise...

Magento Patched Remote Execution Hole in eCommerce Platform

A nasty remote code execution vulnerability was recently patched in eBay’s eCommerce platform Magento. The hole, disclosed Monday, could put upwards to 200,000 company’s web stores, and their customers’ information at risk of being compromised. If exploited, researchers claim the vulnerability...

TWiki Debugenableplugins Remote Code Execution Exploit

TWiki versions 4.0.x through 6.0.0 contain a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution. This module requires Metasploit: http://metasploit.com/download...

TWiki Debugenableplugins - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'TWiki Debugenableplugins Remote Code Execution', 'Description' = %q TWiki 4.0.x-6.0.0 contains a vulnerability in the Debug...