Pligg CMS 2.0.2 - Multiple SQL Injections

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Pligg CMS 2.0.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pligg.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public: 10/07/2015 Releas...

Samsung SecEmailUI - Script Injection

Source: https://code.google.com/p/google-security-research/issues/detail?id=494 ''' The default Samsung email client's email viewer and composer implemented in SecEmailUI.apk doesn't sanitize HTML email content for scripts before rendering the data inside a WebView. This allows an attacker to...

PowerShell Incident Response: Psrecon

Psrecon is an open source script that you can use to gather data from a remote Windows host using PowerShell v2 or later, organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushe...

Flash Boundless Tunes - Universal SOP Bypass Through ActionSctipts Sound Object

Flash Boundless Tunes - Universal SOP Bypass Through ActionSctipts Sound Object Source: https://code.google.com/p/google-security-research/issues/detail?id=354&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id 90-day deadline tracking for...

SQL injection vulnerability in the gid parameter of Nanjing Jenohan Journal Submission System.

Nanjing Jenohan Software Technology Co., Ltd. is for the development of hospital full cost accounting decision support software system, hospital performance management information system and hospital customer management information system. There is a SQL injection vulnerability in the gid paramet...

Proposed U.S. Wassenaar Rules on Intrusion Software

Two things worth noting from yesterday’s unveiling of the Bureau of Industry and Security’s proposed Wassenaar rules for the U.S. that weren’t so overt: a The U.S. generally leads the way in implementing Wassenaar changes, and this time it’s been beaten by the EU by almost 18 months; and b reques...

[SECURITY] Fedora 21 Update: freexl-1.0.0i-1.fc21

FreeXL is a library to extract valid data from within an Excel spreadsheet .xls Design goals: simple and lightweight stable, robust and efficient easily and universally portable completely ignore any GUI-related oddity...

[SECURITY] Fedora 20 Update: freexl-1.0.0i-1.fc20

FreeXL is a library to extract valid data from within an Excel spreadsheet .xls Design goals: simple and lightweight stable, robust and efficient easily and universally portable completely ignore any GUI-related oddity...

[SECURITY] Fedora 22 Update: freexl-1.0.0i-1.fc22

FreeXL is a library to extract valid data from within an Excel spreadsheet .xls Design goals: simple and lightweight stable, robust and efficient easily and universally portable completely ignore any GUI-related oddity...

Academics Use Siri to Move Secrets Off Jailbroken iOS Device

Attackers living on any network are all about one thing: persistence. They want to get on quietly and stay on quietly. But what about moving stolen data off a network? How quiet can that be? Two researchers believe they’ve figured out a way to combine Siri, Apple iOS’ native voice-activated...

phpMyRecipes category parameter SQL injection vulnerability

phpMyRecipes is a simple web-based recipe storage and retrieval application. A SQL injection vulnerability exists in the phpMyRecipes category parameter, which allows remote attackers to exploit the vulnerability by submitting a specially crafted SQL query to manipulate or obtain database data, d...

CeWL - Custom WordList Generator Tool for Password Cracking

CeWL is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper. CeWL also has an associated command line app, FAB Files Already Bagged which uses the same meta...

WSS最新版某处SQL注入直接获取数据二（两处）

简要描述： WSS最新版某处SQL注入直接获取数据二（两处） 详细说明： WSS最新版1.3.2 文件defaultuser.php ?php $urlproject = $SERVER"QUERYSTRING" ; $currenturl = currentexplode"&sort",$urlproject; $currentPage = $SERVER"PHPSELF"; $maxRowsRecordset1 = getitem 'maxrowsuser' ; $pageNumRecordset1 = 0; if isset$GET'pageNumRecordset1'...

Joomla Spider Contacts 1.3.6 SQL Injection

!/usr/bin/env python Exploit Title : Joomla Spider Contacts = 1.3.6 SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://web-dorado.com/ Software Link : http://web-dorado.com/?option=comwdsubscriptions&view=dwnldfree&format=row&id=60 fixed Mirror Link :...

Researcher Identifies Hidden Data-Acquisition Services in iOS

There are a number of undocumented and hidden features and services in Apple iOS that can be used to bypass the backup encryption on iOS devices and remove large amounts of users’ personal data. Several of these features began as benign services but have evolved in recent years to become powerful...

Brute-Forcing Botnet Sniffs Out Lax POS Systems

Over a two-week time span earlier this year, a botnet composed of thousands of computers actively sought out and broke into exposed point of sale POS systems that used poor or default passwords. The botnet, dug up and dubbed BrutPOS by security firm FireEye, leveraged more than 5,000 machines and...

Cisco Unified Communications Manager - TFTP Service

No description provided by source. !/bin/bash Proof of Concept on how to get tftp config files from cisco phones This can be performed anonymously and privileges gathered relies on those assigned to the ldap account Developed by Daniel Svartman [email protected] In case tftp files are...

Irola My-Time 3.5 - Remote SQL Injection Vulnerability

No description provided by source. Aria-Security Team http://Aria-Security.Net ----------------------------- Original Advisory @ http://aria-security.net/forum/showthread.php?p=1106 Vendor: http://www.irola.com Username/Password Fields can run SQL Queries. Therefore: We get the Tables:...

WebDM CMS SQL Injection Vulnerability

No description provided by source. WebDM CMS SQL Injection Vulnerability EDB-ID: CVE: OSVDB-ID: Author: Dr.0rYX and Cr3w-DZ Published: Verified: Exploit Code: Vulnerable App: . . \ \ /| | \ /|| / / /\ \ | | | | \ \ \ | \ \ |/ \ \ | | \ / \ | /| | | Y \ // / | \ | | / \ \ / \ || /\ /| || ||...

WordPress Eventify - Simple Events plugin <= 1.7.f SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Eventify - Simple Events plugin = 1.7.f SQL Injection Vulnerability Date: 2011-09-07 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/eventify.zip Version: 1.7.f tested...