Hacked Media Sites Serving Fake AV Malware

Websites belonging to a number of Washington, D.C.-area media outlets have been compromised in a series of opportunistic attacks with criminals using a watering-hole tactic to spread scareware, or phony antivirus software. Popular D.C. radio station WTOP, sister station Federal News Radio, and th...

Ganesha Digital Library Multiple SQLi and XSS Vulnerabilities

Ganesha Digital Library is prone to multiple SQL injection SQLi and cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...

MyBloggie 2.1.6 - HTML Injection / SQL Injection

source: https://www.securityfocus.com/bid/48317/info myBloggie is prone to a SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application, access or modify data,...

M86: Email Spam Down; Third Party Phishing and Exploit Kits Up

Email users may have experienced a serious decline in spam over the past couple months, however, a Web security trends report by M86 Security released today at RSA in San Francisco says cybercriminals are coming up with new and innovative methods of phishing as well as producing increasingly robu...

Update : Havij v1.13 automated SQL Injection tool - New version

Update : Havij v1.13 automated SQL Injection tool - New version "Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform...

Group-Office 'modules/notes/json.php' SQL Injection Vulnerability

Group-Office is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to execute arbitrary code, compromise the application, access or modify data, or exploit latent...

FMyClone 2.3 SQL Injection

FMyClone V2.3 Multiple SQLi By learn3r hacker from nepal [email protected] Product name: FMyClone Version: 2.3 or maybe lower Home: fmyclone.com Different things might require some privileges to work but still sometimes these might be useful. Vulns in the scripts:...

roomphplanning 1.6 - Multiple Vulnerabilities

o o o O O ooooooo 0 oooo OOOo o o o O O O 0 0 0 o o o o o O O O 0 0000 oooo ooooo o o oooooo o o O O O 0 0 0 0 0 0 o o O O o o O OO 0 0 0 oooo ooooo oooo OOOOOO oooooo O O O 0 0 0 0 0 0oooo0 + RoomPHPlanning v1.6 Multiple Remote Exploit Vulnerabilities + Discovered By : ThE g0bL!N + Greetz : All ...

CVE-2009-1105

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490...

CVE-2009-1105

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490...

Scripts For Sites EZ Hotscripts 'software-description.php' SQL Injection Vulnerability

EZ Hotscripts is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the...

Dale Mooney Calendar Events - 'Viewevent.php' SQL Injection

source: https://www.securityfocus.com/bid/25456/info Calendar Events is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modi...

Insanely Simple Blog 0.4/0.5 - 'index.php' SQL Injection

source: https://www.securityfocus.com/bid/24934/info Insanely Simple Blog is prone to multiple input-validation vulnerabilities, including cross-site scripting, HTML-injection, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. Exploiting these issue...

EZContents 2.0.3 - showlinks.php?GLOBALS[admin_home] Remote File Inclusion

EZContents 2.0.3 - showlinks.php?GLOBALSadminhome Remote File Inclusion source: https://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these...

CVE-2005-4793

Technical details (affected products/versions, root cause, impact, and fixes) are not publicly provided in the provided documents. Monitor for updates.

Snipe Gallery 3.1.4 - 'image.php?image_id' SQL Injection

source: https://www.securityfocus.com/bid/15844/info Snipe Gallery is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities could allow an attacker to...

Immunity Canvas: MS05_040

Name| ms05040 ---|--- CVE| CVE-2005-0058 Exploit Pack| CANVAS Description| Windows Telephony Service Overflow Notes| CVE Name: CVE-2005-0058 VENDOR: Microsoft MSADV: MS05-040 MSRC: http://www.microsoft.com/technet/security/Bulletin/MS05-040.mspx Platforms Tested: Windows XP Home/Pro SP1a up2date,...

UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php?main' SQL Injection

source: https://www.securityfocus.com/bid/14052/info UBB.Threads is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application,...

Armagetron Advanced <= 0.2.7.0 Server Crash Exploit

No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h include time.h ifdef WIN32 include winsock.h / inserted win32.h /str0ke / / Header file used for manage errors in Windows It support socket and errno too this header replace the previous...

[UNIX] Multiple SQL Injection Vulnerabilties in Chipmunk Forum

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...