ASUS Router Authentication Bypass / Cross Site Scripting

ASUS router drive-by code execution via XSS and authentication bypass ===================================================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/asus-router-auth-bypass.txt Overview -------- Various ASUS routers contai...

Bitcoin Talk forum hacked; Database for Sale by Hacker; Website currently down

Bitcoin Talk, the popular Bitcoin discussion forum, has been hacked and as it stands the site is currently unreachable. Bitcointalk has been down for nearly 6 hours. The forums have been allegedly hacked and Defaced by "The Hole Seekers" and selling 150,000 emails and hashed passwords stolen from...

Bitcoin Talk forum hacked; Database for Sale by Hacker; Website currently down

Bitcoin Talk, the popular Bitcoin discussion forum, has been hacked and as it stands the site is currently unreachable. Bitcointalk has been down for nearly 6 hours. The forums have been allegedly hacked and Defaced by “The Hole Seekers” and selling 150,000 emails and hashed passwords stolen from...

Xorbin Digital Flash Clock 1.0 For WordPress XSS

==================================================================== Xorbin Digital Flash Clock 1.0 Plugin for Wordpress Flash-based XSS ==================================================================== Description: This plugin displays digital flash clock on your website. It's easy to use and...

WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability

Exploit for php platform in category web applications Because this is my first Vulnerability I ever found by my self, I wrote a PoC script I know that this is overkill and the Vulnerability is trivial to exploit :P The JavaScript Payload is executed when the Admin views Count per Day - Statistics...

WordPress Count Per Day 3.2.5 XSS

!/usr/bin/ruby Exploit Title: WordPress Count per Day 3.2.5 CSRF Google Dork: inurl:"/wp-content/plugins/count-per-day Date: 18.03.2013 Exploit Author: m3tamantra http://m3tamantra.wordpress.com/blog Vendor Homepage: http://wordpress.org/extend/plugins/count-per-day/ Software Link:...

WordPress Plugin Count Per Day 3.2.5 - 'counter.php' Cross-Site Scripting

!/usr/bin/ruby Exploit Title: WordPress Count per Day 3.2.5 CSRF Google Dork: inurl:"/wp-content/plugins/count-per-day Date: 18.03.2013 Exploit Author: m3tamantra http://m3tamantra.wordpress.com/blog Vendor Homepage: http://wordpress.org/extend/plugins/count-per-day/ Software Link:...

Operation High Roller Now Targets Europe's SEPA Network and Large US Bank

The criminals behind Operation High Roller, a complex wire-fraud scheme that has scammed high-end banking customers out of millions, have added a new dimension of automation to their attacks and expanded their efforts beyond Europe and have targeted a major U.S. bank. Researchers at McAfee provid...

Wiki Web Help 0.3.9 Cross Site Scripting

Exploit Title: Multiple Stored XSS Vulnerabilities in Wiki Web Help. Date: 23/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://wikiwebhelp.org Software Link: http://sourceforge.net/projects/wwh/files/wwh-0.3.9.7z/download Version: 0.3.9 Gr33Tz: @aviadgolan , @benhayak,...

op5 Monitoring 5.4.2 XSS / CSRF / SQL Injection

Author: loneferret of Offensive Security Product: op5 Monitoring VM appliance Version: 5.4.2 Vendor Site: http://www.op5.com/ Software Download: http://www.op5.com/get-op5-monitor/get-started/ Software Description: op5 is a market leading developer of Open Source Management solutions. op5 develop...

Useresponse 1.0.2 Backdoor / CSRF / Code Execution

!/usr/bin/python -------------------- | abuseresponse.py | -------------------- Useresponse = 1.0.2 privilege escalation & remote code execution exploit vendor: USWebStyle http://www.uswebstyle.com/ software: http://www.useresponse.com/ vulns found by bcoles @bclose and mrme @netninja exploit by...

Wordpress Zingiri Web Shop Plugin <= 2.4.0 Multiple XSS Vulnerabilities

Exploit for php platform in category web applications Wordpress Zingiri Web Shop Plugin '; Exploit: http://localhost/wordpress/?page=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E 'page' variable isn't properly sanitized before being used. STORED XSS PS: Attacker should be logged for...