120 matches found
The Mask Malware: A 7-Year Cyber Espionage Campaign Unmasked
A sophisticated cyber spying operation, The Mask , that has been under the radar for about 7 years and targeted approximately 31 countries, has now been unmasked by researchers at Kaspersky Labs. Researchers believe the campaign has been active since 2007 and is a highly sophisticated nation-stat...
Rite CMS 1.0.0 Cross Site Request Forgery / Cross Site Scripting
Exploit Title: RiteCMS multiple vulnerabilities Date: 2013 30 July Exploit Author: Yashar shahinzadeh Credit goes for: ha.cker.ir Vendor Homepage: http://ritecms.com/ Tested on: Linux & Windows, PHP 5.2.9 Affected Version : 1.0.0 Contacts: http://Twitter.com/YShahinzadeh , http://y-shahinzadeh.ir...
PBBoard 3.0.0 Cross Site Scripting / SQL Injection
Exploit Title: PBBoard v3.0.0 Multiple Remote Vulnerabilities Date: 12/10/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.pbboard.com/ Software Link: http://www.pbboard.com/PBBoardv3.0.0.zip Version: 3.0.0 may be old version is...
ViArt Shop Evaluation 4.1 - Multiple Remote File Inclusions
Exploit Title: ViArt Shop Evaluation v4.1 Multiple Remote File Inclusion Vulnerability Date: 26/9/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.viart.com/ Software Link: http://www.viart.com/downloads/viartshop-4.1.zip Versio...
SiteGo - Remote File Inclusion
SiteGo - Remote File Inclusion Exploit Title: SiteGo Remote File Inclusion Vulnerability Date: 10/09/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://site-go.com/ Software Link: http://site-go.com/free/site-go.zip Tested on:...
Support4Arabs Pages 2.0 - SQL Injection
Support4Arabs Pages 2.0 - SQL Injection Exploit Title: Support4Arabs Pages v2.0 Remote SQL Error Based Injection Vulnerability Date: 04/9/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.support4arabs.com/ Software Link:...
MindTouch Deki Wiki 10.1.3 Local File Inclusion / Remote File Inclusion
Exploit Title: MindTouch Deki Wiki v10.1.3 Multiple Vulnerabilities Date: 11/08/2012 Author: L0n3ly-H34rT Homepage: http://se3c.tk/ Contact: [email protected] Software Link:...
Google Releases Chrome 17.0.963.56
Google has released Chrome 17.0.963.56 for Linux, Macintosh, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review th...
Ultimate Locator SQL Injection
Exploit Title: Ultimate Locator SQL Injection Vulnerability Author: Robert Cooper Robert.Cooper at areyousecure.net Software Link: http://www.ultimatelocator.com/ Dork: "Powered by Ultimate Locator" Tested on: Linux/Windows 7 Vulnerable File: resultslist.php Vulnerable parameter: radius= PoC:...
Plone Zope SAXutils Command Execution
Added: 01/13/2012 CVE: CVE-2011-3587 BID: 49857 OSVDB: 76105 Background Plone is a free and open source content management system built on top of the Zope application server. Plone can be used for any kind of website, including blogs, internet sites, webshops and internal websites. Problem Plone...
jbShop SQL Injection
Exploit Title: jbShop - e107 v7 CMS plugin - SQL Injection vulnerability Author: Robert Cooper adminatwebsiteauditing.org Software Link: http://sourceforge.net/projects/jbshop/ Tested on: Linux/Windows 7 Vulnerable Parameter: itemid= PoC:...
HT Editor 2.0.18 - File Opening Stack Overflow
HT Editor 2.0.18 - File Opening Stack Overflow Exploit Title: HT Editor File openning Stack Overflow 0day Date: March 30th 2011 Author: ZadYree Software Link: http://hte.sourceforge.net/downloads.html Version: Thanks =cut use 5.010; my $esp, $retaddr; my $scz =...
EQdkp-Plus Gallery < v2.1.2 Blind SQL Injection Vulnerabilty
Exploit for php platform in category web applications ============================================================ EQdkp-Plus Gallery "EQDKP Plus" inurl:mypics.php greetz to : x2k, medison, x33, bl4ckn3ss, Luk ... / $x =...
3Com OfficeConnect Routers DoS (Content-Type)
No description provided by source. Model - Tested on 3Com OfficeConnect ADSL Wireless 11g Firewall Router 3CRWDR100A-72 and 3CRWDR100Y-72 Software Version - Tested on 2.06T13 Apr 2007, last version for these routers Attacker - Tested from GNU/Linux Sidux and Ubuntu and Windows 7 Exploit languaje ...
XBMC 8.10 (get tag from file name) Remote Buffer Overflow Exploit
Exploit for windows platform in category remote exploits ================================================================= XBMC 8.10 get tag from file name Remote Buffer Overflow Exploit ================================================================= !/usr/bin/env python ''' Xbmc get tag from...
CVE-2007-3062
Cross-site scripting XSS vulnerability in HP System Management Homepage SMH before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
NULLhttpd <= 0.5.1 remote resources consumption
Luigi Auriemma Application: NULLhttpd http://nullhttpd.sourceforge.net/httpd/ Versions: = 0.5.1 Platforms: All supported Win & Unix Bug: Remote resources consumption Risk: Medium Author: Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org 1 Introduction 2 Bug 3 The Code...
New advisory + exploit from LByte
+- Limpid Byte Advisory 003---------------------------------+ | | | Program: 2fax | | Version: all =2.02 | | OS: Linux/Windows | | Bug: Buffer Overflow in -bpcx option | | Homepage: http://www.atbas.org | | | | Discovered by Crazy Einstein [email protected] | | |...
MyGuestbook 1.0 - Script Injection
MyGuestbook 1.0 - Script Injection source: https://www.securityfocus.com/bid/4651/info MyGuestbook is freely available guestbook software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. MyGuestbook does not adequately filter script code from various...
Linux news 30.04.00
Linux 2.3.99-pre6 Вышло новое ядро Linux из "нестабильной" серии: Linux 2.3.99-pre6. Подробнее: http://linuxtoday.com/stories/20829.html Kernel traffic 64 В новой версии обзора списка рассылки ядра можно узнать интересные подробности о: - дискуссии о DevFS - ошибках ioctl - проблемах с асинхронны...