iScripts EasyCreate CMS 2.0 SQL Injection / Cross Site Scripting

Title: ====== iScripts EasyCreate CMS v2.0 - Multiple Web Vulnerabilites Date: ===== 2012-06-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=588 VL-ID: ===== 588 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...

Joomla jFancy 2.03 Shell Upload

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

Snack Attack: Analyzing Flame's Replication Pattern

The Flame malware uses several methods to replicate itself. The most interesting one is the use of the Microsoft Windows Update service. This is implemented in Flame’s “SNACK”, “MUNCH” and “GADGET” modules. Being parts of Flame, these modules are easily reconfigurable. The behavior of these modul...

PowerSploit

This project is no longer supported PowerSploit is a col...

Through the Zend directory permissions are not strict get execute permissions-bug warning-the black bar safety net

On the server a lot have installed Zend Even if C:\Program Files\ set permissions, install Zend, Zend will auto-configure directory permissions C:\Program Files\Zend\ZendOptimizer-3.3.0\ under the directory permissions for the Everyone full,which leads to the intruder can be written into the file...

SA-CONTRIB-2012-080 - Hostmaster (Aegir) - Access Bypass and Cross Site Scripting (XSS)

Cross Site Scripting CVE: CVE-2012-2708. Hostmaster displays a log from tasks executed in Aegir's backend component, provision. In certain circumstances these log messages were not escaped properly before being displayed to the user. This vulnerability is mitigated by the fact that people wishing...

[SECURITY] Fedora 16 Update: python-2.7.3-1.fc16

Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as t...

Citing Terms Of Service, Google Takes Down Blog Of Iranian Security Researcher

An Iranian man who revealed a vulnerability in a widely used point of sale POS system in Iran had his blog confiscated by Google, which cited violations of its Terms of Service. A Google spokesman acknowledged that the company pulled down the Blogger site that Khosrow Zarefarid, an Iranian IT...

Fedora Update for pam FEDORA-2011-16390

Check for the Version of pam OpenVAS Vulnerability Test Fedora Update for pam FEDORA-2011-16390 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Joomla 2.5 Modules Simple Spotlight Upload Shell

Exploit for php platform in category web applications Joomla 2.5 Modules Simple Spotlight Upload Shell 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 3 3 3 3 7 | | | | || | | | / \ | / | / / 3 1 | | | | | || | | | | | | | | || | / / 7 3 | Exploit Modules Joomla by...

Mercury v1.0 - Framework for bug hunters to find Android vulnerabilities

Mercury v1.0 - Framework for bug hunters to find Android vulnerabilities A free framework for bug hunters to find vulnerabilities, write proof-of-concept exploits and play in Android. Use dynamic analysis on Android applications and devices for quicker security assessments. Share publicly known...

PRE PRINTING STUDIO - SQL Injection

Exploit Title: PRE PRINTING STUDIO Sql Injection Date: 16/03/2012 Author: r45c4l Email: [email protected] Script url: http://www.preprojects.com/preprojects/printing.asp Version: N/A CVE : ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::...

Saman Portal Local File Inclusion

=========================================================== + Title: Iranian Saman portal LFI + Date: 2/28/12 + Author: TMT + Mail: taktazm2800a.tyahoo.com + Type: PHP + Vendor or Software Link: http://www.sis-eg.com + Customers: http://sis-eg.com/services/customers/ + Google dork:...

Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities

Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities !-- Title: Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities Vendor: Zend Technologies Ltd. Product web page: http://www.zend.com Affected version: Zend Server 5.6.0 Zend Optimizer+ 4.1 Zend Code Tracing 1.0 Zen...

Saman Portal Local File Inclusion Vulnerability

Exploit for php platform in category web applications =========================================================== + Title: Iranian Saman portal LFI + Date: 2/28/12 + Author: TMT + Mail: taktazm2800a.tyahoo.com + Type: PHP + Vendor or Software Link: http://www.sis-eg.com + Customers:...

Saman Portal - Local File Inclusion

=========================================================== + Title: Iranian Saman portal LFI + Date: 2/28/12 + Author: TMT + Mail: taktazm2800a.tyahoo.com + Type: PHP + Vendor or Software Link: http://www.sis-eg.com + Customers: http://sis-eg.com/services/customers/ + Google dork:...

SA-CONTRIB-2012-031 - Multiple Modules Unsupported - UC PayDutchGroup - Information leakage and Multisite Search sql injection

CVE: CVE-2012-1655 UC PayDutchGroup / WeDeal payment integrates the PayDutchGroup / WeDeal payment gateway with Ubercart. The module exposes account credentials for the store's PayDutchGroup account under certain circumstances allowing a malicious user to login to the PayDutchGroup site as the...

Cisco Releases Multiple Security Advisories

Cisco has released six security advisories to address vulnerabilities affecting the following products: Cius Wifi devices running Cius Software Version 9.21 SR1 and prior Cisco Unified Communications Manager Software versions 6.x, 7.x, and 8.x Cisco Business Edition 3000, 5000, and 6000 Cisco Uni...

Gazelle Anatasoft CMS v1.x - Multiple Web Vulnerabilities

Document Title: =============== Gazelle Anatasoft CMS v1.x - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=451 Release Date: ============= 2012-02-27 Vulnerability Laboratory ID VL-ID: ==================================== 4...

Metasploit Framework 4.2.0 : IPv6, VMware, and Tons of Modules!

Metasploit Framework 4.2.0 : IPv6, VMware, and Tons of Modules! Since last release in October, Metasploit added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads. Metasploit 4.2 now ships with thirteen brand new payloads, all added to support opening...