Vimeo: CRITICAL full source code/config disclosure for Cameo

Hi! The server at https://ci.cameo.tv/ has directory listing on and seems to host quiet a few debian packages containing extremely sensitive information database paswords, API keys, you name it. One example is the config package containing 16 config files, even personal ones containing local...

CTF: ASUS RT-AC66U router vulnerabilities problem-solving analysis-vulnerability warning-the black bar safety net

I'm on EFF's open wireless router campaign is very interested in, however they not at all on their device display. The rules of the game in the RT-AC66U are listed as may be used to attack the device. I have a personal RT-AC66U, so I decided for all the CTF participants to write a small tutorial...

Wordpress WP Symposium File Upload

File upload vulnerability in Wordpress WP Symposium Plugin Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

SecurityAdvisory 2015-04-14

The source code contains a logical flaw related to user PIN aka PW1 verification that allows an attacker with local host privileges and/or physical proximity NFC to perform security operations without knowledge of the user’s PIN code...

NetDecision-Traffic-4.5.1

Title : Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability Author : Prabhu S Angadi SecPod Technologies www.secpod.com Vendor : http://www.netmechanica.com Advisory : http://secpod.org/blog/?p=481...

Openwall 3.1 Released With Fixes for Shellshock, POODLE Attack

The maintainers of the Openwall security enhanced Linux distribution have released a new stable version, which includes fixes for a number of serious vulnerabilities, such as the Shellshock Bash bug and the flaw in SSLv3 that leads to the POODLE attack. Openwall is designed to be a small, compact...

ASUSWRT 3.0.0.4.376_1071 - LAN Backdoor Command Execution Exploit

ASUSWRT version 3.0.0.4.3761071 suffers from a remote command execution vulnerability. A service called "infosvr" listens on port 9999 on the LAN bridge. Normally this service is used for device discovery using the "ASUS Wireless Router Device Discovery Utility", but this service contains a featu...

Facebook Careers Page XXE Vulnerability Patched

A vulnerability was discovered and patched in a third-party service that handles resumes on Facebook’s careers page. The discovery was worth more than $6,000 in a bounty paid out by Facebook to researcher Mohamed Ramadan of Egypt, who published some details of the vulnerability and exploit on his...

Windows Meterpreter (Reflective Injection), Hidden Bind Ipknock TCP Stager

Inject the Meterpreter server DLL via the Reflective Dll Injection payload staged. Requires Windows XP SP2 or newer. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping...

Enter: Stored XSS in api key of operator wallet

Make an operation wallet 2. Open wallet settings 3. Press "New key" 4. In source code remove "maxlength=30" of key's name input tag - no length check on server-side 5. Fill name input with "asdf" PoC 6. Press "Generate Key" 7. After that when open wallet settings we got XSS. 8. In case we can...

NotePad++ 6.6.9 Buffer Overflow

!/usr/bin/python Exploit Title: NotePad++ v6.6.9 Buffer Overflow URL Vendor: http://notepad-plus-plus.org/ Vendor Name: NotePad Version: 6.6.9 Date: 22/12/2014 CVE: CVE-2014-1004 Author: TaurusOmar Twitter: @TaurusOmar Email: [email protected] Home: overhat.blogspot.com Risk: Medium...

John the Ripper 1.8.0-jumbo-1 - Fast Password Cracker

John the Ripper is a free password cracking software tool. Initially developed for the Unix operating system, it now runs on fifteen different platforms eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVMS. It is one of the most popular password testing and...

Notepad++ 6.6.9 - Buffer Overflow

Notepad++ 6.6.9 - Buffer Overflow !/usr/bin/python Exploit Title: NotePad++ v6.6.9 Buffer Overflow URL Vendor: http://notepad-plus-plus.org/ Vendor Name: NotePad Version: 6.6.9 Date: 22/12/2014 CVE: CVE-2014-1004 Author: TaurusOmar Twitter: @TaurusOmar Email: [email protected] Home:...

Design/Logic Flaw

Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019...

CVE-2014-8007

Cisco Prime Infrastructure is affected by a vulnerability where the Quick Discovery options page HTML source contains stored device-discovery passwords. Exploitation requires authenticated access, enabling an attacker to view passwords through normal page inspection. The issue is described in Cis...

Mango cloud KODExlporer information leak+arbitrary command execution getshell(a-vulnerability warning-the black bar safety net

Do you want to blast your entire chrysanthemum it??? I take it slow and... Don't be afraid to hurt it. Give up Detailed description: Code I from official website next. Dog brother, waiting for the Universal rewards. I don't have how analysis, own download sets of source code to build it! I don't...

openSUSE Security Update : perl-Plack (openSUSE-SU-2014:1639-1)

This perl-Plack update fixes the following security issue : - bnc892328: trailing slashes removed leading to source code disclosure CVE-2014-5269 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Updat...

Wix.com Cross Site Scripting

57 million web pages are affected by a security problem in wix.com Proof of concept of a web page made in wix.com: http://www.itsec.cl/ to see the source code can observe the following: ... Find the SEO content of this site's homepage via http://www.itsec.cl/?escapedfragment= That is where search...

OracleVM 3.3 : wget (OVMSA-2014-0036)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2014-4877 wget: FTP symlink arbitrary filesystem access 1156133 - Fix the parsing of weblink when doing recursive retrieving 960137 - Fix errors found by static analysis of source code 873216 ...

Android WAPPushManager - SQL Injection

INTRODUCTION ================================== In Android 5.0, a SQL injection vulnerability exists in the opt module WAPPushManager, attacker can remotely send malformed WAPPush message to launch any activity or service in the victim's phone need permission check DETAILS...