PHP Photo Album 0.4.1.16 Cross Site Scripting / Disclosure

---------------------------------------------------------------- PHP Photo Album Poc 2 http://localhost/phpAlbum/main.php?cmd=albumnew&keyword=XSS Demo :http://www.iloveazucar.com/phpAlbum/main.php?cmd=albumnew&keyword="onmouseover%3dprompt975554 bad%3d" Demo :http://www.dolfpretorius.com/main.ph...

PHP Photo Album <= (0.4.1.16) Multiple Disclosure Vulnerabilities

Exploit for php platform in category web applications ---------------------------------------------------------------- PHP Photo Album = 0.4.1.16 Multiple Disclosure Vulnerabilities ---------------------------------------------------------------- Exploit Title: PHP Photo Album = 0.4.1.16 Multiple...

XYCMS law firm built Station system 1.1 upload vulnerability-vulnerability warning-the black bar safety net

Source code description: XYCMS law firm built Station system contains firm profile, lawyers style, news centre, service areas, typical cases, legal advice, qualification, contact us section. Background function: Enterprise information management: including basic information management, adding,...

Fedora Project Mandating New Password and SSH Key Change

Recent site breaches like those at Kernel.org and Linux have prompted the Fedora Project to contact users to change their password and SSH public key before November 30 to avoid having their accounts marked as inactive. In a message posted on Wednesday to the Developer’s Announcements mailing lis...

A2CMS Local File Disclosure

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Author : St493r Contact : [email protected] Title : A2CMS Source Code Disclosure Vulnerability Vendor : http://a2cms.com Tested On : Linux Date : 28 - 09 - 2011 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++...

FreeBSD-SA-11:04.compress

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-11:04.compress Security Advisory The FreeBSD Project Topic: Errors handling corrupt compress file in compress1 and gzip1 Category: core Module: compress Announced...

FreeBSD-SA-11:05.unix

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-11:05.unix Security Advisory The FreeBSD Project Topic: Buffer overflow in handling of UNIX socket addresses Category: core Module: kern Announced: 2011-09-28...

TimeLive Time And Expense Tracking 4.1.1 Traversal / Disclosure

Exploit Title : TimeLive Time and Expense Tracking = Multiple Vulnerabilities Vulnerability : Directory Traversal / Remote Database Download / File Download / Source Code Disclosure Date : 28/09/2011 Author : Nathaniel Carew Impact : High Software Link :...

timelive time and expense tracking 4.1.1 - Multiple Vulnerabilities

Exploit Title : TimeLive Time and Expense Tracking = Multiple Vulnerabilities Vulnerability : Directory Traversal / Remote Database Download / File Download / Source Code Disclosure Date : 28/09/2011 Author : Nathaniel Carew Impact : High Software Link :...

Code injection

The Server Administration Console in NetSaro Enterprise Messenger Server 2.0 allows remote attackers to read application source code by appending a %00 character to a URL...

CVE-2011-3694

The Server Administration Console in NetSaro Enterprise Messenger Server 2.0 allows remote attackers to read application source code by appending a %00 character to a URL...

TimeLive Time and Expense Tracking 4.1.1 Multiple Vulnerabilities

Exploit for asp platform in category web applications Exploit Title : TimeLive Time and Expense Tracking = Multiple Vulnerabilities Vulnerability : Directory Traversal / Remote Database Download / File Download / Source Code Disclosure Date : 28/09/2011 Author : Nathaniel Carew Impact : High...

BruCON Agnitio workshop Slides and Video Demonstration - Download

BruCON Agnitio workshop Slides and Video Demonstration - Download Workshop by David Rook Security Ninja at BruCON 2011 in Belgium. You can Download Slide from here. Required for the Agnitio hands on demos: A 32bit Windows Operating System XP or 7 preferably – VM will be fine .NET framework 3.5...

Aldi Bot - Buy a Botnet just in 10 Euros

Aldi Bot - Buy a Botnet just in 10 Euros Researchers of German security firm G Data have discovered that a bot builder dubbed "Aldi Bot" is currently being offered for that much on underground forums. The Aldi Bot Builder appears to be based on the ZeuS source code. The malware has nothing to do...

i-Gallery 3.4 Source Code Disclosure

=========================================================== i-Gallery 3.4 asp Remote Source Code Disclosure Vulnerability ----------------------------------------------------------- foun by :kurdish hackers team group : kurd-team contact : [email protected] site : kurdteam.org...

i-Gallery 4.1 Source Code Disclosure

=========================================================== i-Gallery 4.1 asp Remote Source Code Disclosure Vulnerability ----------------------------------------------------------- foun by :kurdish hackers team group : kurd-team contact : [email protected] site : kurdteam.org...

CVE-2011-3502

The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing 1 space or 2 %2e encoded dot...

Design/Logic Flaw

The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing 1 space or 2 %2e encoded dot...

CVE-2011-3502

The Cogent DataHub web server (versions up to 7.1.1.63) is affected by CVE-2011-3502, which allows remote attackers to obtain the source code of executable files via a crafted request that includes a trailing space or an encoded dot (%2e). Affected products include Cogent DataHub up to 7.1.1.63 a...

Linux Foundation Shuts More Web Sites After Discovering Compromise

The ripple effects of an August attack on the website kernel.org washed up on the Linux Foundation last week, forcing the group to take down its Web site and warn users that their account information may have been compromised. A message posted on the Foundation’s Web site, linux.com, over the...