Categorizator 0.3.1 - SQL Injection

Categorizator 0.3.1 - SQL Injection Exploit Title: Categorizator 0.3.1 | SQL Injection Date: 03/09/16 Exploit Author: Wad Deek Vendor Homepage: http://lelogiciellibre.net/telecharger/annuaire-web.php Software Link: ftp://ftp2.lelogiciellibre.net/lelogiciellibre/annu/categorizator031.zip Version:...

OpenCimetiere v3.0.0-a5 - Blind SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: OpenCimetiere v3.0.0-a5 | Blind SQL Injection Date: 06/08/16 Exploit Author: Wad Deek Vendor Homepage: http://www.openmairie.org/ Software Link: http://www.openmairie.org/catalogue/opencimetiere/ Version: 3.0.0-a5 +3.0.0-a5...

FreeBSD-SA-16:29.bspatch

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:29.bspatch Security Advisory The FreeBSD Project Topic: Heap overflow vulnerability in bspatch Category: core Module: bsdiff Announced: 2016-10-10 Affects:...

FreeBSD-SA-16:30.portsnap

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:30.portsnap Security Advisory The FreeBSD Project Topic: Multiple portsnap vulnerabilities Category: core Module: portsnap Announced: 2016-10-10 Affects: All...

Source Code Released for Mirai DDoS Malware

The dangers of haphazardly connecting embedded devices to the Internet have manifested themselves in mammoth distributed denial-of-service attacks, in particular one two weeks ago against security journalist Brian Krebs’ website that peaked at better than 620 Gbps. The situation worsened over the...

Pop Under Ads Network 1.0 MySQL Credential Disclosure

| Title : pop under ads network v1.0 MySQL connection credentials Vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : 1.0 | Vendor : http://dl.20script.ir/script/ads/20S-pop-under-ads-network-v1.0www.20script.ir.zip...

Internet Bug Bounty: CVE-2016-7418 PHP Out-Of-Bounds Read in php_wddx_push_element

CVE-2016-7418 PHP Out-Of-Bounds Read in phpwddxpushelement 1. Affected Version + PHP 7.0.10 + PHP 5.6.25 2. Credit This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB. 3. Testing Environments + OS: Ubuntu + PHP: 7.0.10 + Compiler: Clang + CFLAGS: -g -O0 -fsanitize=address 4. PoC...

ZineBasic 1.1 - Arbitrary File Disclosure

Title: ZineBasic 1.1 Remote File Disclosure Exploit Author: bd0rk || East Germany former GDR Tested on: Ubuntu-Linux Vendor: http://w2scripts.com/news-publishing/ Download:...

Internet Bug Bounty: SEH buffer overflow msgfmt_format_message

Upstream bug --------------- https://bugs.php.net/bug.php?id=73007 Fixed in PHP 7.0.11 and PHP 5.6.26 --------------- http://php.net/ChangeLog-5.php5.6.26 http://php.net/ChangeLog-7.php7.0.11 Patch ------- http://git.php.net/?p=php-src.git;a=commit;h=20fa323d53257a776bd7551ce7bdb2261cfe5420...

Visonic PowerLink2 Vulnerabilities

OVERVIEW Independent researcher Aditya K. Sood has identified cross-site scripting and source code disclosure vulnerabilities in Visonic’s PowerLink2 module. Visonic has produced an updated version to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED...

Android Security Bulletin—September 2016Stay organized with collectionsSave and categorize content based on your preferences.

ded The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air OTA update. The Nexus firmware images have also been released to the Google Developer site...

Linux netfilter OOB root mention the right vulnerability analysis-vulnerability warning-the black bar safety net

Famous ExploitDatabase website www.exploit-db.com recently posted a netfilter module. the right to the POC, the author is Vitaly Nikolenko on. OOB it! Netfilter is! Meal a sense of curiosity, decision analysis, analysis of process and outcomes to share as follows. 0×0 extraordinaire mention the...

ZKTeco ZKBioSecurity 3.0 - Directory Traversal

ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator:...

2wire Gateway Authentication Bypass

Gateway Authentication Bypass Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

Oracle Glassfish Server Directory Traversal

Directory traversal vulnerability Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

Comtrend Router Password Disclosure

Remote password disclosure Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

Dotclear 2.9.1 Directory Download

Dotclear 2.9.1 Directory Download Vulnerability + Software: https://dotclear.org/ + Author: Wiswat Aswamenakul + Affected version: only tested on 2.9.1 previous version might be affected + Platform: tested on Ubuntu 14.04, PHP 5.5.9 + Description Authenticated users with media manager access...

BFAC - Backup File Artifacts Checker

An automated tool that checks for backup artifacts that may discloses the web-application's source code. \ \ \ | | /| || / | / / | | || | | | | || | | \ \ | | || | | | | || /\ |/ / |/ |/ |/ -:::Backup File Artifacts Checker:::- An automated tool that checks for backup artifacts that may...

WordPress Plugin Mail Masta 1.0 - Local File Inclusion

Date: 23-8-2016 + Autor Guillermo Garcia Marcos + Vendor: https://downloads.wordpress.org/plugin/mail-masta.zip + Title: Mail Masta WP Local File Inclusion + info: Local File Inclusion The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a "dynamic file...

Raptor - Web-based Source Code Vulnerability Scanner

Raptor is a web-based web-serivce + UI github centric source-vulnerability scanner i.e. it scans a repository with just the github repo url. You can setup webhooks to ensure automated scans every-time you commit or merge a pull request. The scan is done asynchonously and the results are available...