SEC Consult SA-20131004-0 :: SQL injection vulnerability in Zabbix

SEC Consult Vulnerability Lab Security Advisory 20131004-0 ======================================================================= title: SQL injection vulnerability product: Zabbix vulnerable version: =2.0.8 fixed version: 2.0.9rc1 CVE number: CVE-2013-5743 impact: critical homepage:...

October 2013 Adobe Patches Unrelated to Adobe Hack, Breach

Adobe, still reeling from the public disclosure of a massive breach of source code and customer information, released two security advisories today patching vulnerabilities unrelated to the recent break-in. The first concerns a vulnerability in Adobe RoboHelp 10 for Windows that could allow an...

Adobe Hackers Hit Other Companies

The attackers behind the Adobe hack and breaches against data brokers such as LexisNexis have also been linked to similar intrusions against other unnamed organizations. Security expert Alex Holden, who along with security blogger Brian Krebs uncovered the data lost in the Adobe breach, said thos...

Bitcoin Talk forum hacked; Database for Sale by Hacker; Website currently down

Bitcoin Talk, the popular Bitcoin discussion forum, has been hacked and as it stands the site is currently unreachable. Bitcointalk has been down for nearly 6 hours. The forums have been allegedly hacked and Defaced by "The Hole Seekers" and selling 150,000 emails and hashed passwords stolen from...

Adobe Gets Hacked; Hackers Steal 2.9 million Adobe Customers accounts

Hackers broke into Adobe Systems' internal network on Thursday, stealing personal information on 2.9 million customers and the source code for several of Adobe's most popular products. This an absolutely massive blow to Adobe, especially their reputation. Adobe, which makes Photoshop and other...

GLPI 0.84.1 RCE

Remote command execution vulnerability in GLPI install/install.php Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Bitcoin Talk forum hacked; Database for Sale by Hacker; Website currently down

Bitcoin Talk, the popular Bitcoin discussion forum, has been hacked and as it stands the site is currently unreachable. Bitcointalk has been down for nearly 6 hours. The forums have been allegedly hacked and Defaced by “The Hole Seekers” and selling 150,000 emails and hashed passwords stolen from...

Adobe Gets Hacked; Hackers Steal 2.9 million Adobe Customers accounts

Hackers broke into Adobe Systems’ internal network on Thursday, stealing personal information on 2.9 million customers and the source code for several of Adobe’s most popular products. This an absolutely massive blow to Adobe, especially their reputation. Adobe, which makes Photoshop and other...

Adobe Acrobat, ColdFusion Source Code, Customer Data Stolen

Attackers accessed customer IDs, encrypted passwords as well as source code for a number of Adobe products, Adobe chief security officer Brad Arkin announced. Arkin said Adobe is working with law enforcement on the breach in which attackers accessed source code for Adobe Acrobat, ColdFusion,...

Zenphoto 1.4.5.2 Cross Site Scripting / SQL Injection

SOJOBO-ADV-13-01 - Zenphoto 1.4.5.2 multiple vulnerabilities I. Information ================== Name : Zenphoto 1.4.5.2 multiple vulnerabilities Software : Zenphoto 1.4.5.2 and possibly below. Vendor Homepage : http://www.zenphoto.org/ Vulnerability Type : SQL Injection, Reflected Cross-Site...

Adobe Customer Information and Source Code Compromises

US-CERT is aware of the public acknowledgement of a compromise of up to 3 million Adobe customers' information, including names and detailed account information. The source code for multiple Adobe products may also have been compromised. US-CERT advises that Adobe customers be aware of possible...

CVE-2013-5572

Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldapbindpassword value in the HTML source code...

CVE-2013-5572

Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldapbindpassword value in the HTML source code...

XYCMS装修设计公司源码系统1.5多处注入漏洞

简要描述： XYCMS装修设计公司源码系统1.5 多处注入漏洞及反射型xss 详细说明： common.asp,fwxmdetail.asp未进行任何过滤就直接带入数据库查询 没有相关信息！" response.End end if % news.asp也是未进行任何过滤就带入数据库查询 漏洞证明： img src="https://images.seebug.org/upload/201309/250204389...

[Binrev] Automate Reversing Windows Binaries for Pentesters

What you can do with this? Static analysis: you can do a basic manual code review for decompiled sources to discover hidden communication channels, search for hard-coded passwords, or SQL injection vulnerabilities. Import decompiled projects to an IDE to reconstruct and modify the original source...

ymlp.com validated-email grabber from online newsletter company

Obtains email addresses from subscribers to mailinglists of clients of ymlp.com. This is 73 lines of proof-of-concept-Java 7 source code 1 file that does 10 http requests to ymlp.com to obtain one email-address. The emailaddress is printed to stdout along with logging information. This is repeate...

Sophos Web Protection Appliance 3.8.1 RCE

Remote root command execution vulnerability in Sophos Web Protection Appliance Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

[OWASP Broken Web Applications Project VM v1.1] Collection of vulnerable web applications

The Broken Web Applications BWA Project is a collection of vulnerable web applications that is distributed on a Virtual Machine. The Broken Web Applications BWA Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in: Learning about...

Oracle Java lookUpByteBI - Heap Buffer Overflow

Exploit Title: Oracle Java lookupByteBI function heap buffer overflow Google Dork: Date: 2013-09-03 Exploit Author: GuHe Vendor Homepage: http://www.oracle.com/ Software Link: http://www.oracle.com/technetwork/java/javase/downloads/index.html Version: 7u21 and eariler Tested on: Windows 7 CVE :...

CVE-2013-4124 samba nttrans dos private exploit

Hi Forks! It's my samba private exploit and article of it. the security bug occurs while nttrans reply in samba daemon source code tree. the remote dos exploit that i copied from another nttrans exploit in 2003. and can't test it yet, check it out! CVE-2013-4124 samba dos private exploit: -...