BlackHole Toolkit v2 Landing Page Stage Code Execution

Blackhole is a web exploit kit that operates by delivering malicious payload to the victim's computer...

BlackHole Toolkit v2 Flash Player Payload Stage Code Execution

Blackhole is a web exploit kit that operates by delivering malicious payload to the victim's computer...

BlackHole Toolkit v2 Adobe Reader Payload Stage Code Execution

Blackhole is a web exploit kit that operates by delivering malicious payload to the victim's computer...

Apache Struts OGNL表达式注入漏洞(CVE-2013-2134)

BUGTRAQ ID: 60346 CVECAN ID: CVE-2013-2134 Struts2 是第二代基于Model-View-Controller MVC模型的java企业级web应用框架。它是WebWork和Struts社区合并后的产物。 Apache Struts 2.0.0-2.3.14.3存在远程OGNL表达式注入漏洞，远程攻击者可利用此漏洞操作服务器端对象并在受影响应用上下文中执行任意命令。此漏洞源于通配符匹配错误。 0 Apache Group Struts 2.x 厂商补丁： Apache Group ------------ Apache...

Stabuniq Trojan rapidly stealing data from US banks

--- Trojan.Stabuniq geographic distribution by unique IP address Security researchers from Symantec have identified a new Trojan that appears to be targeting financial institutions. Dubbed Trojan.Stabuniq, the malware has been collecting information from infected systems potentially for the...

OrangeHRM - 'sortField' SQL Injection

source: https://www.securityfocus.com/bid/56417/info OrangeHRM is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...

To bypass the wisdom to create online waf to continue injection-vulnerability warning-the black bar safety net

Wisdom web site professional-grade firewall in some web environments, can be bypassed Detail Description: with various tools, resulting in the web exploit very easy, and web programmer many not all web vulnerabilities are very understanding, and training cost also is very high, therefore, some...

Cross-platform Trojan : Mac, Windows, Linux - Nothing safe !

Security researchers working for F-Secure have found a web exploit that detects the operating system of the computer and drops a different trojan to match.The attack was first seen on a Columbian transport website which had been hacked by a third party. This malware is known as GetShell.A and...

Blackhole Exploit Kit's Dominance On Infected Hosts Could Push Rivals To the Cloud

The Blackhole exploit kit has a near monopoly on infected Web pages, according to Web security firm M86’s latest Security Labs Report, issued today. PDF The bi-annual report, which covers the last half of 2011, July to December, describe Blackhole as the source of a whopping 95 percent of all the...

易分销任意文件打包下载漏洞 管理员请删掉上一份 此份为准！

简要描述： 可以打包下载任意文件。。 详细说明： 通过注册注册地址：http://shop.fenxiaowang.com/index.php 进入试用后台 通过模板打包功能 修改提交参数 可以打包任何路径下的文件 方式如下 http://shop-xxxxxxx.shopex.fenxiaowang.com/shopadmin/index.php?ctl=system/template&act=dlpkg&p0=../../ 此漏洞同样存在 易开店系统。。 说一句无关的话：收到短信提醒 说shopex 给我发礼物，请我注意查收？礼物是什么 ？在哪里收？？？？！！！ 漏洞证明：...

SEO Ecommerce(Shopping)<= XSRF/CSRF Vulnerabilities

Exploit for php platform in category web applications ===================================================================== . . . . | | ||/ | || | / / \ / /\ | | / | \ \ | |/ | \ / | || | // | / // | \ /\ | /|//|||| |\ | / /|| / Exploit-ID is the Exploit Information Disclosure Web :...

Pligg CMS 1.1.4 - SQL Injection

Pligg CMS 1.1.4 - SQL Injection Exploit Title: Pligg = 1.1.4 SQL injection Date: 03/23/2011 Author: Null-0x00 Software Link: http://pligg.com/ Version: = 1.1.4 Websites: zenk-security.com & hackerzvoice.net Description An SQL Injection has been found on /rsssearch.php in pligg CMS 1.1.4. Prior...

mygamingladder MGL Combo System <= 7.5 game.php SQL injection Exploit

Exploit for php platform in category web applications ===================================================================== mygamingladder MGL Combo System = 7.5 game.php SQL injection Exploit =====================================================================...

Microsoft Internet Explorer - Unsafe Scripting Misconfiguration (Metasploit)

$Id: ieunsafescripting.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

xt:Commerce Gambio 2008 &lt; 2010 - &#039;reviews.php&#039; Error-Based SQL Injection

/ / / / / / / / / / // / / / / ///// // Exploit Title: xt:Commerce Gambio 2008 - 2010 ERROR Based SQL Injection "reviews.php" Date: 2010-09-18 Author: secret Contact : [email protected] / ICQ : 17-33-77 Site : swissfaking.net/board Software Link: http://www.gambio.de/ Version: 2006 - 2008...

Joomla! Component eventCal 1.6.4 - Blind SQL Injection

Founded by RoAdKiLlEr Team: Albanian Hacking Crew Contact: RoAdKiLlEratKhg-CrewdotWs Home: http://a-h-crew.net Download App:http://joomlacode.org/gf/project/eventcal/frs/ ==========ExPl0iT3d by RoAdKiLlEr========== +Description: eventCal is a calendar component for Joomla!. It enables you to...

Ecomat CMS - SQL Injection

Vulnerability ID: HTB22390 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityinecomatcms.html Product: Ecomat CMS Vendor: Codefabrik GmbH Vulnerable Version: 5.0 and Probably Prior Versions Vendor Notification: 18 May 2010 Vulnerability Type: SQL Injection Status: Not Fixed,...

Eyeland Studio Inc. - SQL Injection

Eyeland Studio Inc. - SQL Injection Title: Eyeland Studio Inc. SQL Injection Vulnerability Version: 2.0 Author: Mr.P3rfekT Software Site:http://www.eyeland.com/ Tested on Lunix CVE : N/A Home :www.realmadridsy.com & www.v4-team.com/cc Founded By Mr.P3rfekT Dork :"Eyeland Studio Inc. All Rights...

LDAP Injection Proof Of Concept

Vurnerebility: LDAP Injection + Category : Implemented Web exploit + Category : Attack Technique + Author : mc2s3lector + dork : X/o" + Contact : www.yogyacarderlink.web.id + date : 4-2-10 + biGthank to : Allah SWT,jasakom,KeDai Computerworks,0n3-d4y n3ro,eplaciano, all.indonesian like a coding,...

LDAP - Injection

LDAP - Injection + Vurnerebility: LDAP Injection + Category : Implemented Web exploit + Category : Attack Technique + Author : mc2s3lector + dork : X/o" + Contact : www.yogyacarderlink.web.id + date : 4-2-10 + biGthank to : Allah SWT,jasakom,KeDai Computerworks,0n3-d4y n3ro,eplaciano,...