WordPress Plugin SP Project & Document Manager 2.5.3 - Blind SQL Injection

Exploit Title: WordPress SP Project & Document Manager 2.5.3 Blind SQL Injection Google Dork: inurl:wp-content/plugins/sp-client-document-manager Date: 2015-03-04 Exploit Author: catsecurity Vendor Homepage: http://smartypantsplugins.com Software Link:...

AOL Search Reflected File Download

Oren Hafif reported a new kind of attack called Reflected File Download https://www.blackhat.com/eu-14/briefings.htmlreflected-file-download-a-new-web-attack-vector in Black Hat Europe 2014 conference. More details about the attack you can found in his public presentation:...

Adobe Flash CVE-2 0 1 5-0 3 1 3 new 0day-vulnerability warning-the black bar safety net

In the Adobe Flash Player newly discovered a high risk vulnerability, hackers can take advantage of its large-scale forced-by downloaddrive-by downloadattacks, also known as the“website hanging horse attack”, when you're viewing contains a malicious code of a web page or to access the AD, it will...

HackerOne: Reflected File Download

Info: Reflected File Download is a new web attack vector. It allows an attacker to craft a malicious file and present it to a victim, but there is no file present at the server. It was recently published at the BlackHat Eupore 2014 by Oren Hafif. Link to his presentation is given at the end...

mcGallery 1.1 - detail.php lang Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/28587/info mcGallery is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the...

Hacker discloses vulnerabilities in dozens of Military and Pentagon websites

A hacker with handle name !White! today disclose SQL injection vulnerabilities in dozens of Military, United Nation and Pentagon domains. SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. Through a Pastebin note hacker announce more details...

Hacker discloses vulnerabilities in dozens of Military and Pentagon websites

A hacker with handle name !White! today disclose SQL injection vulnerabilities in dozens of Military, United Nation and Pentagon domains. SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. Through a Pastebin note hacker announce more details...

Anonymous Attacker Package by Maxpain

Anonymous Attacker Package by Maxpain "Maxpain" Hacker and Security Developer, Releases two tools in an Package called "Anonymous Attacker Package". First one is - Anonymous external attack, allows you to execute udp flood web attack, into websites, this tool was made as external of LOIC, the...

Attackers taking advantage of Epsilon !

We blogged about the Epsilon data breach to give our customers a heads-up on the situation. Recently, our ThreatSeeker® Network discovered a Web attack that takes advantage of the unfortunate news. As with anything our ThreatSeeker Network discovers, Websense customers are protected by ACE, our...

UBUNTU-CVE-2009-4924

Dan Pascu python-cjson 1.0.5 does not properly handle a '/' argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting XSS attacks involving Firefox and the end tag of a SCRIPT element...

HTML 5 Comes With SQL Injection Risks

Internet Explorer 9 and Firefox 4 will support it, and Microsoft recently touted its advantages. But the upcoming version of HTML, which builds rich Internet application features into the Web programming language and shifts more Web functions to the client machine, also could open up new Web atta...

GlassFish Enterprise Server 2.1 - Admin Console /webService/webServicesGeneral.jsf URI Cross-Site Scripting

source: https://www.securityfocus.com/bid/34824/info GlassFish Enterprise Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied HTML and script code would run in the context of the affected site, potential...

Adobe Acrobat Reader Plugin - Multiple Vulnerabilities

Adobe Acrobat Reader Plugin - Multiple Vulnerabilities Original Advisory: http://www.wisec.it/vulns.php?page=9 Original Discovery and Research: Stefano Di Paola Contribution: Giorgio Fedon IE Dos, UXSS Analysis Elia Florio Poc and Code Execution analysis Status: Vendor Informed on 15 October 2006...

CVE-2006-5819

Verity Ultraseek before 5.7 allows remote attackers to use the server as a proxy for web attacks and host scanning via a direct request to the highlight/index.html script...

SKForum 1.x - 'planning.View.action?time' Cross-Site Scripting

source: https://www.securityfocus.com/bid/17389/info SKForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in th...

Microsoft Security Bulletin MS03-011:Flaw in Microsoft VM Could Enable System Compromise (816093)

-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------- Title: Flaw in Microsoft VM Could Enable System Compromise 816093 Date: 09 April 2003 Software: Microsoft VM Impact: Allow attacker to execute code of his or her choice Max Risk: Critical...