27 matches found
A week in security (October 30 – November 5)
Last week on our blog, we told you what to expect at the upcoming Irisscon security conference in Dublin. We gave you a quick introduction into the why and how of analyzing malware based on their API calls. And we issued a warning about some lesser-known cybercrimes. Plus we explained why emergin...
PHDays VII: To Vulnerability Database and beyond
Last Tuesday and Wednesday, May 23-24, I attended PHDays VII conference in Moscow. I was talking there about vulnerability databases and the evolution process of vulnerability assessment tools, as far as I understand it. But first of all, a few words about the conference itself. I can tell that...
[PDFMiner] Python PDF parser and analyzer
PDFMiner is a tool for extracting information from PDF documents. Unlike other PDF-related tools, it focuses entirely on getting and analyzing text data. PDFMiner allows one to obtain the exact location of text in a page, as well as other information such as fonts or lines. It includes a PDF...
Classified Ultra ScriptsGenie XSS / SQL Injection Vulnerabilities
Classified Ultra ScriptsGenie suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data. Exploit Title; Classified Ultra ScriptsGenie Multiple Vulnerabilities Date; 20/1/13 Author; 3spi0n Script Vendor or Software Link;...
Marketing Development Script SQL Injection Vulnerability
Marketing Development Script suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data. Exploit Title; Marketing Development Script SQL Injection Vulnerability Date; 3/12/12 Author; 3spi0n Script Vendor or Software Link; http://www.marketingdev.com/...
YT-Videos Script SQL Injection
Exploit Title; YT-Videos Script SQL Injection Vulnerability Date ; 6/8/12 Author ; 3spi0n Script Vendor or Software Link ; http://www.hotscripts.com/listing/yt-videos-script/ - http://www.webtoolsin.com/products-3-yt-videos-script.html Category ; Webapps Type ; SQL Injection MySQLi Tested on ;...
Ultrastats 0.2.142 - 'players-detail.php' Blind SQL Injection
!/usr/bin/perl use LWP::UserAgent; use Getopt::Long; ! Discovered.: DNX ! Vendor.....: http://www.shooter-szene.de | http://www.ultrastats.org ! Detected...: 29.06.2008 ! Reported...: 04.07.2008 ! Response...: xx.xx.2008 ! Background.: UltraStats is a very flexable log analyzing tool for Call of...