Magazine Basic - wp-content/themes/magazine-basic/view_artist.php id Parameter SQL Injection

The Magazine Basic WordPress theme was affected by a wp-content/themes/magazine-basic/viewartist.php id Parameter SQL Injection security vulnerability...

WordPress Basic Theme - File Upload Arbitrary Code Execution

A "themify-ajax.php" file upload arbitrary PHP code execution vulnerability was found in WordPress Basic theme. Solution Update the theme...

Facebook's Internet.Org App Offers Free Internet in Zambia

Earlier this month, the founder of the Social Networking giant highlighted the future of universal Internet access, the dream that Facebook founder Mark Zuckerberg wants to fulfil, in an effort to make Internet access available to everyone across the world just like a service as essential as of 9...

Barracuda Networks #35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability

Document Title: =============== Barracuda Networks 35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1101 Barracuda Networks Security ID BNSEC: BNSEC-2361...

Netgear DGN2200 Password Disclosure

Exploit Title: Password Disclosure vulnerability Software: NETGEAR DGN2200 Software Link: netgear.com Version: DGN2200 Author: Dolev Farhi, email: dolevatopenflaredotorg Date: 23.7.2014 Tested on: Kali Linux Firmware 1.0.0.291.7.29HotS 2. Vulnerability Description: ===============================...

NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure

Exploit for hardware platform in category web applications Exploit Title: Password Disclosure vulnerability Software: NETGEAR DGN2200 Software Link: netgear.com Version: DGN2200 Author: Dolev Farhi, email: dolevatopenflaredotorg Date: 23.7.2014 Tested on: Kali Linux Firmware 1.0.0.291.7.29HotS 2...

Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure

Exploit Title: Password Disclosure vulnerability Software: NETGEAR DGN2200 Software Link: netgear.com Version: DGN2200 Author: Dolev Farhi, email: dolevatopenflaredotorg Date: 23.7.2014 Tested on: Kali Linux Firmware 1.0.0.291.7.29HotS 2. Vulnerability Description: ===============================...

EAP6: Plain text password logging during security audit

It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...

EAP6: Plain text password logging during security audit

It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...

C99.php Shell - Authentication Bypass

No description provided by source. Exploit Title: C99 Shell Authentication Bypass via Backdoor Google Dork: inurl:c99.php Date: June 23, 2014 Exploit Author: mandatory Matthew Bryant Vendor Homepage: http://ccteam.ru/ Software Link: https://www.google.com/ Version: 1.00 beta Tested on:Linux CVE:...

DEBIAN-CVE-2014-0247

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx...

Asus RT-N66U 3.0.0.4.374_720 - CSRF Vulnerability

Description: The Asus RT-N66U is a home wireless router. Its web application has a CSRF vulnerability that allows an attacker to execute arbitrary commands on the target device. Exploitable URL: The parameter SystemCmd in the URL below causes the device to execute arbitrary commands. The value...

Monit <= 4.2 - Remote Root Buffer Overflow Exploit

No description provided by source. / THE EYE ON SECURITY RESEARCH GROUP - INDIA www eos-india net poc 305monit.c Remote Root Exploit for Monit = 4.2 Vulnerability: Buffer overflow in handling of Basic Authentication informations. Server authenticates clients through: Authentication: Basic...

Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1499/info When a remote user attempts to access an area protected by basic authentication with no realm defined, while specifying HTTP 1.0, Microsoft IIS will return an Access Denied error message containing the internal ...

Microsoft Visual Basic For Applications SDK 5.0/6.0/6.2/6.3 Document Handling Buffer Overrun Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8534/info A vulnerability has been discovered in Microsoft Visual Basic for Applications. The vulnerability occurs because the software fails to perform sufficient boundary checks when parsing specific properties of...

Basic-CMS - 'index.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29771/info Basic-CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

NETGEAR Wireless Cable Modem Gateway Auth Bypass and CSRF

No description provided by source. Sense of Security - Security Advisory - SOS-11-011 Release Date. 20-Sep-2011 Last Update. - Vendor Notification Date. 22-Mar-2011 Product. NETGEAR Wireless Cable Modem Gateway CG814WG Affected versions. Hardware 1.03, Software V3.9.26 R14 verified, possibly othe...

Monit <= 4.2 Basic Authentication Remote Root Exploit

No description provided by source. / THE EYE ON SECURITY RESEARCH GROUP - INDIA http://www.eos-india.net/poc/305monit.c Remote Root Exploit for Monit = 4.2 Vulnerability: Buffer overflow in handling of Basic Authentication informations. Server authenticates clients through: Authentication: Basic...

CommPort <= 1.01 - Multiple Vulnerabilities

No description provided by source. -------------------------------------------- CommPort 1.01 = SQL Injection Vulnerability -------------------------------------------- Discovered by: Jean Pascal Pereira [email protected] Vendor information: A 'Community Portal' generator that can be tailored for...

jetVideo 8.1.1 - Basic (.wav) Local Crash PoC

No description provided by source. !/usr/bin/python + Author: TUNISIAN CYBER + Exploit Title: jetVideo 8.1.1 Basic .wav Local Crash PoC + Date: 22-03-2014 + Category: DoS/PoC + Tested on: WinXp/Windows 7 Pro + Vendor: http://www.jetaudio.com/download/jetvideo.html + Friendly Sites:...