CNN iReport: ToorCon Hacker Conference

At the ToorCon San Diego conference, a CNN iReporter talks with security professionals about basic security issues and then see Marty Morrow escape from handcuffs without a key!...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the ReqWeb Help feature aka the Web Client Help system in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the 2 searchWord, 3...

Microsoft Visual Basic VBP Buffer Overflow

This module exploits a stack buffer overflow in Microsoft Visual Basic 6.0. When a specially crafted vbp file containing a long reference line, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...

Sql injection

SQL injection vulnerability in the iCRM Basic comicrmbasic component 1.4.2.31 for Joomla! allows remote attackers to execute arbitrary SQL commands via the p3 parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Information disclosure

A certain interface in the iCRM Basic comicrmbasic component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informati...

CVE-2009-3480

SQL injection vulnerability in the iCRM Basic comicrmbasic component 1.4.2.31 for Joomla! allows remote attackers to execute arbitrary SQL commands via the p3 parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2009-3481

A certain interface in the iCRM Basic comicrmbasic component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informati...

CVE-2009-3481

CVE-2009-3481 affects the Joomla! iCRM Basic component com_icrmbasic version 1.4.2.31. The root cause is an interface that does not require administrative authentication, enabling potential remote access without credentials. Impact is described as unspecified in the sources. The vulnerability is ...

CVE-2009-3480

CVE-2009-3480 concerns the iCRM Basic (com_icrmbasic) Joomla! component, version 1.4.2.31. The vulnerability is an SQL injection in the p3 parameter to index.php, allowing remote attackers to potentially execute arbitrary SQL commands. Multiple connected sources (NVD/NVD-derived entries, CVE reco...

CVE-2009-3480

SQL injection vulnerability in the iCRM Basic comicrmbasic component 1.4.2.31 for Joomla! allows remote attackers to execute arbitrary SQL commands via the p3 parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Joomla iCRM Basic Component Multiple Vulnerabilities

Some vulnerabilities have been discovered in iCRM Basic component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks and bypass security restrictions. 1 Input passed via the "p3" parameter to index.php when "option" is set to "comicrmbasic" is not properly...

Joomla! Component IRCm Basic - SQL Injection

Joomla! Component IRCm Basic - SQL Injection Joomla Component comircmbasic SQL injection vulnerability Author : kaMtiEz [email protected] Homepage : http://www.indonesiancoder.com Date : September 27, 2009 Hello My Name Is : . | | / / ||\ / | |/ /\ \ / \ / \ \ || \ / | / / Y \ | | || / / || ...

Joomla! Component IRCm Basic - SQL Injection

Joomla Component comircmbasic SQL injection vulnerability Author : kaMtiEz [email protected] Homepage : http://www.indonesiancoder.com Date : September 27, 2009 Hello My Name Is : . | | / / ||\ / | |/ /\ \ / \ / \ \ || \ / | / / Y \ | | || / / || \ /| /| |/ / \ / / / / / -=- INDONESIAN...

SuSE 11 Security Update : ruby (SAT Patch Number 1073)

This ruby update improves return value checks for openssl function OCSPbasicverify CVE-2009-0642 which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased CVE-2008-3905 to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of...

SuSE9 Security Update : ruby (YOU Patch Number 12452)

This update for ruby fixes the following security issues : - Improve return value checks for OpenSSL function OCSPbasicverify to refuse usage of revoked certificates. CVE-2009-0642 - Increase entropy of DNS identifiers to avoid spoofing attacks. CVE-2008-3905 - Fix denial of service DoS...

EasyMail Quicksoft 6.0.2.0 Code Execution

Application: EasyMail Quicksoft 6.0.2.0 Platforms: Windows XP Professional French SP2 crash: IE 6.0.2900.2180 Exploitation: remote Code Execution Date: 2009-08-24 Author: Francis Provencher Protek Research Lab's 1 Introduction 2 Technical details and bug 3 The Code =============== 1 Introduction...

EasyMail Quicksoft 6.0.2.0 Denial Of Service

Application: EasyMail Quicksoft 6.0.2.0 Platforms: Windows XP Professional French SP2 crash: IE 6.0.2900.2180 Exploitation: remote Code Execution Date: 2009-08-24 Author: Francis Provencher Protek Research Lab's 1 Introduction 2 Technical details and bug 3 The Code =============== 1 Introduction...

EasyMail Quicksoft 6.0.2.0 - ActiveX Remote Code Execution (PoC)

EasyMail Quicksoft 6.0.2.0 - ActiveX Remote Code Execution PoC Application: EasyMail Quicksoft 6.0.2.0 Platforms: Windows XP Professional French SP2 crash: IE 6.0.2900.2180 Exploitation: remote Code Execution Date: 2009-08-24 Author: Francis Provencher Protek Research Lab's 1 Introduction 2...

CVE-2009-3168

Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to 1 admin/reset.php and 2 admin/useradd.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request...

CVE-2009-3168

CVE-2009-3168 affects Mevin Productions Basic PHP Events Lister 2.0. The vulnerability arises from improper access restriction to admin/reset.php and admin/user_add.php, allowing remote authenticated users to reset administrative passwords or add administrators via a direct request. Multiple conn...