JVN#42024228: Cybozu Garoon CGI vulnerable to remote command execution

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon CGI contains a remote command execution vulnerability. Impact An arbitrary command may be executed on the server where Cybozu Garoon resides. Solution Update the Software Update to the latest version according to the information...

Facebook Brute Force with Customize Word Lists for Signed In Accounts

Brute Forcing is easy for Any Signed In Facebook Account at Firefox or Chrome. Usage Info Simple is that you just have to run on Developer Console of Google Chrome or Web Console of Firefox, Javascript Console of Safari, you name it. This is private exploit. You can buy it at https://0day.today...

Infosec A-Team to Launch NSA-Proof Invisible Messenger for Whistleblowers

If a whistleblower discloses an activity to the public, then there should be a trust-based mechanism that ensure the protection of truth-tellers on an international level by hiding their identities. In an effort to provide this kind of service and security, Security experts grouped together to...

(RHSA-2014:0831) Low: Red Hat Developer Toolset Version 1 Retirement Notice

In accordance with the Red Hat Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 1 offering was retired on June 30, 2014, and support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent...

Ultimate PHP Board <= 2.0 (header_simple.php) File Include Exploit

No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...

Apple WebObjects Developer NT4 IIS4.0 CGI-adapter 4.5 Developer Remote Overflow

No description provided by source. source: http://www.securityfocus.com/bid/1896/info A denial-of-service vulnerability exists in Apple's WebObjects 4.5 Developer, a popular platform for developing web-based applications. The vulnerable version is Windows NT 4.0 SP5, when run in conjunction with...

wordpress wp-topbar 4.02 - Multiple Vulnerabilities

No description provided by source. Exploit Title: WP-TopBar 4.02 CSRF Date: 2012-09-13 Author: Blake Entrekin Version: 4.02 Download Link: http://downloads.wordpress.org/plugin/wp-topbar.4.02.zip Vendor Link: http://wordpress.org/extend/plugins/wp-topbar/ ------------------- CSRF...

WebMaster ConferenceRoom 1.8 Developer Edition DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2178/info WebMaster ConferenceRoom Developer Edition is a chat package which enables a large community of users to chat together. ConferenceRoom has a wide range of capabilities and a user friendly channel moderation...

Hosting Controller <= 6.1 Hotfix 3.1 Privilege Escalation Vulnerability

No description provided by source. Title: An attacker can gain reseller privileges and after that can gain admin privileges Version: 6.1 Hotfix = 3.1 Developer url: www.Hostingcontroller.com Solution: Update to Hotfix 3.2 Discover date: 2005,Summer Report date to hc company: Sat Jun 10, 2006...

4Site CMS <= 2.6 - Multiple Remote SQL Injection Vulnerabilities

No description provided by source. WSEC-09-002 4Site CMS = 2.6 Multiple Remote SQL Injections Developer site: http://www.4site.ru/ Discovered by D.Mortalov // wsec.ru 1. Auth Bypass Login: 1'or'1 Password: 1'or’1 2. Multiple Remote SQL Injections in 4site CMS modules Pages module:...

Apache Struts Developer Mode OGNL Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...

ZPanel <= 10.0.1 CSRF, XSS, SQLi, Password Reset

No description provided by source. Exploit Title: ZPanel = 10.0.1 CSRF, XSS, SQLi, Password Reset Date: 04/11/2012 Exploit Author: pcsjj Vendor Homepage: http://www.zpanelcp.com/ Version: 10.0.1 Software Link: http://sourceforge.net/projects/zpanelcp/files/latest/download Downloads: 90,382 CVE :...

simple webserver 2.3-rc1 - Directory Traversal

No description provided by source. Exploit Title: Simple Webserver 2.3-rc1 Directory Traversal Date: 01/02/2013 Exploit Author: CwG GeNiuS Vendor Homepage: http://www.pmx.it Software Link: http://www.pmx.it/download/sws-2.3-rc1-i686.exe Version: 2.3-rc1 and earlier Tested on: Windows 7 Enterprise...

OpenDocMan 1.2.6.5 - Persistent XSS Vulnerability

No description provided by source. Exploit Title: OpenDocMan 1.2.6.5 Stored/Reflective XSS Date: 05/04/2013 Exploit Author: drone @dronesec More Exploit Information: Vendor Homepage: http://www.opendocman.com/ Software Link:...

iphone ifile 2.0 - Directory Traversal

No description provided by source. ---------------------------------------------------------------- Software : iPhone iFile 2.0 Type of vunlnerability : Directory Traversal Tested On : iPhone 4 IOS 4.0.1 Risk of use : High ---------------------------------------------------------------- Program...

Meto Forum 1.1 - Multiple Remote SQL Injection Vulnerabilities

No description provided by source. -------------------------------------------\ Meto Forum v1.1 Multiple Remote SQL İinjectin Vulnerable Script : http://www.aspindir.com/goster/5444 Risk : Forum in All users saved password is to take. Coded : Asp , SQL Language = 'Acces'...

Wordpress Usernoise Plugin 3.7.8 - Persistent XSS Vulnerability

No description provided by source. Details ============================= Application: Usernoise http://usernoise.karevn.com/ Version: 3.7.8 probably earlier versions as well Type: Wordpress plugin Developer: Nikolay Karev http://karevn.com/ - http://profiles.wordpress.org/karevn/ Vulnerability:...

Hosting Controller <= 0.6.1 Unauthenticated User Registeration (3rd)

No description provided by source. !-- Hi, I'm Soroush Dalili from GSG GrayHatz Security Group. Title: Hosting controller program have a security bug in UserProfile.asp that an authenticated user can change other's profiles. Why is it dangerous: a user can change other's email address and then us...

ImpressPages CMS 3.6 - manage() Function Remote Code Execution Exploit

No description provided by source. ?!/usr/bin/python ImpressPages CMS v3.6 manage Function Remote Code Execution Exploit Vendor: ImpressPages UAB Product web page: http://www.impresspages.org Affected version: 3.6, 3.5 and 3.1 Summary: ImpressPages CMS is an open source web content management...

Joomla AJAX Shoutbox <= 1.6 - Remote SQL Injection Vulnerability

No description provided by source. Joomla AJAX Shoutbox remote SQL Injection vulnerability - Author: Ibrahim Raafat - Contact: https://twitter.com/RaafatSEC - Discovery date: 1 April 2010 4 years ago - Reported to vendor : 12 March 2014 - Response: Quick response from the developer, Patched and...