FireFox file stealing 0day vulnerability has been hacked“real”use, the official emergency release to fix patch-bug warning-the black bar safety net

In Russia a web site, the researchers found a Firefox serious 0day exploits program Exp code, you can steal Windows and Linux users on the computer file. This security event is forcing Mozilla to the official emergency release patch. Vulnerability description The vulnerability is caused by the...

WordPress MP3-jPlayer 2.3.2 Path Disclosure Vulnerability

WordPress MP3-jPlayer plugin version 2.3.2 suffers from a path disclosure vulnerability. Title: Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-12 Download Site: https://wordpress.org/plugins/mp3-jplayer/ Vendor:...

WordPress Plugin Candidate Application Form 1.0 - Arbitrary File Download

WordPress Plugin Candidate Application Form 1.0 - Arbitrary File Download Title: Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-07-12 Download Site: https://wordpress.org/plugins/candidate-application-form...

Vulnerability Assessment Penetration Testing: VAPT

The set of scripts included in this package will create a Kali/SamuraiWTF type environment for the performing of Vulnerability Assessments and Penetration Testing. The goal of this project was to allow a portable set of tools to be installed onto an Ubuntu or Raspbian system, allowing the tester ...

BIND TKEY Query Denial Of Service

!/usr/bin/python Title: BIND Remote DoS via TKEY queries aka: DNS TKEY Query of Death Author: Lorenzo Corsini E-Mail: serdat5atgmaildotcom Twitter: https://twitter.com/serdat5tm References: https://kb.isc.org/article/AA-01272...

Cisco IM and Presence Service Reflected Cross-Site Scripting Vulnerability

Cisco IM and Presence Service contains a reflected cross-site scripting XSS vulnerability that could allow an unauthenticated, remote attacker to preform an XSS attack on an authenticated user. The vulnerability is due to an incomplete user input filter that may not filter certain HTML or script...

Cisco Firepower 9000 Series Unauthenticated Web Page Vulnerability

A vulnerability in the web interface of the Cisco Firepower 9000 device could allow an unauthenticated, remote attacker to access a web page that should be restricted. The vulnerability is due to improper authentication validation. An attacker could exploit this vulnerability by accessing a certa...

Open Web Analytics 1.5.7 Multiple Vulnerabilities

Open Web Analytics version 1.5.7 suffers from password disclosure, weak cryptographic control, and cross site scripting vulnerabilities. + Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENWEBANALYTICS0721.txt Vendor:...

Microsoft Issues Critical, Out-of-Band Patch for All Versions of Windows

Microsoft released an out-of-band patch Monday that addresses a critical remotely exploitable flaw in all versions of Windows. The vulnerability stems from how Windows’ Adobe Type Manager Library handles OpenType fonts. If a user was tricked into either opening a rigged document or visiting an...

15 TOTOLINK router models vulnerable to multiple RCEs

Hash: SHA512 Advisory Information Title: 15 TOTOLINK router models vulnerable to multiple RCEs Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x00.txt Blog URL: https://pierrekim.github.io/blog/2015-07-16-15-TOTOLINK-products-vulnerable-to-multiple-RCEs.html Date published:...

Microsoft Word - Local Machine Zone Code Execution (MS15-022)

Exploit Title: Microsoft Word Local Machine Zone Remote Code Execution Vulnerability Date: July 15th, 2015 Exploit Author: Eduardo Braun Prado Vendor Homepage : http://www.microsoft.com Version: 2007 Tested on: Microsoft Windows XP, 2003, Vista, 2008, 7, 8, 8.1 CVE: CVE-2015-0097 Original Advisor...

Hacking Team attack code analysis Part5: font 0day second bomb+Win32k KALSR bypass vulnerability-vulnerability warning-the black bar safety net

Following the 360Vulcan last week analyzed the Hacking Team leaks information in the exposure of the three Flash exploits and a Adobe Font Driver kernel vulnerability after a link see below. Hacking Team leaks information continues to be found that there is a new attack code and the 0day...

15 TOTOLINK Router Models - Multiple RCE Vulnerabilities

15 TOTOLINK router models are vulnerable to multiple remote command execution vulnerabilities. Advisory Information Title: 15 TOTOLINK router models vulnerable to multiple RCEs Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x00.txt Blog URL:...

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit th...

Cisco Identity Services Engine Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a...

WordPress Image Export 1.1 Arbitrary File Download Vulnerability

WordPress Image Export plugin version 1.1 suffers from an arbitrary file download vulnerability. Title: Remote file download vulnerability in Wordpress Plugin image-export v1.1 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-01 Download Site: https://wordpress.org/plugins/image-export Vendor:...

WordPress Image Export 1.1 Arbitrary File Download

Title: Remote file download vulnerability in Wordpress Plugin image-export v1.1 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-01 Download Site: https://wordpress.org/plugins/image-export Vendor: www.1efthander.com Vendor Notified: 2015-07-05 Vendor Contact: https://twitter.com/1eftHander...

Cisco Unified Communications Manager ccmivr Page Cross-Site Scripting Vulnerability

A vulnerability in several parameters of the ccmivr page of Cisco Unified Communications Manager, formerly known as CallManager, could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on an affected system. The vulnerabilit...

WordPress Plugin Swim Team 1.44.10777 - Arbitrary File Download

WordPress Plugin Swim Team 1.44.10777 - Arbitrary File Download Title: Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-02 Download Site: https://wordpress.org/plugins/wp-swimteam Vendor: Mike Walsh...

phpSQLiteCMS CSRF / XSS / Privilege Escalation / File Upload

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPSQLITECMS0712.txt Vendor: ================================ phpsqlitecms.net Product: ================================ ilosuna-phpsqlitecms-d9b8219 Advisory Information:...