At Pwn2Own, Browser Exploits Getting Harder, More Expensive to Find

VANCOUVER–The Pwn2Own contest has evolved in many ways over the years, from new rules to new targets to larger prizes, but perhaps the one thing that has changed the most is that the researchers who show up here every year hoping to go home with a bag full of money are having to spend more and mo...

FreeFloat FTP 1.0 Raw Commands Buffer Overflow

FreeFloat FTP 1.0 allows an attacker to trigger a buffer overflow and execute arbitrary code when a long and invalid raw command is sent to it. import socket, struct, sys if lensys.argv 3: print "usage: %s IP port" % sys.argv0 sys.exit0 ip = sys.argv1 port = intsys.argv2 Bind shellcode generated...

[SQLSentinel] OpenSource tool for sql injection security testing

SQLSentinel is an opensource tool that automates the process of finding the sql injection on a website. SQLSentinel includes a spider web and sql errors finder. You give in input a site and SQLSentinel crawls and try to exploit parameters validation error for you. When job is finished, it can...

Peruvian Universities SQL Injection

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Exploit Title : Peruvian Universities - MS Access/SQL Injection Vulnerabilities Date : 16-11-2012 Author : Caleb Bucker Independent Security Researcher Contact : https://twitter.com/CalebDrugs Website :...

BigDump 0.29b and 0.32b - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/56744/info BigDump is prone to a cross-site scripting vulnerability, an SQL-injection vulnerability, and an arbitrary-file-upload vulnerability because it fails to sanitize user-supplied data. Exploiting these issues could allow an attacker to steal...

OrangeHRM - 'sortField' SQL Injection

source: https://www.securityfocus.com/bid/56417/info OrangeHRM is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...

AWAuctionScript CMS - Multiple Remote Vulnerabilities

AWAuctionScript CMS - Multiple Remote Vulnerabilities source: https://www.securityfocus.com/bid/56388/info AWAuctionScript CMS is prone to the following remote vulnerabilities because it fails to sufficiently sanitize user-supplied data: 1. A remote SQL-injection vulnerability. 2. A remote...

IT Security Horror Stories: Tale of the Fake IT Rep

Some IT security monsters arent as obvious as a Mummy. At Coalfire Labs, we discover--and help our clients address--some pretty scary security and compliance problems. There are lots of deceptive monsters looking to exploit the weaknesses of their victims. This is one of those terrifying but true...

Interspire Email Marketer - Cross-Site Scripting / HTML Injection / SQL Injection

source: https://www.securityfocus.com/bid/55829/info Interspire Email Marketer is prone to the following input-validation vulnerabilities because it fails to properly sanitize user-supplied input: 1. An SQL injection vulnerabilities 2. Multiple HTML injection vulnerabilities 3. A cross-site...

IFOBS - 'regclientprint.jsp' Multiple HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/55561/info IFOBS is prone to multiple HTML-injection vulnerabilities. Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how th...

IceWarp Mail Server <= 10.4.3 'raw.php' Information Disclosure Vulnerability

IceWarp Mail Server is prone to an information disclosure vulnerability. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fre...

Jara 1.6 - Multiple SQL Injections / Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/55145/info Jara is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...

WeBid 'getthumb.php' Remote File Disclosure Vulnerability

WeBid is prone to a remote file-disclosure vulnerability because it fails to adequately validate user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Joomla! Component com_photo - Multiple SQL Injections

source: https://www.securityfocus.com/bid/54814/info The 'comphoto' module for Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

ManageEngine Applications Manager - Multiple Cross-Site Scripting SQL Injections

ManageEngine Applications Manager - Multiple Cross-Site Scripting SQL Injections source: https://www.securityfocus.com/bid/54759/info ManageEngine Applications Manager is prone to multiple SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allo...

WordPress Plugin Post Recommendations - abspath Remote File Inclusion

WordPress Plugin Post Recommendations - abspath Remote File Inclusion source: https://www.securityfocus.com/bid/54459/info The Post Recommendations plug-in for WordPress is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this...

Metropolis Technologies OfficeWatch Directory Traversal Vulnerability

Metropolis Technologies OfficeWatch is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks. OpenVAS Vulnerability Test $Id:...

SugarCRM 6.3.1 unserialize() PHP Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'SugarCRM %q This module exploits a ph...

Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Security

source: https://www.securityfocus.com/bid/53603/info The FishEye and Crucible plugins for JIRA are prone to an unspecified security vulnerability because they fail to properly handle crafted XML data. Exploiting this issue allows remote attackers to cause denial-of-service conditions or to disclo...

Axous 1.1.1 Multiple Vulnerabilities (CSRF - Persistent XSS)

Exploit for php platform in category web applications +---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Axous 1.1.1 Multiple Vulnerabilities CSRF - Persistent XSS Date : 30-04-2012...