Sony PSN Community - Mail Encoding Web Vulnerability

Document Title: =============== Sony PSN Community - Mail Encoding Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=748 Release Date: ============= 2013-05-06 Vulnerability Laboratory ID VL-ID: ==================================== 748...

Sony PSN Community - Mail Encoding Web Vulnerability

Document Title: =============== Sony PSN Community - Mail Encoding Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=748 Release Date: ============= 2013-05-05 Vulnerability Laboratory ID VL-ID: ==================================== 747...

Sony PSN Community - Mail Encoding Web Vulnerability

Document Title: =============== Sony PSN Community - Mail Encoding Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=748 Release Date: ============= 2013-05-05 Vulnerability Laboratory ID VL-ID: ==================================== 747...

Sony PSN Community - Persistent Web Vulnerability

Document Title: =============== Sony PSN Community - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=746 Release Date: ============= 2013-05-04 Vulnerability Laboratory ID VL-ID: ==================================== 746 Commo...

Fraud-as-a-Service of Zeus Malware advertised on social network

Cyber crime enterprise is showing a growing interest in monetization of botnets, the most targeted sector in recent months is banking. One of most active malware that still menaces Banking sector is the popular Zeus. Zeus is one of the oldest, it is active since 2007, and most prolific malware th...

Vanilla Forums Van2Shout 1.0.51 Cross Site Request Forgery

Exploit Title: Vanilla Forums where 1337 is the id. Bookmark CSRF: http://site.org/index.php=/vanilla/discussion/bookmark/1337 UnBookmark CSRF http://site.org/index.php=/vanilla/discussion/bookmark/1337? Delete Message CSRF http://site.org/index.php=/messages/clear/1337 Post to Van2Shout Chat Box...

Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple Cross-Site Request Forgery Vulnerabilities

Exploit Title: Vanilla Forums where 1337 is the id. Bookmark CSRF: http://site.org/index.php=/vanilla/discussion/bookmark/1337 UnBookmark CSRF http://site.org/index.php=/vanilla/discussion/bookmark/1337? Delete Message CSRF http://site.org/index.php=/messages/clear/1337 Post to Van2Shout Chat Box...

Vanilla Forums Van2Shout Plugin 1.0.51 - CSRF Vulnerabilities

Exploit for php platform in category web applications...

Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple Cross-Site Request Forgery Vulnerabilities

Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple Cross-Site Request Forgery Vulnerabilities Exploit Title: Vanilla Forums where 1337 is the id. Bookmark CSRF: http://site.org/index.php=/vanilla/discussion/bookmark/1337 UnBookmark CSRF http://site.org/index.php=/vanilla/discussion/bookmark/1337?...

Vanilla Forums 2.0.18.4 SQL Injection

Product Name: Vanilla Forums Vulnerable Version: Up to vanilla-core-2-0-18-4 Tested on: Windows Server 2003 Apache 2.4.3 PHP 5.4.7 MySQL 5.5.27 Vulnerability Overview: SQL-Injection is possible, because$POST arrays are not proper sanitized. You do not need to be authenticated. Vulnerability...

Vanilla Forums 2-0-18-4 - SQL Injection

Vanilla Forums 2-0-18-4 - SQL Injection Exploit Title: Vanilla Forums - SQL-Injection - Insert arbitrary user & dump usertable Date: 04/05/2013 Exploit Author: bl4ckw0rm Vendor Homepage: http://vanillaforums.org/ Version: 2-0-18-4 Tested on: Windows Product Name: Vanilla Forums Vulnerable Version...

Vanilla Forums 2-0-18-4 - SQL-Injection Vulnerability

SQL-Injection is possible, because$POST arrays are not proper sanitized. You do not need to be authenticated. To insert an arbitrary user, a sample HTTP-Post Request looks as follows: POST /PATH/vanilla/entry/signin HTTP/1.1 Host: HOST User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64; rv:19.0...

Vanilla Forums 2-0-18-4 - SQL Injection

Exploit Title: Vanilla Forums - SQL-Injection - Insert arbitrary user & dump usertable Date: 04/05/2013 Exploit Author: bl4ckw0rm Vendor Homepage: http://vanillaforums.org/ Version: 2-0-18-4 Tested on: Windows Product Name: Vanilla Forums Vulnerable Version: Up to vanilla-core-2-0-18-4 Tested on:...

Clues About Flashback Creator Come Together

Nearly a year since the Flashback Trojan surfaced and ultimately infected more than 600,000 Apple OS X computers, the author of the malware may haven been discovered. After some sleuthing by security bloggers Brian Krebs over the past year – documented today on the Krebs on Security blog – the...

Skype Community - Persistent Editor Web Vulnerability

Document Title: =============== Skype Community - Persistent Editor Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=707 MICROSOFT SECURITY RESPONSE CENTER MSRC ID: 13021bc Release Date: ============= 2013-03-28 Vulnerability Laboratory ...

Skype Community Cross Site Scripting

Title: ====== Skype Community - Mail Encoding Web Vulnerability Date: ===== 2013-02-21 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=800 MSRC ID: 13493 VL-ID: ===== 800 Common Vulnerability Scoring System: ==================================== 3.5 Introduction:...

Cross Platform Trojan builder distributed on underground forums

A Cross platform back door 'Frutas' remote access tool RAT is available for download on many forums from January 2013. This Trojan builder is completely written in Java. Recently, Symantec experts analyse that Frutas RAT allows attackers to create a connect-back client JAR file to run on a...

Forums Plugin for WordPress 'url' Parameter Arbitrary File Disclosure

The Forums Plugin for WordPress installed on the remote host is affected by an information disclosure vulnerability due to a failure to properly sanitize user-supplied input to the 'url' parameter of the zingforumoutput function in the zingiri-forum/forum.php script. An unauthenticated, remote...

WordPress Plugin Zingiri Forums - language Local File Inclusion

WordPress Plugin Zingiri Forums - language Local File Inclusion source: https://www.securityfocus.com/bid/56777/info The Zingiri Forums plugin for WordPress is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this...

WordPress Plugin Zingiri Forums - 'language' Local File Inclusion

source: https://www.securityfocus.com/bid/56777/info The Zingiri Forums plugin for WordPress is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the...