WordPress Facebook Page Promoter Lightbox Cross Site Scripting

Exploit Title: Wordpress facebook-page-promoter-lightbox plugin Cross-Site Scripting Vulnerability Google Dork: "Powered by Wordpress" Date: 25/12/2011 Author: H4ckCity Security Team Discovered By: Am!r IrIsT Home: WwW.H4ckCity.Org Software Link:...

Neturf Cross Site Scripting

Exploit Title: Neturf Cross Site Scripting Vulnerabilitiy Google Dork: Web Application Powered by: Neturf Date: 27/12/2011 Author: H4ckCity Security Team Discovered By: farbodmahini Home: WwW.H4ckCity.Org Software Link: http://www.neturf.com/ Version: All Version Security Risk:: Low Tested on:...

Readmore Systems Script SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Readmore Systems Script SQL Injection Vulnerability Google Dork: Website Powered By ReadMore Systems Date: 16/12/2011 Author: H4ckCity Security Team Discovered By: farbodmahini Home: WwW.H4ckCity.Org Software Link:...

CVE-2011-4339

ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...

Code injection

ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...

CVE-2011-4339

ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...

CVE-2011-4339

OpenIPMI’s ipmievd daemon (as used by ipmitool 1.8.11 on RHEL6, Debian, Fedora 16 and other products) creates a world-writable ipmievd.pid (0666), enabling a local user to kill arbitrary processes. CVE-2011-4339 is cited across multiple advisories (e.g., MiracleLinux AXSA entries, Oracle Linux RH...

CVE-2011-4613

The X.Org X wrapper xserver-wrapper.c in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY...

jPORTAL 2 (comment.php id) Remote SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: jPORTAL 2 SQL Injection Vulnerabilitiy Google Dork: "powered by jPORTAL 2" Date: 8/12/2011 Author: H4ckCity Security Team Discovered By: farbodmahini Home: WwW.H4ckCity.Org Software Link: http://jportal2.com/ Version: All Versio...

[SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable

------------------------------------------------------------------------- Debian Security Advisory DSA-2360-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 6, 2011 http://www.debian.org/security/faq -...

[SECURITY] Fedora 15 Update: psi-0.14-7.fc15

Psi is the premiere Instant Messaging application designed for Microsoft Windows, Apple Mac OS X and GNU/Linux. Built upon an open protocol named Jabber, Psi is a fast and lightweight messaging client that utilises the be st in open source technologies. Psi contains all the features necessary to...

DSA-2360-1 lenny end-of-life

This is an advance notice that security support for Debian GNU/Linux 5.0 code name "lenny" will be terminated in two months. The Debian project released Debian GNU/Linux 6.0 alias "squeeze" on the 6th of February 2011. Users and distributors have been given a one-year timeframe to upgrade their o...

JAM SQL Injection

Exploit Title: JAM SQL Injection Vulnerability Google Dork: intext:"This site is preserved by JAM" Date: 2011-15-09 Author: nGa Sa Lu N-S-L Service Link: http://www.jamarketing.co.nz Tested on: Debian GNU/Linux 5.0 Google Dork : intext:"This site is preserved by JAM"...

dotProject 2.1.5 - SQL Injection

Exploit Title: dotProject 2.1.5 SQL Injection Vulnerability Google Dork: intitle:"dotproject" Date: 2011-12-09 Author: sherl0ck @AlligatorTeam Software Link: http://www.dotproject.net/ Version: 2.1.5 tested Tested on: Debian GNU/Linux 5.0 --------------- PoC --------------- URL:...

dotProject 2.1.5 - SQL Injection

dotProject 2.1.5 - SQL Injection Exploit Title: dotProject 2.1.5 SQL Injection Vulnerability Google Dork: intitle:"dotproject" Date: 2011-12-09 Author: sherl0ck @AlligatorTeam Software Link: http://www.dotproject.net/ Version: 2.1.5 tested Tested on: Debian GNU/Linux 5.0 --------------- PoC...

dotProject 2.1.5 SQL Injection

Exploit Title: dotProject 2.1.5 SQL Injection Vulnerability Google Dork: intitle:"dotproject" Date: 2011-12-09 Author: sherl0ck @AlligatorTeam Software Link: http://www.dotproject.net/ Version: 2.1.5 tested Tested on: Debian GNU/Linux 5.0 --------------- PoC --------------- URL:...

dotProject 2.1.5 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: dotProject 2.1.5 SQL Injection Vulnerability Google Dork: intitle:"dotproject" Date: 2011-12-09 Author: sherl0ck @AlligatorTeam Software Link: http://www.dotproject.net/ Version: 2.1.5 tested Tested on: Debian GNU/Linux 5.0...

Durandal - Distributed CPU/GPU Hash Cracker v 0.5 released

Durandal - Distributed CPU/GPU Hash Cracker v 0.5 released Durandal is a distributed GPU/CPU computing software that aims to crack passwords. Mostly written in C++ with the Boost library, it works on many systems, however it is only built for Windows and GNU/Linux for the moment, on the x86 and x...

Durandal - Distributed CPU/GPU Hash Cracker v 0.5 released

Durandal - Distributed CPU/GPU Hash Cracker v 0.5 released Durandal is a distributed GPU/CPU computing software that aims to crack passwords. Mostly written in C++ with the Boost library, it works on many systems, however it is only built for Windows and GNU/Linux for the moment, on the x86 and x...

ISC BIND 9 named denial of service vulnerability

Overview ISC BIND 9 contains a remote packet denial of service vulnerability when running as an authoritative or recursive server. Description According to ISC:A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packe...