Sözcü - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Sözcü published at the 'play' market has multiple vulnerabilities...

Schlaganfall-Hilfe - Customized SSL, MIT license vulnerabilities

HackApp vulnerability scanner discovered that application Schlaganfall-Hilfe published at the 'play' market has multiple vulnerabilities...

Bodybuilding Workout Trainer - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Bodybuilding Workout Trainer published at the 'play' market has multiple vulnerabilities...

Axil CMS 0.1 SQL Injection

Exploit Title : Axil CMS 0.1 Authentication bypass Exploit Author : Persian Hack Team Vendor Homepage : http://www.axilcreations.com/ Date: 2016/03/31 Version : 0.1 PoC: User And Pass : '=' 'or' Demo : http://www.mets.com.np/myadmin/ http://www.princeies.com/myadmin/...

Joomla iCagenda 3.5.15 Cross Site Scripting

Exploit Title : Joomla iCagenda Cross Site Scripting Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : http://extensions.joomla.org/extension/calendars-a-events/icagenda Google Dork : inurl:index.php?option=comicagenda Date: 2016/03/22 Version: 3.5.5 up to 3.5.15 Payload : " Demo...

Joomla Easy Youtube Gallery 1.0.2 SQL Injection

Exploit Title : Joomla Easy Youtube Gallery 1.0.2 SQL Injection Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : http://extensions.joomla.org/extension/easy-youtube-gallery Google Dork : inurl:comeasyyoutubegallery mycategory Date: 2016/03/22 Version: 1.0.2 PoC: mycategory=SQL...

Joomla! Component Easy Youtube Gallery 1.0.2 - SQL Injection

Joomla! Component Easy Youtube Gallery 1.0.2 - SQL Injection Exploit Title : Joomla Easy Youtube Gallery 1.0.2 SQL Injection Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : http://extensions.joomla.org/extension/easy-youtube-gallery Google Dork : inurl:comeasyyoutubegallery...

Joomla! Component Easy Youtube Gallery 1.0.2 - SQL Injection

Exploit Title : Joomla Easy Youtube Gallery 1.0.2 SQL Injection Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : http://extensions.joomla.org/extension/easy-youtube-gallery Google Dork : inurl:comeasyyoutubegallery mycategory Date: 2016/03/22 Version: 1.0.2 PoC: mycategory=SQL...

Joomla Easy YouTube Gallery 1.0.2 - SQL Injection

Exploit for php platform in category web applications Exploit Title : Joomla Easy Youtube Gallery 1.0.2 SQL Injection Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : http://extensions.joomla.org/extension/easy-youtube-gallery Google Dork : inurl:comeasyyoutubegallery mycategory...

Stagefright Variant 'Metaphor' Puts Millions Of Samsung, LG and HTC Phones At Risk

Millions of Android users are at risk of a new Metaphor exploit that can take over Samsung, LG and HTC phones in under 20 seconds. The hack gives attackers access to the targeted phones including the ability to inject malware and take control over key smartphone functions. Discovered by...

Nissan Car Hack Allowed Remote Access To Car

Automaker Nissan deactivated a remote access feature that let owners of its Leaf electric car remotely adjust climate controls and check battery status via a smartphone app. The move comes after a security researcher posted his finding regarding a simple hack that allowed anyone with the right Le...

Delicate Hardware Hacks Could Unlock Shooter's iPhone

A researcher at IOActive believes the U.S. intelligence community has the capability to carry out a delicate hardware hack that could unlock the iPhone 5c at the center of the current FBiOS debate. The attack requires considerable financial resources and acumen with an intrusive attack against th...

Warning — Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System

Are you also the one who downloaded Linux Mint on February 20th? You may have been Infected! Linux Mint is one of the best and popular Linux distros available today, but if you have downloaded and installed the operating system recently you might have done so using a malicious ISO image. Here's...

Using SimpliSafe Home Security? — You're Screwed! It's Easy to Hack & Can't be Patched

If you are using a SimpliSafe wireless home alarm system to improve your home security smartly, just throw it up and buy a new one. It is useless. The so-called 'Smart' Technology, which is designed to make your Home Safer, is actually opening your house doors for hackers. The latest in this fiel...

Dimofinf CMS 3.0.0 Cross Site Scripting

Exploit Title : Dimofinf CMS 3.0.0 Cross Site Scripting Exploit Author : Persian Hack Team Vendor Homepage : http://www.dimofinf.net/index.php Google Dork : "Powered by Dimofinf cms Version 3.0.0" Date: 2016/02/17 Version = 3.0.0 PoC: Username: MobhaM" onmouseover=alert"MobhaM" bad=" Password : 0...

Recapping SAS 2016: IoT Hacks, Metel, Poseidon, and More

Mike Mimoso and Chris Brook recap last week’s Security Analyst Summit — including lots of IoT and critical infrastructure talk, how a researcher hacked his hospital, news on APTs like Metel and Poseidon, and more. Download: ReflectingonSAS2016.mp3 Music by Chris Gonsalves...

Police Arrest 16-year-old Boy Who Hacked CIA Director

The teenage hacker, who calls himself a member of hacktivist group "Cracka with Attitude," behind the series of hacks on the United States government and its high-level officials, including CIA director, might have finally got arrested. In a joint effort, the Federal Bureau of Investigation FBI a...

A.Shop 3.9.3 Cross Site Scripting

Exploit Title : A.Shop 3.9.3 Cross Site Scripting Exploit Author : Persian Hack Team Vendor Homepage : http://www.ashopsoftware.com/tour-dx/shopping-cart-catalog.htm Google Dork : inurl:"/ashop/catalogue.php?cat= " Date: 2016/02/12 Version = 3.9.3 PoC: msg=XSS Payload = alert1;...

SMEweb 1.5f Cross Site Scripting / SQL Injection

Exploit Title : SMEweb 1.5f Multiple Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : http://www.ebizzi.net/ Google Dork : "Powered by SMEweb" Date: 2016/02/07 Version: 1.5f PoC: 1-Admin Page Bypass Username : '=''or' Password : '=''or' Demo :...

Hacker Leaks Info of 30,000 FBI and DHS Employees

An unknown hacker who promised to release the personal information on government employees has dump online a list of nearly 20,000 Federal Bureau of Investigation FBI agents and 9,000 Department of Homeland Security DHS officers. Though the authenticity of the information has not been verified, a...