Joomla A Cool Debate 1.0.3 Local File Inclusion

A Cool Debate 1.0.3 Component Joomla Local File Inclusion ========================================================================================= - Discovered by : Chip D3 Bi0s - Email : chipdebiosatgmaildotcom - Group : LatinHackTeam - Date : 18 june 2011 - Where : From Remote...

7T Interactive Graphical SCADA System dc.exe Directory Traversal

Added: 06/03/2011 CVE: CVE-2011-1566 BID: 46936 OSVDB: 72349 Background 7-Technologies Interactive Graphical SCADA System IGSS is a Supervisory Control and Data Acquisition SCADA solution used mainly in Denmark and the US. Problem An input validation error in the Data Collector service dc.exe whe...

Ushahidi 2.0.1 SQL Injection

Ushahidi 2.0.1 range param SQL Injection Vulnerability post-auth Vendor: Ushahidi, Inc. Product web page: http://www.ushahidi.com Affected version: 2.0.1 Tunis Summary: The Ushahidi Platform is a platform for information collection, visualization and interactive mapping. Desc: Input passed via th...

7T Interactive Graphical SCADA System dc.exe Directory Traversal

Added: 06/03/2011 CVE: CVE-2011-1566 BID: 46936 OSVDB: 72349 Background 7-Technologies Interactive Graphical SCADA System IGSS is a Supervisory Control and Data Acquisition SCADA solution used mainly in Denmark and the US. Problem An input validation error in the Data Collector service dc.exe whe...

CVE-2011-2214

The CVE-2011-2214 issue affects 7-Technologies IGSS (Interactive Graphical SCADA System) versions 8 and 9. A remote attacker can send a crafted packet to TCP port 20222, triggering memory corruption in the ODBC server component and potentially leading to arbitrary code execution or DoS. The vulne...

(e)2 Interactive Photo Gallery 0.9 Cross Site Scripting

Vulnerability ID: HTB22966 Reference: http://www.htbridge.ch/advisory/xssine2interactivephotogallery.html Product: e2 interactive Photo Gallery Vendor: http://www.e2interactive.com http://www.e2interactive.com Vulnerable Version: 0.9 Vendor Notification: 19 April 2011 Vulnerability Type: XSS Cros...

The Social-Engineer Toolkit v1.3.5 Released !

The Social-Engineer Toolkit v1.3.5 Released ! "The Social Engineering Toolkit SET is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to...

Cross-site Scripting (XSS) Vulnerability in (e)2 interactive Photo Gallery

High-Tech Bridge SA Security Research Lab has discovered vulnerability in e2 interactive Photo Gallery which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in e2 interactive Photo Gallery The vulnerability exists due to input sanitation error ...

CVE-2011-1568

Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System IGSS allows remote attackers to cause a denial of service and possibly execute arbitrary code, as...

Stanmax Interactive Studio CMS SQL Injection Vulnerability

Exploit for php platform in category web applications Title : Stanmax Interactive Studio CMS Vulnerable to SQL Injection Vendor : http://www.stanmax.com.my/ Found by : p0pc0rn Dork : intext:"Site Powered By Stanmax Interactive Studio" SQL ---- http://site.com/index.php?p=newsdetails&annid=SQL...

Windows Capture Keystroke Recorder

This module can be used to capture keystrokes. To capture keystrokes when the session is running as SYSTEM, the MIGRATE option must be enabled and the CAPTURETYPE option should be set to one of Explorer, Winlogon, or a specific PID. To capture the keystrokes of the interactive user, the Explorer...

Low: Red Hat Enhancement Advisory: subversion enhancement update

Updated subversion packages that upgrade Subversion to upstream version 1.6.11 and provide two enhancements are now available for Red Hat Enterprise Linux 5. Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a...

Lotus CMS Fraise 3.0 - Local File Inclusion Remote Code Execution

Lotus CMS Fraise 3.0 - Local File Inclusion Remote Code Execution !/usr/bin/python Lotus CMS Fraise v3.0 LFI - Remote Code Execution Exploit greetz Tecr0C :0 Vuln: lines 15-23 in core/lib/router.php ---------- sof //Get page request if any $page = $this-getInputString"page", "index"; //Get plugin...

Concrete CMS 5.4.1.1 - Cross-Site Scripting / Remote Code Execution

!/usr/bin/python Concrete CMS v5.4.1.1 xss/remote code execution exploit Download: http://www.concrete5.org/ Special Zeitgeist pre release - "Moving Forward" - 15th Jan 2011 "They must find it difficult, those who take authority as the truth instead of truth as the authority"...

Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromise (2010-M$-001)

---------------------------------------------------------- www.ExploitDevelopment.com 2010-M$-001 ---------------------------------------------------------- TITLE: Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromi...

[SECURITY] Fedora 13 Update: udunits2-2.1.19-1.fc13

The Unidata units utility, udunits2, supports conversion of unit specificat ions between formatted and binary forms, arithmetic manipulation of unit specifications, and conversion of values between compatible scales of measurement. A unit is the amount by which a physical quantity is measured. Fo...

[SECURITY] Fedora 14 Update: udunits2-2.1.19-1.fc14

The Unidata units utility, udunits2, supports conversion of unit specificat ions between formatted and binary forms, arithmetic manipulation of unit specifications, and conversion of values between compatible scales of measurement. A unit is the amount by which a physical quantity is measured. Fo...

Path disclosure in IceBB

Vulnerability ID: HTB22689 Reference: http://www.htbridge.ch/advisory/pathdisclosureinicebb.html Product: IceBB Vendor: XAOS Interactive http://icebb.net/ Vulnerable Version: 1.0-rc10 Vendor Notification: 02 November 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor Alerted,...

SQL injection in IceBB

Vulnerability ID: HTB22688 Reference: http://www.htbridge.ch/advisory/sqlinjectioninicebb.html Product: IceBB Vendor: XAOS Interactive http://icebb.net/ Vulnerable Version: 1.0-rc10 Vendor Notification: 02 November 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor Alerted, Awaiting...

Information disclosure in IceBB

Vulnerability ID: HTB22686 Reference: http://www.htbridge.ch/advisory/informationdisclosureinicebb.html Product: IceBB Vendor: XAOS Interactive http://icebb.net/ Vulnerable Version: 1.0-rc10 Vendor Notification: 02 November 2010 Vulnerability Type: Information Disclosure Status: Not Fixed, Vendor...