Internet Explorer 6, 7 and 8 vulnerable to remote code execution

Last Friday, we reported that the website of the U.S. Council of Foreign Relations was allegedly compromised by Chinese hackers who exploited the zero-day bug that was only discovered that same day. The CFR website was compromised with JavaScript that served malicious code to older IE browsers an...

Cisco DPC2100 - Denial of Service

Cisco DPC2100 - Denial of Service Exploit Title: Cisco DPC2100 Denial of Service Date: 09/01/2010 Author: Daniel Smith Software Link: http://www.cisco.com/ Version: HW:2.1/SW:v2.0.2r1256-060303 Tested on: OSX 10.6/Win7 CVE: CVE-2011-1613 =======================================================...

Sagem F@ST 2604 Cross Site Request Forgery

================================================================================ || | | || || || |/ | || |/ | | | | | | | | | | | \ | | | | \ ================================================================================ Exploit Title: Sagem F@ST 2604 CSRF Vulnerability ADSL Router Author: KinG...

#RefRef - Denial of Service ( DDoS ) Tool Developed by Anonymous

RefRef - Denial of Service DDoS Tool Developed by Anonymous Anonymous is developing a new DDoS tool which is said to exploit SQL vulnerabilities to support the group's future campaigns. So far, what they have is something that is platform neutral, leveraging JavaScript and vulnerabilities within...

JoomlaXi Cross Site Scripting

1.JoomlaXi persistent XSS vulnerabilty vendor: www.joomlaxi.com Author: 3psil0nLambDa a.k.a Karthik Email: [email protected] My blog: epsilonlambda.co.cc Google dork: © 2008-2010 JoomlaXi...

High-speed Ankang School Site program v3. 1. 1 cookie injection vulnerability-vulnerability warning-the black bar safety net

PS:seems to be oyaya kernel. Use the system notes: 1. The present program consists of extreme well-being and development,the symbolic charge a little Fee for everyone to use! 2. The present system for sharing procedures,the user the freedom to choose whether to use,in use, any problems and losses...

Pole Rui enterprise website system v1. 0 cookie injection vulnerability-vulnerability warning-the black bar safety net

Pole Rui enterprise website system is for small and medium businesses specially tailored to the small business Station source code, The code is all free and open, you can modify their own learning to use, but it is strictly prohibited for commercial purposes. System Systems front Desk interface i...

Tabnapping Phishing Proof Of Concept

I just stumbled across this credit goes to http://www.pjlantz.com/2010/05/tabnapping.html and Aza Raskin and while rough, certainly has potential given the right circumstances. I added a quick PoC, though I'm on a NAT and can't provide you a working link atm, though it seemed to work fine using t...

Kryn.cms 0.9 Cross Site Scripting

------------------------------------------------------------------------ Software................Kryn.cms 0.9 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://www.kryn.org/ Discovery Date..........5/19/2011 Tested...

Ampache 3.5.4 Cross Site Scripting

------------------------------------------------------------------------ --Description-- A reflected cross-site scripting vulnerability in Ampache 3.5.4 can be exploited to execute arbitrary JavaScript. --PoC-- alert0" /...

webERP 4.03.08 Cross Site Scripting

------------------------------------------------------------------------ --Description-- A reflected cross-site scripting vulnerability in webERP 4.03.8 can be exploited to execute arbitrary JavaScript. --PoC-- alert0" /...

WMITools ActiveX Remote Command Execution Exploit 0day

Exploit for windows platform in category remote exploits ====================================================== WMITools ActiveX Remote Command Execution Exploit 0day ====================================================== EDB Notes: Original credit goes to "牛奶坦克" via WooYun:...

ImageShack Toolbar 4.8.3.75 - Remote Code Execution

ImageShack Toolbar 4.8.3.75 - Remote Code Execution // calc.exe var shellcode = unescape '%uc931%ue983%ud9de%ud9ee%u2474%u5bf4%u7381%u3d13%u5e46%u8395'+ '%ufceb%uf4e2%uaec1%u951a%u463d%ud0d5%ucd01%u9022%u4745%u1eb1'+ '%u5e72%ucad5%u471d%udcb5%u72b6%u94d5%u77d3%u0c9e%uc291%ue19e'+...

Aleza Portal 1.6 - Insecure SQL Injection / Cookie Handling

Aleza Portal v1.6 - Insecure SQLi Cookie Handling ========================================================= My + Author : KnocKout Contact : [email protected] Software info Web App. : Aleza Portal v1.6 Software: http://www.webavail.com/ -Demo : http://www.webavail.com/alezademo/ Vulnerability Sty...

Internet Explorer 7.0 0day Vulnerability

No description provided by source. Founded By: Unknown Published By: K4mr4nstatyahoodotcom Special Thanks: N.S.T Security Team Red Dragon & Securitylab.ir script language="javascript" ifnavigator.userAgent.toLowerCase.indexOf"msie 7"==-1location.replace"about:blank"; function sleepmilliseconds va...

ApartmentSearch Insecure Cookie Handling / SQL Injection

|=-----------------------------------------------------=| |=-------------= JIKO |No-exploit.Com| =-----------=| |=-----------------------------------------------------=| -----------|00| NAme :JIKO JAWAD Home :No-exploit.Com Mail : !x! -----------|01| -Script name :ApartmentSearch link...

Opera Denial Of Service

!/usr/bin/perl Title : Opera 10.10 Remote Code Execution DoS Exploit Tested : Windows xp sp2 Description : Opera Web Browser is vulnerable DoS within its javascript tags alert This issue can be exploited by using a large value in a alert tags to create an out-of-bounds memory access This have in...

CVE-2010-0255

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to...

Design/Logic Flaw

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to...

CVE-2010-0255

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to...