File Upload Vulnerability in Monstra CMS Backend "Install New Plugin

Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. A file upload vulnerability exists in the "Install New Plugin" section of the Monstra CMS backend. The...

Metasploit Wrapup

Metasploit Hackathon We were happy to host the very first Metasploit framework open source hackathon this past week in the Rapid7 Austin. Eight Metasploit hackers from outside of Rapid7 joined forces with the in-house team and worked on a lot of great projects, small and large. @bcook started the...

OpenStego - Steganography Application (Data Hiding and Watermarking)

OpenStego is a steganography application that provides two functionalities: 1. Data Hiding: It can hide any data within a cover file e.g. images. 2. Watermarking: Watermarking files e.g. images with an invisible signature. It can be used to detect unauthorized file copying. Usage For GUI: java -j...

Sun Java Runtime New Plugin docbase Buffer Overflow

This module exploits a flaw in the new plugin component of the Sun Java Runtime Environment before v6 Update 22. By specifying specific parameters to the new plugin, an attacker can cause a stack-based buffer overflow and execute arbitrary code. When the new plugin is invoked with a "launchjnlp"...