FAKEM RAT Mimics Normal Network Traffic

A family of remote access Trojans RATs known as FAKEM has been evading detection for more than three years by camouflaging themselves as legitimate network traffic. Nate Villeneuve, a senior threat researcher at Trend Micro, said that remote access Trojans are a favorite among attackers seeking t...

Inside the 1,000 Red October Cyberespionage Malware Modules

The Red October espionage malware campaign is providing security researchers with a deep dive into the complexity of targeted attacks, which in this case made use of more than 1,000 malware modules for everything from reconnaissance on targets to exfiltration of data to command and control server...

Calendar Scripts A.M.Y 1.4 Cross Site Scripting

Advisory:Calendar Scripts A.M.Y. Ad Management Software 1.4 Persistent XSS Vulnerability Version:1.4 Vendor URL: http://calendarscripts.info/ Demo Link:http://demo.pimteam.net/amy/admin.php Author: Viknesvaran Sittaramane Category: Webapp Twiiter: https://twitter.com/csvsn ........... Product...

Calendar Script Easy Membership Management Application Persistent XSS Vulnerability

Exploit for php platform in category web applications Advisory:Calendar Script Easy Membership Management ApplicationE.M.M.A Persistent XSS Vulnerability Version:1.2 Vendor URL: http://calendarscripts.info/emma/ Demo Link: http://demo.pimteam.net/emma/admin.php Author: Viknesvaran Sittaramane...

Calendar Scripts A.M.Y. Ad Management Software 1.4 Persistent XSS Vulnerability

Exploit for php platform in category web applications Advisory:Calendar Scripts A.M.Y. Ad Management Software 1.4 Persistent XSS Vulnerability Version:1.4 Vendor URL: http://calendarscripts.info/ Demo Link:http://demo.pimteam.net/amy/admin.php Author: Viknesvaran Sittaramane Category: Webapp...

Ad Rotator AdPeeps 8.6.9 Persistent XSS Vulnerability

Exploit for php platform in category web applications Advisory: Ad Rotator AdPeeps 8.6.9 Persistent XSS Vulnerability Version:8.6.9 Vendor URL: http://adpeeps.com/ Demo Link:http://demo.adpeeps.com/ Author: Viknesvaran Sittaramane Category: Webapp Twiiter: https://twitter.com/csvsn...

Calendar Script E.M.M.A 1.2 Cross Site Scripting

Advisory:Calendar Script Easy Membership Management ApplicationE.M.M.A Persistent XSS Vulnerability Version:1.2 Vendor URL: http://calendarscripts.info/emma/ Demo Link: http://demo.pimteam.net/emma/admin.php Author: Viknesvaran Sittaramane Category: Webapp Twiiter: https://twitter.com/csvsn...

OrangeHRM 2.7.1 Vacancy Name Persistent XSS

OrangeHRM1 2.7.12 -- the latest stable release as of this writing -- suffers from a persistent XSS in the vacancy name variable. Steps: 1. Navigate to following URL: http://domain/symfony/web/index.php/recruitment/viewJobVacancy 2. Add or Edit a Vacancy 3. In the Vacancy Name parameter put XSS...

Ad Rotator AdPeeps 8.6.9 Cross Site Scripting

Advisory: Ad Rotator AdPeeps 8.6.9 Persistent XSS Vulnerability Version:8.6.9 Vendor URL: http://adpeeps.com/ Demo Link:http://demo.adpeeps.com/ Author: Viknesvaran Sittaramane Category: Webapp Twiiter: https://twitter.com/csvsn ........... Product Description ........... Ad Peeps is a banner...

Forumize Me 1.75 Persistent XSS Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

MyBB Profile Wii Friend Code Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: MyBB Profile Wii Friend Code SQLi/Persistent XSS Dork: intitle:"Profile of" intext:"Wii Friend Code" inurl:member.php Date: 1/3/2013 Exploit Author: Ichi Vendor Homepage: http://mods.mybb.com/view/profile-wii-friend-code Softwar...

MyBB Profile Wii Friend Code 1.0 Cross Site Scripting / SQL Injection

Exploit Title: MyBB Profile Wii Friend Code SQLi/Persistent XSS Dork: intitle:"Profile of" intext:"Wii Friend Code" inurl:member.php Date: 1/3/2013 Exploit Author: Ichi Vendor Homepage: http://mods.mybb.com/view/profile-wii-friend-code Software Link:...

MyBB Profile Wii Friend Code - Multiple Vulnerabilities

MyBB Profile Wii Friend Code - Multiple Vulnerabilities Exploit Title: MyBB Profile Wii Friend Code SQLi/Persistent XSS Dork: intitle:"Profile of" intext:"Wii Friend Code" inurl:member.php Date: 1/3/2013 Exploit Author: Ichi Vendor Homepage: http://mods.mybb.com/view/profile-wii-friend-code...

MyBB Profile Wii Friend Code - Multiple Vulnerabilities

Exploit Title: MyBB Profile Wii Friend Code SQLi/Persistent XSS Dork: intitle:"Profile of" intext:"Wii Friend Code" inurl:member.php Date: 1/3/2013 Exploit Author: Ichi Vendor Homepage: http://mods.mybb.com/view/profile-wii-friend-code Software Link:...

Open-Realty CMS 3.x | Persistent Cross Site Scripting (XSS) Vulnerability

OVERVIEW Open-Realty CMS 3.x versions are vulnerable to Persistent Cross Site Scripting XSS. 2. BACKGROUND Open-Realty is the world's leading real estate listing marketing and management CMS application, and has enjoyed being the real estate web site software of choice for professional web site...

Enterpriser16 LoadBalancer v7.1 - Multiple Web Vulnerabilities

Title: ====== Enterpriser16 LB v7.1 - Multiple Web Vulnerabilities Date: ===== 2012-12-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=785 VL-ID: ===== 785 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ============= Load...

SonicWall Email Security 7.4.1.x - Persistent Web Vulnerability

Title: ====== SonicWall Email Security 7.4.1.x - Persistent Web Vulnerability Date: ===== 2012-12-21 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=768 VL-ID: ===== 768 Common Vulnerability Scoring System: ==================================== 4.1 Introduction:...

MailOrderWorks v5.907 - Multiple Web Vulnerabilities

Document Title: =============== MailOrderWorks v5.907 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=798 Release Date: ============= 2013-01-02 Vulnerability Laboratory ID VL-ID: ==================================== 796...

MailOrderWorks v5.907 - Multiple Web Vulnerabilities

Document Title: =============== MailOrderWorks v5.907 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=798 Release Date: ============= 2013-01-02 Vulnerability Laboratory ID VL-ID: ==================================== 796...

SonicWall Email Security 7.4.1.x Cross Site Scripting

Title: ====== SonicWall Email Security 7.4.1.x - Persistent Web Vulnerability Date: ===== 2012-12-21 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=768 VL-ID: ===== 768 Common Vulnerability Scoring System: ==================================== 4.1 Introduction:...