Analyzing Linux Malware Sandbox: Limon

Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect the Linux malware before execution, during execution, and after execution post-mortem analysis by...

iScripts EasyCreate 3.0 - Remote Code Execution

iScripts EasyCreate 3.0 - Remote Code Execution !C:/Python27/python.exe -u iScripts EasyCreate 3.0 Remote Code Execution Exploit Vendor: iScripts.com Product web page: http://www.iscripts.com Affected version: 3.0 Summary: iScripts EasyCreate is a private label online website builder. This softwa...

CVE-2015-8279

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script...

Design/Logic Flaw

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script...

CVE-2015-8279

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script...

Wirecard Checkout Page 1.0 Price Manipulation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2015-061 Product: Wirecard Checkout Page Manufacturer: Wirecard AG Affected Versions: 1.0 Tested Versions: 1.0 Vulnerability Type: Improper Validation of Integrity Check Value CWE-354 Risk Level: High Solution Status: Fixed...

XPL-SEARCH - Search Exploits In Multiple Exploit Databases

XPL SEARCH Search exploits in multiple exploit databases! Exploit databases available: Exploit-DB MIlw0rm PacketStormSecurity IntelligentExploit IEDB CVE TO RUN THE SCRIPT PHP Version cli 5.5.8 or higher php5-cli Lib cURL support Enabled php5-curl Lib cURL Version 7.40.0 or higher allowurlfopen O...

TeamSpeak Client <= 3.0.18.1 - RFI to RCE Exploit

Exploit for windows platform in category remote exploits Exploit Title: "PwnSpeak" a 0day Exploit for TeamSpeak Client / 0x6FB30B11 my pgp keyid Vendor Homepage: https://www.teamspeak.com/ Application: TeamSpeak 3 Version: TeamSpeak3 Client 3.0.0 - 3.0.18.1 Platforms: Windows, Mac OS X and Linux...

TeamSpeak Client 3.0.18.1 - Remote File Inclusion / Remote Code Execution

Exploit Title: "PwnSpeak" a 0day Exploit for TeamSpeak Client / 0x6FB30B11 my pgp keyid Vendor Homepage: https://www.teamspeak.com/ Application: TeamSpeak 3 Version: TeamSpeak3 Client 3.0.0 - 3.0.18.1 Platforms: Windows, Mac OS X and Linux Exploitation: Remote Risk : Very High ========= The Bug...

Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) / Arbitrary File Upload / PHP Code Execution

Dream CMS 2.3.0 CSRF Add Extension And File Upload PHP Code Execution/t...

Kirby CMS 2.1.0 - Cross-Site Request Forgery Content Upload PHP Script Execution

Kirby CMS 2.1.0 - Cross-Site Request Forgery Content Upload PHP Script Execution ============================================= - Release date: 14.09.2015 - Discovered by: Dawid Golunski - Severity: High ============================================= I. VULNERABILITY ------------------------- Kirby...

Kirby CMS 2.1.0 - Cross-Site Request Forgery / Content Upload / PHP Script Execution

============================================= - Release date: 14.09.2015 - Discovered by: Dawid Golunski - Severity: High ============================================= I. VULNERABILITY ------------------------- Kirby CMS = 2.1.0 CSRF Content Upload and PHP Script Execution II. BACKGROUND...

CVE-2015-6548

Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway SWG appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

CVE-2015-6548

CVE-2015-6548 is part of multiple vulnerabilities affecting Symantec Web Gateway (SWG) management console on appliances running software before 5.2.2 with DB 5.0.0.1277. The connected documents confirm a concrete SQL injection issue in the edit_alert.php script that allows an authenticated, remot...

Weevely3 - Weaponized Web Shell

Weevely is a command line web shell dynamically extended over the network at runtime designed for remote administration and pen testing. It provides a weaponized telnet-like console through a PHP script running on the target, even in restricted environments. The low footprint agent and over 30...

Kirby CMS multi-vulnerability analysis-vulnerability warning-the black bar safety net

Kirby CMS is an easy to use, easy to install and setup is very flexible CMS system, no database support, the use of file system storage. Support Markdown grammar, templates and plug-ins. Vulnerability details In Kirby CMS found two vulnerabilities: 1. By path traversal authentication bypass 2. Th...

Security researcher exposure FireEye core product 0day vulnerabilities-vulnerability warning-the black bar safety net

Recently, researchers Kristian Erik Hermansen from the FireEye core product found a 0day vulnerability will result in unauthorized file disclosure. He also provides a short trigger vulnerability of the examples and the user database file copy. In addition, he also disclosed selling three other...

Alibaba Clone B2B Marketplace Script Shell Upload Vulnerability

Alibaba Clone B2B Marketplace Script Shell Upload Vulnerability All Versions Usage Info Usage:alibaba.php host shell-file.php Ex:alibaba.php www.example.com c99.php Test : php alibaba.php tibastore.com c99.php php alibaba.php hechoenmexicob2b.com c99.php $val $data .= "--$boundary\n"; $data .=...

FreiChat 9.6 - SQL Injection

/ Exploit Title: FreiChat 9.6 SQL Injection Date: 27-11-2014 Software Link: http://codologic.com/page/freichat-free-php-chat-script-software Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description $GET'time' is no...

phpSFP 'remember me()' function SQL Injection Vulnerability

phpSFP is a PHP script for adding website content and sharing it on Facebook pages and admin groups. A SQL injection vulnerability exists in phpSFP, which allows remote attackers to exploit the vulnerability to submit specially crafted SQL queries to manipulate or obtain database data...