49 matches found
roberto-romero.com XSS vulnerability
Open Bug Bounty ID: OBB-603168 Description| Value ---|--- Affected Website:| roberto-romero.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
roberto-romero.com XSS vulnerability
Open Bug Bounty ID: OBB-550492 Description| Value ---|--- Affected Website:| roberto-romero.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_dae.cgi Remote Code Execution
!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoverylogquerydaerce mrme$ ./poc.py 172.16.175.123 admin + logged in... + starting backdoor, this will take a few secs... + calling backdoor! id uid=0root gid=0root...
Trend Micro Threat Discovery Appliance 2.6.1062r1 admin_sys_time.cgi Remote Code Execution
!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoveryadminsystimerce mrme$ ./poc.py 172.16.175.123 admin123 + logged in... + starting backdoor, this will take a few secs... + calling backdoor! id uid=0root gid=0ro...
Trend Micro Threat Discovery Appliance 2.6.1062r1 detected_potential_files.cgi Remote Code Execution
!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoverydetectedpotentialfilesrce mrme$ ./poc.py 172.16.175.123 admin + logged in... + starting backdoor, this will take a few secs... + calling backdoor! id uid=0root...
Trend Micro Threat Discovery Appliance 2.6.1062r1 upload.cgi Remote Code Execution
!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoveryuploadrce mrme$ ./poc.py 172.16.175.123 admin123 + logged in... + popping shell, type 'exit' to exit. $ id uid=0root gid=0root $ uname -a Linux localhost 2.6.24...
Roberto Geissini - Runtime privilege escalation, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Roberto Geissini published at the 'play' market has multiple vulnerabilities...
Santiago Pontiroli and Roberto Martinez on ATM Jackpotting
Threatpost editor Mike Mimoso talks with Roberto Martinez and Santiago Pontiroli, researchers with Kaspersky Lab’s Global Research and Analysis Team GReAT about ATM malware, jackpotting, and why it works so well in Latin America...
WordPress WPshop eCommerce 1.3.9.5 Shell Upload Exploit
This Metasploit module exploits an arbitrary file upload in the WordPress WPshop eCommerce plugin versions 1.3.3.3 to 1.3.9.5. It allows you to upload arbitrary PHP code and get remote code execution. This Metasploit module has been tested successfully on WordPress WPshop eCommerce 1.3.9.5 with...
WordPress WPshop eCommerce 1.3.9.5 Shell Upload
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'WordPress WPshop eCommerce Arbitrary File Upload Vulnerability', 'Description' = %q This module exploits an arbitrary file upload in...
WordPress Plugin Work The Flow - Arbitrary File Upload (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress Work The Flow Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the WordPress...
Threat Outbreak Alert RuleID13929: Email Messages Distributing Malicious Software on March 10, 2015
Medium Alert ID: 37794 First Published: 2015 March 10 19:05 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID13929 may contain the following files: Name | Si...
openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4070)
MozillaThunderbird was updated to version 3.1.8, fixing various security issues. Following security issues were fixed: MFSA 2011-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed...
Samsung Cross Site Scripting
Advisory: design.samsung.com Cross-Site Script Vulnerability XSS Advisory ID: 03062014 Author: Roberto Garcia @1gbDeInfo Affected Software: Successfully tested on design.samsung.com Vendor URL: http://www.design.samsung.com Vendor Status: informed and solved Vulnerability Description The website...
info.vmware.com Cross Site Scripting
Advisory: info.vmware.com Cross-Site Script Vulnerability XSS Advisory ID: VMware Support Request 14479234605 Author: Roberto Garcia Affected Software: Successfully tested on info.vmware.com Vendor URL: htt://info.vmware.com Vendor Status: informed ========================== Vulnerability...
Netgear DGN Authentication Bypass / Command Execution
Unauthenticated command execution on Netgear DGN devices ======================================================== ADVISORY INFORMATION Title: Unauthenticated command execution on Netgear DGN devices Discovery date: 01/05/2013 Release date: 31/05/2013 Credits: Roberto Paleari [email protected],...
Multiple critical vulnerabilities in Maxthon and Avant browsers
Hi, Below you can find a short summary of discovered vulnerabilities in Maxthon and Avant browsers. Such vulnerabilities were demonstrated during HITBAMS2012 security conference and more recently at HackPra. Affected Products - Maxthon www.maxthon.com - Avant Browser www.avantbrowser.com Security...
Oracle GlassFish Server - REST CSRF Vulnerability
Exploit for windows platform in category web applications Details Vendor Site: Oracle www.oracle.com Date: April, 19th 2012 – CVE 2012-0550 Affected Software: Oracle GlassFish Server 3.1.1 build 12 Researcher: Roberto Suggi Liverani PDF version:...
Oracle GlassFish Server 3.1.1 (build 12) - Multiple Cross-Site Scripting Vulnerabilities
Oracle GlassFish Server 3.1.1 build 12 - Multiple Cross-Site Scripting Vulnerabilities Details Vendor Site: Oracle www.oracle.com Date: April, 19th 2012 – CVE 2012-0551 Affected Software: Oracle GlassFish Server 3.1.1 build 12 Researcher: Roberto Suggi Liverani PDF version:...
Oracle GlassFish Server - REST Cross-Site Request Forgery
Oracle GlassFish Server - REST Cross-Site Request Forgery Details Vendor Site: Oracle www.oracle.com Date: April, 19th 2012 – CVE 2012-0550 Affected Software: Oracle GlassFish Server 3.1.1 build 12 Researcher: Roberto Suggi Liverani PDF version:...