Injecting a Backdoor into SolarWinds Orion

Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process: Key Points SUNSPOT is StellarParticles malware used to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product. SUNSPOT monitors...

The vulnerability of Microsoft Business Productivity Servers, SharePoint Server, and SharePoint Enterprise Server lies in errors in the mechanism for checking the source code of application packages. This allows attackers to execute arbitrary code.

The vulnerability of the Microsoft SharePoint software package is related to errors in the mechanism for checking the source markup of the application’s code. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Stud.IP <= 1.3.0-2 Multiple Remote File Include Vulnerabilities

No description provided by source. /------------------------------------------------ IHS Public advisory -------------------------------------------------/ Stud.IP Remote File Inclusion Stud.IP is a learning and an information management system for universities, educational facilities and...

Esselbach Storyteller CMS System 1.8 - SQL Injection

Exploit Title: Esselbach Storyteller CMS System Version 1.8 page.php Remote SQL Injection Vulnerability Date: March, 9th 2011 GMT +7 Author: Shamus Software Link: http://www.esselbach.com/ Version : Esselbach Storyteller CMS System Version 1.8 Tested on: windows CVE : -...

Anantasoft's Gazelle CMS 1.0 XSS

/ /ghostblup\ \ / / i love you Indonesia \ \ / / i love you ratih \ \ / / i love you full \ \ --------------------- -------------------------- ============================================ ----------------------------------------------------------------------------------------...

Attachmax Dolphin <= 2.1.0 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ========================================================== Attachmax Dolphin = 2.1.0 Multiple Remote Vulnerabilities ==========================================================...

Prozilla Hosting Index - cat_id SQL Injection

Prozilla Hosting Index - catid SQL Injection \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV88$2008 ----------------------------------------------------------------------------------------- ECHOADV88$2008 Prozilla Hosting Index directory.php catid Blind...

[SA22075] Web-News &quot;content_page&quot; File Inclusion Vulnerability

TITLE: Web-News "contentpage" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA22075 VERIFY ADVISORY: http://secunia.com/advisories/22075/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Web-News 1.x http://secunia.com/product/12104/ DESCRIPTION: Drago84 has...

[SA21955] aeDating &quot;dir[inc]&quot; File Inclusion Vulnerabilities

TITLE: aeDating "dirinc" File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA21955 VERIFY ADVISORY: http://secunia.com/advisories/21955/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: aeDating 4.x http://secunia.com/product/5709/ aeDating 3.x...

[SA21796] photokorn &quot;dir_path&quot; File Inclusion Vulnerabilities

TITLE: photokorn "dirpath" File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA21796 VERIFY ADVISORY: http://secunia.com/advisories/21796/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: photokorn 1.x http://secunia.com/product/9586/ DESCRIPTION: Some vulnerabilitie...

[SA21594] SportsPHool &quot;mainnav&quot; File Inclusion Vulnerability

TITLE: SportsPHool "mainnav" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA21594 VERIFY ADVISORY: http://secunia.com/advisories/21594/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: SportsPHool 1.x http://secunia.com/product/11629/ DESCRIPTION: Kacper has...

[SA20884] MKPortal &quot;ind&quot; Local File Inclusion Vulnerability

---------------------------------------------------------------------- Reverse Engineer Wanted Secunia offers a Security Specialist position with emphasis on reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports...

StudIP1302.txt

/------------------------------------------------ IHS Public advisory -------------------------------------------------/ Stud.IP Remote File Inclusion Stud.IP is a learning and an information management system for universities, educational facilities and enterprises. http://www.studip.de...

plumeCMS113.txt

The original article can be found at: http://www.hamid.ir/security/ http://www.IHSteam.com Vulnerable Systems: Plume CMS 1.1.3 Vulnerable Code : path/plume-1.1.3/plume/manager/tools/link/dbinstall.php //Vulnerable Code :line 39 requireonce $PXconfig'managerpath'.'/inc/class.checklist.php';...

Plume CMS 1.1.3 (dbinstall.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ================================================================= Plume CMS 1.1.3 dbinstall.php Remote File Include Vulnerability =================================================================...

Plume CMS 1.1.3 (dbinstall.php) Remote File Include Vulnerability

No description provided by source. /------------------------------------------------ IHS Public advisory -------------------------------------------------/ Plume CMS Remote File Inclusion It uses PHP and MySql. With a single installation of Plume you can have multiple websites, file management,...

Plume CMS 1.1.3 - dbinstall.php Remote File Inclusion

Plume CMS 1.1.3 - dbinstall.php Remote File Inclusion /------------------------------------------------ IHS Public advisory -------------------------------------------------/ Plume CMS Remote File Inclusion It uses PHP and MySql. With a single installation of Plume you can have multiple websites,...

Plume CMS 1.1.3 - &#039;dbinstall.php&#039; Remote File Inclusion

/------------------------------------------------ IHS Public advisory -------------------------------------------------/ Plume CMS Remote File Inclusion It uses PHP and MySql. With a single installation of Plume you can have multiple websites, file management, multiple authors with different righ...

Stud.IP 1.3.0-2 - Multiple Remote File Inclusions

/------------------------------------------------ IHS Public advisory -------------------------------------------------/ Stud.IP Remote File Inclusion Stud.IP is a learning and an information management system for universities, educational facilities and enterprises. http://www.studip.de...

[SA20115] Php Blue Dragon CMS &quot;vsDragonRootPath&quot; File Inclusion

TITLE: Php Blue Dragon CMS "vsDragonRootPath" File Inclusion SECUNIA ADVISORY ID: SA20115 VERIFY ADVISORY: http://secunia.com/advisories/20115/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Php Blue Dragon CMS 2.x http://secunia.com/product/9942/ DESCRIPTION: Kacper...