Zabbix 2.0.5 Password Disclosure

This module requires Metasploit Date: 25-09-2013 Author: Pablo González Vendor Homepage: Zabbix - http://www.zabbix.com Software Link: http://www.zabbix.com Version: 2.0.5 Tested On: Linux Ubuntu, Suse, CentOS CVE: CVE-2013-5572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5572 More Inf...

Zabbix 2.0.5 - Cleartext ldap_bind_Password Password Disclosure (Metasploit)

This module requires Metasploit Date: 25-09-2013 Author: Pablo González Vendor Homepage: Zabbix - http://www.zabbix.com Software Link: http://www.zabbix.com Version: 2.0.5 Tested On: Linux Ubuntu, Suse, CentOS CVE: CVE-2013-5572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5572 More Inf...

‘DarkLeaks’ Black Market — Anonymously Selling Secrets for Bitcoins

An all new anonymous online underground black market website, DarkLeaks, has been introduced on the Internet where Whistleblowers, blackmailers, hackers and any individual can trade/sell sensitive and valuable data/secrets anonymously in exchange for Bitcoin payments. DarkLeaks is a decentralized...

Rig Exploit Kit Source Code Leaked

A spitting match between developers of the Rig Exploit Kit and one of its resellers resulted in a partial leak of the kit’s source code in a hacker forum. Rig is less than a year old and is spread primarily in malvertising campaigns, pushing Flash, Java and Microsoft Silverlight exploits; some...

Kallithea Information Disclosure Vulnerability

Kallithea is a free source code management system. Kallithea suffers from an information disclosure vulnerability that allows remote attackers to obtain sensitive information...

China Demands Tech Companies to give them Backdoor and Encryption Keys

A number of western companies are doing big business in China, but now they may have to pay a huge value for to do so. China has introduced strict new banking cyber security regulations on western companies selling technology to Chinese banks. The Chinese government wants backdoors installed in a...

JADX - Java source code from Android Dex and Apk files

Command line and GUI tools for produce Java source code from Android Dex and Apk files. Usage jadx-gui options .dex, .apk, .jar or .class options: -d, --output-dir - output directory -j, --threads-count - processing threads count -f, --fallback - make simple dump using goto instead of 'if', 'for'...

Dex to Java Decompiler: jadx

Command line and GUI tools for produce Java source code from Android Dex and Apk files Building from source git clone https://github.com/skylot/jadx.git cd jadx ./gradlew dist on Windows, use gradlew.bat instead of ./gradlew Scripts for run jadx will be placed in build/jadx/bin and also packed to...

Vimeo: CRITICAL full source code/config disclosure for Cameo

Hi! The server at https://ci.cameo.tv/ has directory listing on and seems to host quiet a few debian packages containing extremely sensitive information database paswords, API keys, you name it. One example is the config package containing 16 config files, even personal ones containing local...

CTF: ASUS RT-AC66U router vulnerabilities problem-solving analysis-vulnerability warning-the black bar safety net

I'm on EFF's open wireless router campaign is very interested in, however they not at all on their device display. The rules of the game in the RT-AC66U are listed as may be used to attack the device. I have a personal RT-AC66U, so I decided for all the CTF participants to write a small tutorial...

Wordpress WP Symposium File Upload

File upload vulnerability in Wordpress WP Symposium Plugin Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

SecurityAdvisory 2015-04-14

The source code contains a logical flaw related to user PIN aka PW1 verification that allows an attacker with local host privileges and/or physical proximity NFC to perform security operations without knowledge of the user’s PIN code...

NetDecision-Traffic-4.5.1

Title : Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability Author : Prabhu S Angadi SecPod Technologies www.secpod.com Vendor : http://www.netmechanica.com Advisory : http://secpod.org/blog/?p=481...

Openwall 3.1 Released With Fixes for Shellshock, POODLE Attack

The maintainers of the Openwall security enhanced Linux distribution have released a new stable version, which includes fixes for a number of serious vulnerabilities, such as the Shellshock Bash bug and the flaw in SSLv3 that leads to the POODLE attack. Openwall is designed to be a small, compact...

ASUSWRT 3.0.0.4.376_1071 - LAN Backdoor Command Execution Exploit

ASUSWRT version 3.0.0.4.3761071 suffers from a remote command execution vulnerability. A service called "infosvr" listens on port 9999 on the LAN bridge. Normally this service is used for device discovery using the "ASUS Wireless Router Device Discovery Utility", but this service contains a featu...

Facebook Careers Page XXE Vulnerability Patched

A vulnerability was discovered and patched in a third-party service that handles resumes on Facebook’s careers page. The discovery was worth more than $6,000 in a bounty paid out by Facebook to researcher Mohamed Ramadan of Egypt, who published some details of the vulnerability and exploit on his...

Windows Meterpreter (Reflective Injection), Hidden Bind Ipknock TCP Stager

Inject the Meterpreter server DLL via the Reflective Dll Injection payload staged. Requires Windows XP SP2 or newer. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping...

Enter: Stored XSS in api key of operator wallet

Make an operation wallet 2. Open wallet settings 3. Press "New key" 4. In source code remove "maxlength=30" of key's name input tag - no length check on server-side 5. Fill name input with "asdf" PoC 6. Press "Generate Key" 7. After that when open wallet settings we got XSS. 8. In case we can...

NotePad++ 6.6.9 Buffer Overflow

!/usr/bin/python Exploit Title: NotePad++ v6.6.9 Buffer Overflow URL Vendor: http://notepad-plus-plus.org/ Vendor Name: NotePad Version: 6.6.9 Date: 22/12/2014 CVE: CVE-2014-1004 Author: TaurusOmar Twitter: @TaurusOmar Email: [email protected] Home: overhat.blogspot.com Risk: Medium...

John the Ripper 1.8.0-jumbo-1 - Fast Password Cracker

John the Ripper is a free password cracking software tool. Initially developed for the Unix operating system, it now runs on fifteen different platforms eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVMS. It is one of the most popular password testing and...