Wordpress xmlrpc. php brute force vulnerability-a vulnerability warning-the black bar safety net

wordpress is very popular open source blog, which provides remote POST method is used with pathxmlrpc.phpthis file recently broke xmlrpc vulnerability, the vulnerability principle is through the xmlrpc authentication, even when authentication fails, it will not be Wordpress to install the securit...

QuasiBot - Webshell Manager aka HTTP Botnet

QuasiBot is a complex webshell manager written in PHP, which operate on web-based backdoors implemented by user himself. Using prepared php backdoors, quasiBot will work as C&C trying to communicate with each backdoor. Tool goes beyond average web-shell managers, since it delivers useful function...

Russian Government Asks Apple to Hand Over iOS and Mac Source Code

Just few days after the announcement that Russian government will pay almost 4 million ruble approximately equal to $111,000 to the one who can devise a reliable technology to decrypt data sent over the Tor, now the government wants something which is really tough. APPLE & SAP, HAND OVER YOUR...

CVE-2014-4747

The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser...

CVE-2014-4747

IBM Sametime Classic Meeting Server 8.x up to 8.5.2.1 is affected by CVE-2014-4747, where a physically proximate attacker can read the HTML source in a victim’s browser to discover a meeting password hash. The vulnerability is described as a local issue arising from access to an unattended workst...

CVE-2014-4747

The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser...

aNmap - Android Network Mapper (Nmap for Android)

Nmap is one of the most improtant tools for every cracker white, grey black hat "hacker". Nmap is a legendary hack tool and probably the prevelent networt security port scanner tool over the last 10 years on all major Operating Systems. So far it was available in windows, linux and Mac OS X. But...

Aerohive HiveOS 5.1r5 - 6.1r5 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Aerohive HiveOS XSS and limited LFI Date: 11-07-2014 Exploit Author: Rik van Duijn - DearBytes dearbytes.com Vendor Homepage: http://www.aerohive.com/products/overview.html Version: 5.1r5 - 6.1r5 possibly earlier versions...

CVE-2014-2366

upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code...

Code injection

upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code...

CVE-2014-2366

CVE-2014-2366 affects Advantech WebAccess prior to 7.2, where upAdminPg.asp can disclose credentials to remote authenticated users by exposing them in the HTML source. Evidence from NVD/NIST and multiple advisories confirms the vulnerable component and the credential disclosure flaw, with a high ...

CVE-2014-2366 Advantech WebAccess Cleartext Storage of Sensitive Information in Memory

upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code...

How to prevent the next heartbleed-vulnerability warning-the black bar safety net

I. Introduction Based on the OpenSSL heart bleed vulnerability was considered to be the CVE-2 0 1 4-0 1 6 0 serious problem, OpenSSL is widely used in SSL and TLS plug-in. As used herein, the heart bleed vulnerability explanation this vulnerability is what is the use. This article studies the...

Netsparker v3.5 - Web Application Security Scanner

Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting XSS and security issues on all web applications and websites regardless of the platform and the technology they are built on. Netsparker is very easy to u...

Joomla! Component Youtube Gallery 4.1.7 - SQL Injection

Exploit Title: Joomla component comyoutubegallery - SQL Injection vulnerability Google Dork: inurl:index.php?option=comyoutubegallery Date: 15-07-2014 Exploit Author: Pham Van Khanh [email protected] Vendor Homepage: http://www.joomlaboat.com/youtube-gallery Software Link:...

释锐教育区校版电子书包教学平台XSS漏洞

简要描述： 看到http://www.wooyun.org/bugs/wooyun-2010-051965过了，我也来了 存储型xss 详细说明： 利用官方demo测试 http://demo.31390.com:8080/eLearning/user.html 随意点击一个用户 在留言处写入xss语句 点击留言试试 直接就给弹了。。 看看源代码 毫无过滤 测试地址：http://demo.31390.com:8080/eLearning/message/s800.html 其实本身是html文件，给予xss很大空间 测试一下通用性...

Aerohive HiveOS 5.1r5 6.1r5 - Multiple Vulnerabilities

Aerohive HiveOS 5.1r5 6.1r5 - Multiple Vulnerabilities Exploit Title: Aerohive HiveOS XSS and limited LFI Date: 11-07-2014 Exploit Author: Rik van Duijn - DearBytes dearbytes.com Vendor Homepage: http://www.aerohive.com/products/overview.html Version: 5.1r5 - 6.1r5 possibly earlier versions...

Aerohive HiveOS 5.1r5 < 6.1r5 - Multiple Vulnerabilities

Exploit Title: Aerohive HiveOS XSS and limited LFI Date: 11-07-2014 Exploit Author: Rik van Duijn - DearBytes dearbytes.com Vendor Homepage: http://www.aerohive.com/products/overview.html Version: 5.1r5 - 6.1r5 possibly earlier versions Description ================ Aerohive version 5.1r5 through...

'Tinba' Banking Malware Source Code Leaked Online

The source code for the smallest but sophisticated banking Trojan Tinba has been leaked through an online post in an underground forum, which make it available for anyone who knows where to look for free malware generation tools. The files posted on the closed russian underground forum turned out...

Tinba Banker Trojan Source Code Posted

The source code for Tinba, known as the smallest banker Trojan in circulation, has been posted on an underground forum. Researchers say that the files turned out to be the source code for version one of Tinba, which was identified in 2012, and is the original, privately sold version of the...