CVE-2014-2719

AdvancedSystemContent.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code...

Code injection

AdvancedSystemContent.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code...

Yahoo!: readble .htaccess + Source Code Disclosure (+ .SVN repository)

Thank you for your submission to the Yahoo Bug Bounty program. We were able to reproduce the issue you reported and have implemented appropriate fixes. We appreciate your adherence to responsible disclosure guidelines and look forward to your future participation in the program...

Concrete CMS: FULL PATH DISCLOSUR

Full Path Disclosure FPD vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the loadfile within a SQL Injection query to view the page source, require the attacker to have the full path to the file they wis...

IRCCloud: Login CSRF

Hi sir, There is no mitigation of XCSRF in your login form. Kindly check the source code of login: Login Forgotten your password? kindly let me know if you needed more information. Clifford...

MS-DOS: Bug in Source Code Files(v1.1)

Hello, While i was Going through object Files of v1.1 and Opened MS-dos Applications everything was going fine, Then i opened 'CHKDSK' Then suddenly the interface Crashed and It After That it Gave Such a Feedback to my Windows That All the DOS Related Applications are incompatible And are not a...

[SECURITY] Fedora 20 Update: python-astroid-1.0.1-2.fc20

The aim of this module is to provide a common base representation of python source code for projects such as pychecker, pyreverse, pylint, and others. It extends the class defined in the compiler.ast python module with some additional methods and attributes...

EspCMS最新版可伪造任意帐户登陆（简单利用代码）

简要描述： EspCMS最新版可伪造任意帐户登陆（源码分析） 测试版本espcmsutf85.8.14.03.03b 详细说明： EspCMS中用户cookie生成算法中重要的就是dbpscode 貌似前面有大牛提交过多次，厂商都只是略作修改，并没有最终搞定问题 这里来说一下，可以通过注册普通帐号，通过帐号+cookie破解得到dbpscode 首先是cookie加密算法，/public/classfunction.php，144-170行 function eccode$string, $operation = 'DECODE', $key =...

vtiger CRM 5.4.0 get_tickets_list SQLi

SQL Injection vulnerability in vtiger CRM getticketslist SOAP method in /soap/customerportal.php Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

Oracle Demantra 12.2.1 - Arbitrary File Disclosure

Exploit for windows platform in category web applications Details: The Team discovered a Local File Include LFI vulnerability. A file inclusion vulnerability occurs when a file from the target system is injected into a page on the attacked server page. The vulnerable page is: /demantra/GraphServl...

Oracle Demantra 12.2.1 - Arbitrary File Disclosure

Oracle Demantra 12.2.1 - Arbitrary File Disclosure Details: The Team discovered a Local File Include LFI vulnerability. A file inclusion vulnerability occurs when a file from the target system is injected into a page on the attacked server page. The vulnerable page is: /demantra/GraphServlet...

DedeCMS latest through the kill injection(buy_action.php)vulnerability analysis-vulnerability warning-the black bar safety net

0x00 Preface Two days ago, dark clouds white hat submitted two DedeCMS through killing injection vulnerabilities, much noise uproar, 2, No. 5, weaving dreams official release of the patch, so you download the latest code back to do a comparison, here is a simple analysis under the one injection...

startbbs最新版本泄露任意用户邮箱

简要描述： 都不知道挖到哪里去了，你们的源码昨天看了一天了...... 详细说明： 主要是你们开发安全意识差啊... /themes/default/userinfo.php在第86行有这样一句 联系方式: " class="external mail"-- 把用户的邮箱输出了但是被注释了！-- 查看源码就可以了。 漏洞证明： 这里我测试了官网demo的，抓取了一个妹子的....（PS：已经加为好友！）...

Google Chrome Developer Tools vulnerability exploit-vulnerability warning-the black bar safety net

0x00 introduction The story originated in the Chromium source code in the named InjectedScriptSource.js files, this file is responsible for the console in the command execution. Maybe a lot of people would say: 【Wait! Why is the JavaScript in charge of the command execution,Chromium/Chrome is not...

CVE-2014-0842

The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code...

Default credentials

The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code...

CVE-2014-0842

The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code...

CVE-2014-0842

The CVE-2014-0842 vulnerability affects IBM Rational Focal Point 6.4.x and 6.5.x prior to 6.5.2.3, and 6.6.x prior to 6.6.1. The account-creation page places the new user’s default password in the HTML source, allowing remote attackers to read sensitive credentials via page source inspection. Imp...

[ParameterFuzz v1.8] Parameter´s auditor for web applications

ParameterFuzz is a tool to check the level of fortification in web applications, try to cover the field more exploited by hackers, as the majority of known attacks are based on exploiting poorly filtered parameters. Just as SQL injection, Cross Site Scripting or RFI among others. This tool is...

Android iBanking Trojan Source Code Leaked Online

Smartphone is the need of everyone today and so the first target of most of the Cyber Criminals. Malware authors are getting to know their market and are changing their way of operations. Since last year we have seen a rise in the number of hackers moving from the Blackhat into the Greyhat. The...