WPA Cluster Cracker: Moscrack

Moscrack WPA Cluster Cracker Moscrack facilitates the use of a WPA cracker on a cluster. Currently it works with Mosix clustering software, SSH, RSH and Pyrit. It works by reading a word list from STDIN or a file, breaking it into chunks and passing those chunks off to seperate processes that run...

Resin Application Server 4.0.36 Source Code Disclosure

Resin Application Server 4.0.36 Source Code Disclosure Vulnerability Vendor: Caucho Technology, Inc. Product web page: http://www.caucho.com Affected version: Resin Professional Web And Application Server 4.0.36 Summary: Resin is the Java Application Server for high traffic sites that require spe...

Resin Application Server 4.0.36 Source Code Disclosure Vulnerability

Summary Resin is the Java Application Server for high traffic sites that require speed and scalability. It is one of the earliest Java Application Servers, and has stood the test of time due to engineering prowess. Description The vulnerability is caused do to an improper sanitization of the 'fil...

php LFI to read the php file source code as well as directly post webshell-vulnerability warning-the black bar safety net

Recently in the busy defcon topic training where a set of topics where there is a foreigner to write it is mentioned in the LFI, another tips The original text please refer to the PS: the skill is not a new technology bull God has certainly been with got bored, so when passing on the line =,= I...

EasyTalk微博客官网可被入侵并且添加源码后门

简要描述： 成功的入侵事件，可添加源代码后门。 详细说明： nginx解析问题 漏洞证明：...

Triangle MicroWorks Improper Input Validation

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in multiple Triangle MicroWorks’ products and third‑party components. Triangle MicroWorks has produced an update that mitigates this vulnerability. Adam Crain has...

74CMS talent system v3. 2 injection& full version pass rounded out the background-bug warning-the black bar safety net

Because a station with this system next to the station is also no start so went down the parts of the source code to read Set of procedures filter is still relatively full, but all versions are GBK encoding is his flawed but basically the string into the library when the author used the iconv to...

Chinese hackers who breached Google in 2010 gained access to thousands of surveillance orders

In 2010, as part of what has been dubbed as Operation Aurora, Chinese hackers infiltrated a special database within Google's systems and gained access to a sensitive database worth of information about American surveillance targets. Google reported the hack publicly years ago, saying that the...

ecsho后台任意用户可以下载整站源码

简要描述： ecshop2.5以上版本全部存在只要有后台帐号即可下载整站源码 详细说明： PS:默认安装如果选择了安装测试数据就会多出2个帐号。本文从这两个帐号开始！ 这个漏洞存在ec2.5以上的所有版本中 漏洞发生在 admin/template.php 行575 模版备份处 if $REQUEST'act' == 'backup' includeonce'includes/clsphpzip.php'; $tpl = trim$REQUEST'tplname'; $filename = '../temp/backup/' . $tpl . '' . date'Ymd' . '.zip...

nginx explosive integer overflow vulnerability-vulnerability warning-the black bar safety net

Qihoo 3 6 0 security research team recently discovered nginx a serious vulnerability, the vulnerability exists in nginx ngxhttpcloseconnection function, the attacker can construct r-count is less than 0 or greater than 2 5 5 malicious HTTP request, the vulnerability could remotely execute arbitra...

CSDJCMS拿shell漏洞与PHP源码分析过程

简要描述： CSDJCMS漏洞后台拿shell 详细说明： includeonce"include/install.php"; ifSIsInstall==0 header"Location:install/install.php"; includeonce"include/label.php"; ifSWebmode==1 or !fileexists"index.html" //缓存区 $cacheid ='index'; if!$cacheopt-start$cacheid echo GetTemp"index.html",0; $cacheopt-end; else...

[Brakeman v1.9.5] The Static analysis security scanner for Ruby on Rails

Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development. Unlike many web security scanners, Brakeman looks at the source code of your application. This...

Winnti Cyberespionage Campaign Targets Gaming Companies

A cybercrime gang has been running roughshod over the gaming industry for years using malware signed with valid digital certificates to steal source code and valuable in-game currency for a number of popular online games. Researchers at Kaspersky Lab this morning published a report on the Winnti...

PonyOS 0.4.99-mlp - Multiple Vulnerabilities

Exploit for linux platform in category local exploits Introduction ------------ Like countless others, I was pretty excited about PonyOS yesterday April 1st 2013 and decided to give it a go. After wasting a lot of time nyan'ing, I knew this was the future of desktop OSes. However, I wondered how...

[Ghost Phisher] GUI suite for phishing and penetration attacks

Ghost Phisher is a Wireless and Ethernet security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to emulate access points and deploy various internal networking servers for networking, penetration testing and...

AMI Firmware Source Code, Private Key Leaked

Source code and a private signing key for firmware manufactured by a popular PC hardware maker American Megatrends Inc. AMI have been found on an open FTP server hosted in Taiwan. Researcher Brandan Wilson found the company’s data hosted on an unnamed vendor’s FTP server. Among the vendor’s...

PonyOS 0.4.99-mlp Privilege Escalation

Advisory: PonyOS Security Issues John Cartwright Introduction ------------ Like countless others, I was pretty excited about PonyOS yesterday April 1st 2013 and decided to give it a go. After wasting a lot of time nyan'ing, I knew this was the future of desktop OSes. However, I wondered how secur...

XYCMS law firm built Station system injection vulnerability-vulnerability warning-the black bar safety net

Preface: just ass boring download the audit the next,slightly looked down, the vulnerabilities too much. ps: with a contribution of plate articles is somewhat similar Lustful dividing line -------------------------------------------------------- Audit version: XYCMS law firm built Station system...

GOOGLE shopping built Station system injection vulnerability-vulnerability warning-the black bar safety net

Find an injection point http://www.xxx.com /DiaryA. asp? UBID=&DCID=DC2012050610553697&DIID=DI2012050610583389 Habitual plus’having1=1-- http://www.xxx.com.tw/DiaryA.asp?UBID=&DCID=DC2012050610553697&DIID=DI2012050610583389’having 1=1— ! Broke DiaryA. dlTitle（this time very excited.） Then continu...

XYCMS biotechnology company vulnerability analysis-vulnerability warning-the black bar safety net

Well, the wooden things found online to find a source code to analyze. Search for karma, we an individual file to see it. ------------------------Injection----------------- The first file. common. the asp file. % id=request. QueryString"id" set rs=server. createobject"adodb. recordset"...