Invision Power Board 3.4.5

File disclosure in Invision Power Board Minifythird party app Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

OpenX 'flowplayer-3.1.1.min.js' Backdoor Vulnerability

OpenX is prone to a backdoor vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openx:openx"; ifdescription...

Code injection

maininternet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code...

Code injection

mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document...

CVE-2013-2243

mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document...

Malware Evasion Techniques Dissected at Black Hat

Malware ingenuity isn’t limited to its functionality or its ability to propagate. Sometimes malicious code has to have guile to survive. That means for the most part having an innate understanding of when it’s being analyzed by a security expert. Numerous samples from different malware families...

Japanese Poker champion charged for distributing Android malware

Famous poker player 'Masaaki Kagawa' who won about $1.5 million in poker tournaments has been arrested by Japanese authorities for allegedly distributing Android malware. According to Symantec, He is just one of nine men arrested for distributing spam that included emails with links to Android...

Japanese Poker champion charged for distributing Android malware

Famous poker player 'Masaaki Kagawa' who won about $1.5 million in poker tournaments has been arrested by Japanese authorities for allegedly distributing Android malware. According to Symantec, He is just one of nine men arrested for distributing spam that included emails with links to Android...

struts2 latest vulnerability S2-0 1 6, S2-0 1 7 patch programme-vulnerability warning-the black bar safety net

Yesterday struts2 blast a good deal of vulnerability, with know Brother words to say is:“this afternoon the whole Chinese hacking ring like mad started to use this exploit black site, everyone can feel it.” See under the clouds the two days of data: ! Related reports: The disaster: the Chinese...

Web application security vulnerability analysis and prevention（PHP article-the vulnerability warning-the black bar safety net

PHP is the current Internet environment in the most mainstream of dynamic website development script language, using PHP development of Web application security is also a hacker like the focus of attention. This article will by source code analysis a way to use PHP to write Web application securi...

Web application security vulnerability analysis and prevention（ASP article-the vulnerability warning-the black bar safety net

In previous articles we have for common Web security vulnerabilities and prevention methods are analyzed and described, and learn to Web security vulnerability of the website's security operations as well as corporate sensitive information anti-leakage effect is huge, so effective against Web...

Oracle Linux 4 : HelixPlayer removal (ELSA-2010-0981)

From Red Hat Security Advisory 2010:0981 : Helix Player contains multiple security flaws and should no longer be used. This update removes the HelixPlayer package from Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common...

WordPress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/61116/info miniBB is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities. Successful exploits could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data...

Carberp Web Panel C2 Backdoor Remote PHP Code Execution

This module exploits backdoors that can be found all over the leaked source code of the Carberp botnet C2 Web Panel. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Carberp Web Panel C2 Backdoo...

Carberp Source Code Leaked

The source code for the Carberp Trojan, which typically sells for $40,000 on the underground, has been leaked and is now available to anyone who wants it. The leak has echoes of the release of the Zeus crimeware source code a couple of years ago and has security researchers concerned that it may...

imacs CMS 0.3.0 Shell Upload

?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : imacs CMS Unrestricted File Upload Exploit Date...

PHP-Fusion: source code security analysis report

Several vulnerabilities were discovered in PHP-Fusion 'PHP-Fusion' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Incorrect User Input Filtration when Using Regular Expressions while Calling the pregreplace Function Using Insufficiently...

One dedecms variable coverage holes of the wretched use of the method-vulnerability warning-the black bar safety net

The most recent dedecms variable coverage holes, and finally can control the global variables, but can not completely control $GLOBALS$v1 .= $v2; Note that there is a sliding scale, is in an initialized global variable content on a sliding scale the content. It has now been disclosed the exploit...

fingerprint_os

This plugin fingerprints the remote web server and tries to determine the Operating System family Windows, Unix, etc.. The fingerprinting is at this moment really trivial, because it only uses one technique: windows path separator in the URL. For example, if the input URL is...

un_ssl

This plugin verifies that URLs that are available using HTTPS arent available over an insecure HTTP protocol. To detect this, the plugin simply requests "https://abc/a.asp" and "http://abc.asp" and if both are equal, a vulnerability is found. Plugin type Audit Options This plugin doesnt have any...