144 matches found
CVE-2013-0269
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...
CVE-2013-0269
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...
CVE-2013-0333
lib/activesupport/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication v...
One million pages infected by Lilupophilupop SQL injection
One million pages infected by Lilupophilupop SQL injection ISC Internet Storm Center reported that lilupophilupop.com SQL injection attacks. There were about 80 pages infected according to Google searches few weeks back and now it raise to over 1 million . sites being injected with string :...
Research: Botnets, the Most Prevalent Threat in the Enterprise
Botnets are the most significant source of malicious Web traffic for enterprises on the Internet, according to new research from ZScaler’s ThreatLabz. Over the past 30 days, botnets have accounted for nearly 80 percent of the security blocks within ZScaler’s network. In a distant second place amo...
Infoproject Biznis Heroj (login.php) Authentication Bypass Vulnerability
Summary Biznis Heroj or Business Hero is the first software on the Macedonian market that will help you manage your business processes in your company, such as accounting, production, acquisition, archiving, inventory, and the Cloud. Using the Cloud technology, Biznis Heroj allows you to access t...
Million ASP.Net web sites affected with mass SQL injection attack
Million ASP.Net web sites affected with mass SQL injection attack Hackers are in the midst of a massively successful SQL injection attack targeting websites built on Microsoft's ASP.Net platform. About 180,000 pages have been affected so far, security researchers say. Attackers have planted...
Million ASP.Net web sites affected with mass SQL injection attack
Million ASP.Net web sites affected with mass SQL injection attack Hackers are in the midst of a massively successful SQL injection attack targeting websites built on Microsoft's ASP.Net platform. About 180,000 pages have been affected so far, security researchers say. Attackers have planted...
vTiger CRM 5.2.1 Blind SQL Injection
vTiger CRM 5.2.x = Blind SQL Injection Vulnerability 1. OVERVIEW The vTiger CRM 5.2.1 and lower versions are vulnerable to Blind SQL Injection. No fixed version has been released as of 2011-10-05. 2. BACKGROUND vtiger CRM is a free, full-featured, 100% Open Source CRM software ideal for small and...
Top100 Arena Gaming Sites Network hacked By ACA [Albanian Cyber Army]
Top100 Arena Gaming Sites Network hacked By ACA Albanian Cyber Army Albania hackers have exploited one of the biggest Game Arena site "Top100 " database using SQL injection attack. They leak the database on mediafire. Hackers belongs from group ACA Albanian Cyber Army...
Indian Government Computers are also Corrupted like Government
Indian Government Computers are also Corrupted like Government One of the Indian Hacker named "nomcat " claim to hack into the Indian Prime Ministers Office Computers and install R.A.T remote administration tool in them. He also Expose the Vulnerability in Income Tax website and Database...
#OpBart : BART Police database hacked by Anonymous
OpBart : BART Police database hacked by Anonymous A database belonging to the BART Police Officers Association appears to have been hacked by Anonymous Hackers and the names, postal and email addresses of officers posted online HERE. Some say it was Anonymous, some say it was a n00b mademoiselle...
Oracle website vulnerable to SQL injection
Oracle website vulnerable to SQL injection vulnerability Oracle database website itself vulnerable to SQL injection attack. The website having a loophole by which any attacker can easily hack into it. The vulnerability is found and submitted by Hacker "m@m@ ". Oracle provides the world's most...
Dslreports.com hacked, Over 9000 accounts compromised !
Dslreports.com hacked, Over 9000 accounts compromised ! DSL Reports - the information and review site on high speed Internet services which operates over 200 forums - has been hit with a blind SQL injection attack, which resulted in the compromise of at least 9000 accounts. Founder Justin Beech...
Sightseeing Firm Overlooks Security, 110k Credit Card Numbers Stolen
CitySights owner Twin America says the credit card details of 110,000 customers were stolen in a Web based attack and suggests it wasn’t following Payment Card Industry guidelines for storing card data. The parent company of the CitySights sightseeing tours company, Twin America LLC, said in a...
Scripts Feed Business Directory SQL Injection
============================================================================== Scripts Feed Business Directory SQL Injection Vulnerability ============================================================================== + My home http://hack-tech.com + Date Submitted: February 27 2010 + Founder: Cr...
osTicket 1.6 RC4 - Admin Login Blind SQL Injection
nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-007 osTicket Admin Login Blind SQL Injection Application: osTicket v1.6 RC4 Vendor: osTicket Vendor website: http://www.osticket.com Author: Adam Baldwin [email protected] I. BACKGROUND "osTicket is a widely-us...
Meto Forum 1.1 - Multiple SQL Injections
-------------------------------------------\ Meto Forum v1.1 Multiple Remote SQL Ä°injectin Vulnerable Script : http://www.aspindir.com/goster/5444 Risk : Forum in All users saved password is to take. Coded : Asp , SQL Language = 'Acces'...
Mihalism Multi Host Download (Username) Blind SQL Injection Exploit
Exploit for unknown platform in category web applications =================================================================== Mihalism Multi Host Download Username Blind SQL Injection Exploit =================================================================== ?php / Mihalism Multi Host Download -...
Mihalism Multi Host Download (Username) Blind SQL Injection Exploit
No description provided by source. ?php / Moubik Romanian Security Team - http://rstzone.org presents Mihalism Multi Host Download - Blind SQL Injection Attack Thanks to Vladii for telling me about the CMS. Thanks to Shocker for telling Vladii about the CMS. Shoutz to Kw3rln, Bankai, Slick,...