phpLiteAdmin Cross-Site Scripting Vulnerability

phpLiteAdmin is a software developer Dane Iracleous developed a set of PHP implementation and Web-based open-source SQLite database management tool . A cross-site scripting vulnerability exists in phpLiteAdmin. When a user browses the affected website, his browser will execute arbitrary script co...

D-Link DSP-W110 Command Execution / SQL Injection / File Upload

D-Link DSP-W110 - multiple vulnerabilities ---- Discovered by: ---- Peter Adkins ---- Access: ---- Local network; unauthenticated access. ---- Tracking and identifiers: ---- CVE - None allocated. ---- Platforms / Firmware confirmed affected: ---- D-Link DSP-W110 Rev A - v1.05b01 ---- Notes: ----...

Hyperfox - HTTP and HTTPs Traffic Interceptor

Hyperfox is a security tool for proxying and recording HTTP and HTTPs communications on a LAN. Hyperfox is capable of forging SSL certificates on the fly using a root CA certificate and its corresponding key both provided by the user. If the target machine recognizes the root CA as trusted, then...

[Xplico 1.1.0] Open Source Network Forensic Analysis Tool (NFAT)

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email POP, IMAP, and SMTP protocols, all HTTP contents, each VoIP call SIP, FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is ...

[Ghost Phisher v1.5] GUI suite for phishing and penetration attacks

Ghost Phisher is an application of security which comes built-in with a fake DNS server ,DHCP server fake, fake HTTP Server and also has a space for the automatic capture and recording credentials HTTP method of the form to a database. The program could be used for on-demand service of DHCP, DNS,...

[Cansina] Web Content Discovery Application

It takes general available lists of common path and files used by web applications and make URL requests looking back to the server response code. Cansina stores the information in a sqlite database omitting 404 responses. One for every new url think this as a kind of projects feature and the sam...

[Introspy] Monitor app in your iDevice

The Problem In 2013, assessing the security of iOS applications still involves a lot of manual, time-consuming tasks - especially when performing a black-box assessment. Without access to source code, a comprehensive review of these application currently requires in-depth knowledge of various API...

ReadyMedia - Remote Heap Buffer Overflow

source: https://www.securityfocus.com/bid/61282/info ReadyMedia is prone to a remote heap-based buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service...

[SpiderFoot v2.0] The Open Source Footprinting tool

SpiderFoot is a free, open-source footprinting tool, enabling you to perform various scans against a given domain name in order to obtain information such as sub-domains, e-mail addresses, owned netblocks, web server versions and so on. The main objective of SpiderFoot is to automate the...

[Ghost Phisher] GUI suite for phishing and penetration attacks

Ghost Phisher is a Wireless and Ethernet security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to emulate access points and deploy various internal networking servers for networking, penetration testing and...

PHPLiteAdmin 1.9.3 - Remote PHP Code Injection

Exploit Title: phpliteadmin phpliteadmin.php1785: 'When you create a new database, the name you entered will be appended with the appropriate file extension .db, .db3, .sqlite, etc. if you do not include it yourself. The database will be created in the directory you specified as the $directory...

PHP Lite Admin 1.9.3 Code Injection

Exploit Title: phpliteadmin phpliteadmin.php1785: 'When you create a new database, the name you entered will be appended with the appropriate file extension .db, .db3, .sqlite, etc. if you do not include it yourself. The database will be created in the directory you specified as the $directory...

PHPLiteAdmin 1.9.3 - Remote PHP Code Injection

PHPLiteAdmin 1.9.3 - Remote PHP Code Injection Exploit Title: phpliteadmin phpliteadmin.php1785: 'When you create a new database, the name you entered will be appended with the appropriate file extension .db, .db3, .sqlite, etc. if you do not include it yourself. The database will be created in t...

Cells Blog CMS v1.1 - Multiple Web Vulnerabilities

Document Title: =============== Cells Blog CMS v1.1 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=591 Release Date: ============= 2012-06-04 Vulnerability Laboratory ID VL-ID: ==================================== 591 Comm...

Havalite CMS 1.0.4 - Multiple Vulnerabilities

Havalite CMS 1.0.4 - Multiple Vulnerabilities Title: ====== Havalite CMS v1.0.4 - Multiple Web Vulnerabilities Date: ===== 2012-04-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=520 VL-ID: ===== 520 Introduction: ============= Havalite, a lightweight, open source CM...

Muster Render Farm Management System Arbitrary File Download

Exploit for php platform in category web applications Name: Muster Render Farm Management System Arbitrary File Download Vendor Website : http://www.vvertex.com/muster.html Date Released : November 29, 2011 Affected Software : Muster 6.20 Researcher : Nick Freeman email protected Description...

Muster Render Farm Management System - Arbitrary File Download

Muster Render Farm Management System - Arbitrary File Download Name: Muster Render Farm Management System Arbitrary File Download Vendor Website : http://www.vvertex.com/muster.html Date Released : November 29, 2011 Affected Software : Muster 6.20 Researcher : Nick Freeman...

Muster Render Farm Management System - Arbitrary File Download

Name: Muster Render Farm Management System Arbitrary File Download Vendor Website : http://www.vvertex.com/muster.html Date Released : November 29, 2011 Affected Software : Muster 6.20 Researcher : Nick Freeman [email protected] Description Security-Assessment.com has discovere...

DarkComet-RAT v4.0 Fix1 Released - Fully Cryptable

DarkComet-RAT v4.0 Fix1 Released - Fully Cryptable DarkComet-RAT v4.0 Change log - DarkComet-RAT is now compiled on Delphi XE instead of Delphi 2010. - Synthax highlighter added in remote keylogger. - Multithreading is now more efficient, no more freezing, using a new powerfull and stable...

Android Passwords are stored in plain text on Disk

Android Passwords are stored in plain text on Disk A Android user complain that , All passwords are stored in plane text on Disk via a message on discussion board of Android. He said "The password for email accounts is stored into the SQLite DB which in turn stores it on the phone's file system i...