Atom CMS Shell Upload / SQL Injection / Bypass Vulnerabilities

Atom CMS suffers from remote shell upload and remote SQL injection vulnerabilities. Exploit Title : Atom CMS SQL Injection and file upload vulnerability Author : Jagriti Sahu Vendor : https://github.com/thedigicraft/Atom.CMS Date : 07/07/2014 Discovered at : IndiShell Lab Love to : Surbhi, Mradul...

nph-maillist 3.0/3.5 Arbitrary Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2563/info nph-maillist is a Perl CGI script that handles mailing lists, typically used to notify interested users of site updates. A hostile user can enter commands embedded in an email address via the subscription form,...

FreeBSD 3.4/4.0/5.0,NetBSD 1.4 Unaligned IP Option Denial of Service

No description provided by source. source: http://www.securityfocus.com/bid/1173/info A vulnerability exists in the 1.4.x NetBSD kernel that may allow remote attackers to cause the machine to kernel panic on certain architectures. By sending a packet to a machine running the Alpha or SPARC versio...

[oss-security] LMS-2014-06-16-5: Linux Kernel LZ4

Hello All, A vulnerability has been identified in the Linux kernel LZ4 implementation. Please find the bug report attached inline. Best, Don A. Bailey Founder / CEO Lab Mouse Security https://www.securitymouse.com/ Lab Mouse Security Report LMS-2014-06-16-5 Report ID: LMS-2014-06-16-5 CVE ID:...

Localize: Login page password-guessing attack

Login page password-guessing attack Vulnerability description A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and...

CVE-2013-4377

Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service daemon crash by "hot-unplugging" a virtio device...

PT-2013-5591 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions 9.1 through 9.11.6 Description: The issue allows remote attackers to cause a denial of service, resulting in a device reload. This can be achieved by sending either an ICMP or ICMPv6...

Metasploit Exploit Module for IE Zero-Day Vulnerability

It’s been 14 days since Microsoft issued an advisory and temporary mitigation for a zero-day vulnerability in Internet Explorer, one being actively exploited in the wild and called by some experts as severe a browser bug as you can have. Yet users have since had little more to shield them from...

Watchguard Server Center 11.7.4 Insecure Library Loading

Watchguard Server Center v11.7.4 wgpr.dll Insecure Library Loading Local Privilege Escalation Vulnerability RCE Security Advisory http://www.rcesecurity.com 1. ADVISORY INFORMATION ----------------------- Product: Watchguard Server Center Vendor URL: www.watchguard.com Type: Uncontrolled Search...

FunGamez Remote Shell Upload

FunGamez Remote File Upload Vulnerability Brought to you by cr4wl3r http://bastardlabs.info Software Link: http://sourceforge.net/projects/fg-gsm/?source=dlp Tested: Linux, Windows ----------------------------------------------- Source FunGamez/admin/modules/game.php .......... 135 And your shell...

Alt-N MDaemon 13.0.3 and 12.5.6 Email Body HTML/JS Injection Vulnerability

Exploit for windows platform in category web applications VULNERABILITY DESCRIPTION: ========================== Alt-N MDaemon is prone to an HTML/Javascript injection vulnerability because it fails to sanitize user-supplied input. Attacker-supplied HTML and/or JavaScript code could run in the...

CVE-2012-2802

Unspecified vulnerability in the ac3decodeframe function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes."...

PlumeCMS 1.2.4 Cross Site Scripting

+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : PlumeCMS = 1.2.4 Multiple Persistent XSS Date : 04-04-2012 Author : Ivano Binetti http://www.ivanobinetti.com Software link :...

PT-2012-2000

Name of the Vulnerable Software and Affected Versions: BackupPC versions 3.0.0 through 3.2.1 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to "index.cgi", related to the log file viewer...

KaiBB 2.0.1 - SQL Injection

KaiBB 2.0.1 - SQL Injection Advisory: KaiBB 2.0.1 XSS and SQL Injection vulnerabilities Advisory ID: SSCHADV2011-027 Author: Stefan Schurtz Affected Software: Successfully tested on KaiBB 2.0.1 Vendor URL: http://code.google.com/p/kaibb/ Vendor Status: informed CVE-ID: - =========================...

acroread: critical APSB11-03

The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image with crafted 1 height and 2 width values for an RLE8 compressed bitmap, which trigger...

Hua-speed online trading platform V13 full version more than the presence of injection vulnerabilities-vulnerability warning-the black bar safety net

Publishing author: wandering wind Affected versions: V13 Official website: http://www.hs173.cn Vulnerability type: SQL injection Vulnerability Description: The program is also the only anti-get and post two kinds of injection, then we can use the cookie injection, get admin username and password...

eoCMS 0.9 nightly Mullti Vulnerability

Exploit for php platform in category web applications ====================================== eoCMS 0.9 nightly Mullti Vulnerability ====================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/...

Yahoo Status Checker File upload Vulnerability

Exploit for php platform in category web applications ============================================== Yahoo Status Checker File upload Vulnerability ============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /...

Microsoft Word Record Parsing Buffer Overflow

MS Word Record Parsing Buffer OverflowMS-09-027 Vulnerble application MS office 2003 Tested on XP SP2 - MS Ofice 2003 v. 11.5604.5606 Bug Found By Wushi of team509 Greets Villy, Abhishek Lyall and ASL IT SECURITY TEAM Author Abhishek Sahni - abhi00703atgmaildotcom, infoataslitsecuritydotcom Web -...