AShop 5.4.0 CSRF/XSS Vulnerability
########################################### Exploit Title: AShop 5.4.0 CSRF/XSS Vulnerability# Date: 23-03-2013# Author: DaOne aka Mocking Bird# Vendor Homepage: http://www.ashopsoftware.com/# Software...
View ArticleAContent 1.3 Local File Inclusion
##########################################[~] Exploit Title: AContent 1.3 Local File Inclusion[~] Date: 21-03-2013[~] Author: DaOne aka Mocking Bird[~] Vendor Homepage: http://atutor.ca/acontent/[~]...
View ArticleBackupbuddy wordpress plugin - sensitive data exposure in importbuddy.php
### Backupbuddy - sensitive data exposure in importbuddy.php## "the premiere WordPress backup plugin to backup, restore and moveWordPress"# http://ithemes.com/purchase/backupbuddy/## known versions...
View ArticleJAOW 2.4.8 XSS Vulnerability
############################################# Script Name : JAOW 2.4.8## Version : 2.4.8## Bug Type : XSS vulnerability## Found by : Metropolis## Home : http://metropolis.fr.cr## Discovered :...
View ArticleKaspersky Lab report: Evaluating the threat level of software vulnerabilities
OverviewVulnerable programs are among the most commonplace ways to attack victims and steal personal data. Exploits, pieces of malicious code that utilize vulnerabilities in popular software to infect...
View ArticleOSX/Pintsized Backdoor Additional Details
OSX/Pintsized Backdoor Additional DetailsIn complement to my blog post regarding Facebook, Twitter and Apple victims of a watering hole attacks, you will find here under some additional informations...
View ArticleXSS vulnerabilities in ZeroClipboard and multiple web applications
In February I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard and multiple web applications. This is additional information on this topic.XSS vulnerabilities in...
View ArticleCunity 1.0b - XSS/FileUpload Vulnerabilities
########################################### Exploit Title: Cunity 1.0b - XSS/FileUpload Vulnerabilities# Date: 2013-03-24# Author: DaOne aka Mocking Bird# Vendor Homepage: http://www.cunity.net/#...
View ArticleSecurity Appliance Market Continues to Grow Steadily in Fourth Quarter of...
FRAMINGHAM, Mass.--(BUSINESS WIRE)--According to the International Data Corporation (IDC) Worldwide Quarterly Security Appliance Tracker, both factory revenue and unit shipment growth rose in the...
View ArticlePalo Alto Networks Research Shows Real-Time Apps and FTP are Preferred...
Modern Malware Review Shows Traditional Antivirus Struggles To Detect Malware that Actively Avoids DetectionSANTA CLARA, Calif., March 25, 2013 /PRNewswire/ -- Palo Alto Networks™ , the network...
View ArticleDynamsoft's Newest Web TWAIN SDK Improves Security With Sandbox
Dynamic Web TWAIN 9.0 SDK Now Includes Sandbox Mechanism for Added Security by Separating Scanning Devices From BrowsersVANCOUVER, BC--(Marketwire - Mar 25, 2013) - A new web TWAIN software...
View ArticleXSS vulnerability on WP-Banners-Lite (wordpress plugin)
I. Background--------------[-] Affected plugin: WP Banners Lite[-] Plugin Description: The plugin easily allows you to manage adbanners on your site.[-] Plugin URL:...
View ArticleIconCool MP3 WAV Converter 3.00 Build 120518 - Stack Buffer Overflow...
# Exploit Title: IconCool MP3 WAV Converter Stack Buffer Overflow Vulnerability# Date: 3/24/2013# Exploit Author: G0li47h# Vendor Homepage: http://www.iconcool.com# Software Link:...
View ArticleMitsubishi MX ActiveX Component v3 (ActUWzd.dll (WzTitle)) - Remote Exploit
<!--Title: Mitsubishi MX Component v3 ActiveX 365+-Day [ActUWzd.dll (WzTitle)]By: Dr_IDEFile: C:\MELSEC\Act\Control\ActUWzd.dll (Version 1.0.0.1)Known Affected Systems: CitectScada 7.10r1 ships...
View ArticleLiquidXML Studio 2010 ActiveX Remote 0-day
<html><object classid='clsid:E68E401C-7DB0-4F3A-88E1-159882468A79' id='target'/></object><script>var sofa = "..\\..\\..\\..\\..\\..\\..\\..\\..\\Documents and Settings\\All...
View ArticleLiquidXML Studio 2012 ActiveX Insecure Method Executable File Creation 0-day
<html><object classid='clsid:8AEEAB4A-E1DA-4354-B800-8F0B553770E1' id='target'/></object><script>var sofa = "..\\..\\..\\..\\..\\..\\..\\..\\..\\Documents and Settings\\All...
View ArticleHow KDE almost lost all 1500 of their Git repositories
Click on the following links......http://jefferai.org/2013/03/24/too-perfect-a-mirror/http://jefferai.org/2013/03/24/screw-the-mirrors/
View ArticleClipShare 4.1.1 (gmembers.php, gid param) - Blind SQL Injection Vulnerability
# Exploit Title: ClipShare 4.1.1 (gmembers.php) Blind SQL Injection Vulnerability# Exploit Author: Esac# Vulnerable Software: ClipShare - Video Sharing Community Script 4.1.4# Official site:...
View Article"Ra1NX" PHP Bot pubcall Authentication Bypass Remote Code Execution
# Exploit Title: "Ra1NX" PHP Bot pubcall Authentication Bypass Remote Code Execution# Date: March 24, 2013# Exploit Author: bwall# Software Link:...
View ArticleRemote command injection vulnerability in Rosewill RSVA11001 (Hi3515 based)
I have been hacking on a Rosewill RSVA11001 for a while now, something tosuck up my free time. I had pulled apart the firmware previously but didnot succeed in finding a way to get a shell on the...
View Article