GMER 2.1.19163 released 2013.04.04
GMER is an application that detects and removes rootkits .It scans for:hidden processeshidden threadshidden moduleshidden serviceshidden fileshidden disk sectors (MBR)hidden Alternate Data...
View ArticleNew collision attacks on SHA-1 based on optimal joint local-collision analysis
Abstract. The main contributions of this paper are two-fold.Firstly, we present a novel direction in the cryptanalysis of the crypto-graphic hash function SHA-1. Our work builds on previous...
View ArticleZimbra XSS in aspell.php
While trying to see how hard a bug would be to fix in Zimbra duringa discussion with a coworker, I stumbled across a XSS flaw in Zimbra, ina spell checking external webservice.Since I didn't find the...
View ArticlePersonal File Share 1.0 DoS
#!/usr/bin/python#Exploit Title: Personal File Share 1.0 DoS#Date: 2nd April 2013#Exploit Author: npn#Vendor Homepage: http://www.srplab.com/#Software Link:...
View ArticleClik here to view.
Redkit Exploit Kit does the splits
Exploit Kit authors must really love Java . Not only is it ripe with vulnerabilities but its own language provides a great platform to write and deliver malware in different ways. We are used to seeing...
View ArticleHacking with Gems (Ancient City Ruby)
Slides from Benjamin Smith -Hacking with Gems: https:/https://speakerdeck.com/benjaminleesmith/hacking-with-gems-ancient-city-ruby
View ArticleTP-Link TD-8817 CSRF Vulnerability
####################################################################### Exploit Title: TP-Link TD-8817 CSRF Vulnerability# Author: Un0wn_X# E-mail: unownsec@gmail.com# Category: Hardware# Google Dork:...
View ArticleShellcode Execution in .NET using MSIL-based JIT Overwrite
Download: Invoke-ShellcodeMSILWhile investigating MSIL opcodes a while back, I uncovered a useful opcode - Cpblk. Cpblk is the MSIL equivalent of a memcpy. After writing a .NET method that utilized...
View ArticleMultiple Full Path Disclosure Vulnerabilities in TinyWebGallery
=============================================INTERNET SECURITY AUDITORS ALERT 2013-012- Original release date: March 19th, 2013- Last revised: April 6th, 2013- Discovered by: Manuel Garcia Cardenas-...
View ArticleSummary of Latest Linksys Router Vulnerabilites (5 in Total)
# Linksys Router VulnerabilitiesI would like to report several vulnerabilities in Linksys network equipment. A public advisory regarding these issues may be released 30 days after sending this report....
View ArticlePython 2.7.4 was released on April 6, 2013
Python 2.7.4Python 2.7.4 was released on April 6, 2013. This is 2.7 series bugfix release. It includes hundreds of bugfixes over 2.7.3.The Python 2.7 series is scheduled to be the last major version in...
View ArticleHexChat 2.9.4 Local Exploit
#!/usr/bin/python# HexChat 2.9.4 Local Exploit# Bug found by Jules Carter < @iMulitia ># Exploit by Matt "hostess" Andreko < mandreko [at] accuvant.com >#...
View ArticleEasy FTP Server 1.7.0.2 DoS
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****#AutoIt3Wrapper_Outfile=smdcpu.exe#AutoIt3Wrapper_UseUpx=n#AutoIt3Wrapper_Change2CUI=y#EndRegion ;**** Directives created by...
View ArticleMetasploit: HP System Management Homepage Local Privilege Escalation
### This file is part of the Metasploit Framework and may be subject to# redistribution and commercial restrictions. Please see the Metasploit# web site for more information on licensing and terms of...
View Articleimagemagick vulnerability
Imagemagick url coder is affected by a NULL deference trigerrable by userIt only occurs when you use a URL as an image filename and you can'twrite to the temporary directory which is typically /tmp or...
View ArticleVanilla Forums 2.0.18 SQLi Vulnerability
Product Name: Vanilla ForumsVulnerable Version: Up to vanilla-core-2-0-18-4Tested on: Windows Server 2003 Apache 2.4.3 PHP 5.4.7 MySQL 5.5.27Vulnerability Overview: SQL-Injection is possible,...
View ArticleClik here to view.
Detecting TOR Communication in Network Traffic
The anonymity network Tor is often misused by hackers and criminals in order to remotely control hacked computers. In this blog post we explain why Tor is so well suited for such malicious purposes,...
View ArticleLightNEasy 2.2.1 Stored XSS Vulnerability
# Title : LightNEasy 2.2.1 Stored XSS Vulnerability# Date: 2013-03-15# Credit: This Bug was founded by Asesino04 "The Black Devils"# Tested on: Windows XP SP2# Site : http://lightneasy.org/# Category:...
View ArticleInfluence Design
# Title : Influence Design <= Remote (news.php) Based SQL Injection# Date: 2013-04-03# Software Link: http://www.influencedesign.com/# Credit: This Bug was founded by Asesino04 "The Black Devils"#...
View ArticleDamailinglist List System V2.1 Authorization Bypass Vulnerability
# Title : Damailinglist List System V2.1 Authorization Bypass Vulnerability# Date: 2013-04-03# Credit: This Bug was founded by Asesino04 "The Black Devils"# Tested on: Windows XP SP2# Category:...
View Article