Information Security News and Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>PMS (pvt) CMS Multiple SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==================================================
PMS (pvt) CMS Multiple SQL Injection Vulnerability
==================================================
##############################################################################
# [+]Title: [PMS (pvt) CMS Multiple SQL Injection Vulnerability]
##############################################################################
# [+] About :
==============================================================================
# Author : GlaDiaT0R
# Contact: the_gl4di4t0r[AT]hotmail[DOT]com or berrahal.ryadh[AT]gmail[DOT]com
# Team : Tunisian Power [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>GSM SIM Utility Local Exploit Direct Ret ver</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================
GSM SIM Utility Local Exploit Direct Ret ver
============================================
# Exploit Title : GSM SIM Utility Local Exploit Direct Ret ver.
# Date : [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Hero DVD Remote Buffer Overflow Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================
Hero DVD Remote Buffer Overflow Exploit
=======================================
# Exploit Title : Hero DVD Remote Buffer Overflow Exploit
# Date : July 7, 2010
# Author [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>LojaDoSite Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================
LojaDoSite Blind SQL Injection Vulnerability
============================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component (com_booklibrary) Remote File Include Vulnerablility</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=====================================================================
Joomla Component (com_booklibrary) Remote File Include Vulnerablility
=====================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla JS Profile Persistent XSS Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================
Joomla JS Profile Persistent XSS Vulnerability
==============================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla PaymentsPlus Mtree 2.1.5 Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================================
Joomla PaymentsPlus Mtree 2.1.5 Blind SQL Injection Vulnerability
=================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

Apple claims that an email exchange between CEO Steve Jobs and a customer over the iPhone 4â??s reception issues is a fake, according to the company.
The conversation had originally been printed on 1 July on the blog Boy Genius Report, and features Jobs trying to placate an irate, self-described â??Mac fanâ?.
An Apple spokesperson â??emphaticallyâ? denied [...]

Justin Bieber has got pranked by his haters. BBC News reported that users at imageboard website 4Chan have hacked into "Justin Bieber My World" contest, a public vote in the Canadian singer’s My World Tour page asking fans which country he should take his tour to next, and have successfully making North Korea shot up [...]

Democracy: masses of voters selecting among bidders for power, with only their own interests to restrain the choice, and little to restrain the bids offered.
What’s best for an individual is not always good for society and vice versa. When the decision is made by a citizen alone in a voting booth, that citizen’s needs are [...]

Kaspersky’s new spam report for May 2010 states that the list of top 10 malware supplying countries remained the same when compared to the list of April 2010.
The firm states in its report that the developed regions are still the most lucrative targets for hackers who have greater chances of making profit by hitting users [...]

The average "innocuous invalid rate" in Anchor Intelligence’s network declined to 29.8% in the second quarter of 2010, representing a 36.1% sequential decrease. That means the invalid traffic rate dropped to less than 1% from 7% in the prior quarter, according to the company’s Traffic Quality Q2 2010 report released Monday. But the decrease does [...]

About a year ago, Facebook had some 150 million total users and according to latest stats nearly 175 million users log in to Facebook daily now. The most popular social networking website in the world connects 400 million users worldwide with friends, acquaintances, and sometimes with complete strangers.
A network as huge as Facebook [...]

Apple Inc. said it is putting new security measures in its iTunes store after hundreds of consumers’ accounts were breached by an app developer, the latest sign that the popular online service is attracting unscrupulous activity.
Other customers, in interviews, have complained about fraudulent activity on iTunes. Some say hackers have hijacked their accounts and gone [...]

A multi-step attack targeting defense exporters was recently reported on Symantecâ??s security blog. This ploy first invaded one defense contractorâ??s network where it set up a directory on the system for fake press releases. The invaded network was then used to send emails from that network to employees of a second defense contractor. Those emails [...]

The US military has filed charges against a soldier detained in connection with the leak of a classified video showing a 2007 US helicopter attack that killed a dozen people in Iraq, officials said on Tuesday.
Bradley Manning, 22, was charged on Monday with criminal counts including allegations he disclosed classified national defence information, exceeded his [...]

The iPhone Dev Team is known for their remarkable history of developing several tools that enabled the use of many unauthorized applications on various Apple products, such as the iPhone, iPad and iPod Touch.
Musclenerd is another popular member of this development team and has recently announced that it is going to launch another new application. [...]

For electronics hobbyists, the open source chipset BeagleBoard that packs as much punch as a smartphone processor might seem like the key to paradise.
Yet it is the relatively underpowered 8-bit microcontroller Arduino that has captured the attention of DIYers.
Arduino began as a project in Italy in 2005 and since then has turned into an open [...]

A white paper from HP discusses the threats posed to 802.11 wireless LANs from hackers and provides best-practices approaches to securing WLANs.
Entitled Securing the Enterprise Wireless LAN: How to protect against security breaches in a wireless age, the paper offers guidance from developing appropriate security policies to how to manage individual pieces of WLAN hardware. [...]

An Adobe patch for a well-publicized bug in the company’s Reader PDF software doesn’t fix the vulnerability, the security researcher who uncovered the flaw confirmed.
Last Tuesday, Adobe shipped an update for Reader and Acrobat, its popular PDF-viewing and -creation programs, that patched 17 vulnerabilities, including a design issue that gave attackers an easy way to [...]