Information Security News and Exploits

Providing you with Security News and Exploits from all over the web.

Entries for July 16th, 2010

Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability

Jul.16, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Struts2/XWork &lt; 2.2.0 Remote Command Execution Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================================
Struts2/XWork &lt; 2.2.0 Remote Command Execution Vulnerability
============================================================
Apache Struts team has announced uploaded but has not released, due to an unreasonably prolonged voting process, the 2.2.0 release of the Struts2 web framework [...]

Leave a Comment

ORACLE BPM Process Administrator (XSS)

Jul.16, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ORACLE BPM Process Administrator (XSS)</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================
ORACLE BPM Process Administrator XSS
====================================
|——————————————————————|
| [...]

Leave a Comment

Joomla Component com_foobla_suggestions LFI Vulnerability

Jul.16, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_foobla_suggestions LFI Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================================
Joomla Component com_foobla_suggestions LFI Vulnerability
=========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Advneced Management For Services Sites am4ss1.1 (RFI) Vulnerability

Jul.16, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Advneced Management For Services Sites am4ss1.1 (RFI) Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================================================
Advneced Management For Services Sites am4ss1.1 (RFI) Vulnerability
===================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

Leave a Comment

Pre webhost System authentication bypass

Jul.16, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Pre webhost System authentication bypass</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>========================================
Pre webhost System authentication bypass
========================================
#################################################################
# Exploit Title: Pre webhost System authentication bypass
# Date: 16th july 2010
# Author: D4rk357
#Critical:high
#contact:d4rk357[at]yahoo[dot]in
Price : 150$
# Software Link:http://preproject.com/preweb.asp
Greetz to :b0nd, Fbih2s,Beenu,rockey killer,The empty(), punter,eberly,prashant
Shoutz to : http://www.garage4hackers.com/forum.php , h4ck3r.in [...]

Leave a Comment

Pre E smart cart authentication bypass

Jul.16, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Pre E smart cart authentication bypass</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>======================================
Pre E smart cart authentication bypass
======================================
#################################################################
# Exploit Title:Pre E smart cart authentication bypass
# Date: 16th july 2010
# Author: D4rk357
#Critical:high
#contact:d4rk357[at]yahoo[dot]in
Price : 49$
# Software Link:http://preproject.com/smartcart.asp
Greetz to :b0nd, Fbih2s,Beenu,rockey killer,The empty(), punter,eberly,prashant
Shoutz to : [...]

Leave a Comment

PRE DYNAMIC INSTITUTION WEB authentication bypass

Jul.16, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>PRE DYNAMIC INSTITUTION WEB authentication bypass</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================
PRE DYNAMIC INSTITUTION WEB authentication bypass
=================================================
#################################################################
# Exploit Title: PRE DYNAMIC INSTITUTION WEB authentication bypass
# Date: 16th july 2010
# Author: D4rk357
#Critical:high
#contact:d4rk357[at]yahoo[dot]in
Price : 150$
# Software Link:http://preproject.com/uniweb.asp
Greetz to :b0nd, Fbih2s,Beenu,rockey killer,The empty(), punter,eberly,prashant
Shoutz to : [...]

Leave a Comment

NinkoBB (Setup Admin Account) Vulnerability

Jul.16, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>NinkoBB (Setup Admin Account) Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===========================================
NinkoBB (Setup Admin Account) Vulnerability
===========================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

SoftClones Marketing Management System authentication bypass

Jul.16, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>SoftClones Marketing Management System authentication bypass</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================================
SoftClones Marketing Management System authentication bypass
============================================================
#################################################################
# Exploit Title: SoftClones Marketing Management System authentication bypass
# Date: 16th july 2010
# Author: D4rk357
#Critical:high
#contact:d4rk357[at]yahoo[dot]in
Price : 300$
# Software Link:http://preproject.com/freelance.asp
Greetz to :b0nd, Fbih2s,Beenu,rockey killer,The empty(), punter,eberly,prashant
Shoutz to [...]

Leave a Comment

AlegroCart 1.2.3beta Remote Upload File Exploit

Jul.16, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>AlegroCart 1.2.3beta Remote Upload File Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================
AlegroCart 1.2.3beta Remote Upload File Exploit
===============================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

kanarya shop (Data Base Dump) Vulnerability

Jul.16, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>kanarya shop (Data Base Dump) Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===========================================
kanarya shop (Data Base Dump) Vulnerability
===========================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

my book v1 (insecure Cookie Handling) Vulnerability

Jul.16, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>my book v1 (insecure Cookie Handling) Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================================
my book v1 (insecure Cookie Handling) Vulnerability
===================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

SaphpLesson4.0 (RFI) Vulnerability

Jul.16, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>SaphpLesson4.0 (RFI) Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==================================
SaphpLesson4.0 (RFI) Vulnerability
==================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

SnitzTM Forums 2000 Version 3.4.07 (Data Base Dump) Vulnerability

Jul.16, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>SnitzTM Forums 2000 Version 3.4.07 (Data Base Dump) Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================================
SnitzTM Forums 2000 Version 3.4.07 (Data Base Dump) Vulnerability
=================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

Leave a Comment

zenPHOTO (Cross Site Scripting in URI) Vulnerability

Jul.16, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>zenPHOTO (Cross Site Scripting in URI) Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
zenPHOTO (Cross Site Scripting in URI) Vulnerability
====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Invision power board 2.x 3.x 0-day DDOS

Jul.16, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Invision power board 2.x 3.x 0-day DDOS</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================
Invision power board 2.x 3.x 0-day DDOS
=======================================
The largest Exploit Database in the world !
# 2.x 3.x are effected
# [...]

Leave a Comment

Haihaisoft PDF Reader OCX Control v1.1.2.0 Remote Buffer Overflow

Jul.16, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Haihaisoft PDF Reader OCX Control v1.1.2.0 Remote Buffer Overflow</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================================
Haihaisoft PDF Reader OCX Control v1.1.2.0 Remote Buffer Overflow
=================================================================
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
==================================================================================
==================================================================================
Haihaisoft PDF Reader OCX Control Remote Buffer Overflow
url: http://www.haihaisoft.com/
==================================================================================
==================================================================================
Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://www.shinnai.altervista.org/
[...]

Leave a Comment

Novell Groupwise Internet Agent Stack Overflow

Jul.16, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Novell Groupwise Internet Agent Stack Overflow</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================
Novell Groupwise Internet Agent Stack Overflow
==============================================
#####################################################################################
Application: Novell Groupwise Internet Agent Stack Overflow
Platforms: Windows, Linux, Netware (GroupWise 7.0, 7.01, 7.02, 7.03x, 7.04, 8.0, 8.01x)
Exploitation: Remote code execution
CVE [...]

Leave a Comment

Mini-Stream RM-MP3 Converter v3.1.2.1 (.pls) Stack Buffer Overflow

Jul.16, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Mini-Stream RM-MP3 Converter v3.1.2.1 (.pls) Stack Buffer Overflow</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================================================
Mini-Stream RM-MP3 Converter v3.1.2.1 (.pls) Stack Buffer Overflow universal
============================================================================
#Mini-Stream RM-MP3 Converter v3.1.2.1 (.pls) Stack Buffer Overflow
universal
#By Madjix (lemail ma3andkoum madirou bih)
#Sec4ever.com
my $junk=&quot;http://&quot;.&quot;x41&quot; x 17425;
my $ret = &quot;xCFxDAx05×10&quot;; #jump to ESP [...]

Leave a Comment

Hackers clone French Foreign Ministry website

Jul.16, 2010 in News

France yesterday suffered what might be called a bad web day. A pirate internet site, looking for all the world like the official Foreign Ministry site, began bombarding the world with bogus declarations and announcements.
At the same time a long-awaited official site, which is supposed to present a can-do image of France to investors and [...]

Leave a Comment