Information Security News and Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>libpng &lt;= 1.4.2 Denial of Service Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================
libpng &lt;= 1.4.2 Denial of Service Vulnerability
===============================================
/*
Exploit Title: libpng &lt;= 1.4.2 DoS
Date: [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>RapidLeech Scrits Remote File Upload (transfer &amp; run shell php)</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================================
RapidLeech Scrits Remote File Upload (transfer &amp; run shell php)
===============================================================
# Exploit Title: RapidLeech Scrits Remote File Upload ( transfer &amp; run shell php )???????????????????
# Date: 21/07/2010????????????????????????????
# Author: H-SK33PY?????????????????????
# [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Imagine-cms &lt;= 2.50 SQL Injection Exploit Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================================
Imagine-cms &lt;= 2.50 SQL Injection Exploit Vulnerability
=======================================================
#!/usr/bin/perl
###########################################
#
# Script Name : Imagine-cms 2.50
#
# Version : 2.50
#
# Bug Type : SQL Injection
#
# Found by : Metropolis
#
# Home : http://metropolis.fr.cr
#
# Discovered : 21/07/2010
#
# [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_jomtube Blind / SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================================
Joomla Component com_jomtube Blind / SQL Injection Vulnerability
================================================================
Author : SixP4ck3r
Email &amp; msn : SixP4ck3r@Bolivia.com
Date [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_mls_teams Persistent XSS Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===========================================================
Joomla Component com_mls_teams Persistent XSS Vulnerability
===========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>AJ HYIP PRIME (welcome.php/news.php) Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>======================================================================
AJ HYIP PRIME (welcome.php/news.php) Blind SQL Injection Vulnerability
======================================================================
- site: http://www.ajsquare.com/products/ajhyip/index.php
- about AJ HYIP:
AJ HYIP is a complete financial tool with no technical
knowledge required to manage the site. AJ HYIP software
is [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Site! Professional Edition 2.1 CMS SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================================
Site! Professional Edition 2.1 CMS SQL Injection Vulnerability
==============================================================
Author : Darkzzzz , poni
Email : ferdianelli@yahoo.com
Date : 22 July 2010
web : http://forum.xcode.or.id
[0x00] Informations :
# Discovered : Darkzzzz , poni
# Homepage : http://forum.xcode.or.id
# [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>WebAd 2.2 Local File Inclusion Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================
WebAd 2.2 Local File Inclusion Vulnerability
============================================
###########################################
#
# Script Name : WebAd 2.2
#
# Version : 2.2 / 2010
#
# Bug Type : LFI (local file inclusion)
#
# Found by : Metropolis
#
# Home : http://metropolis.fr.cr
#
# Discovered [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Free PHP photo gallery script Remote Command Execution Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================================
Free PHP photo gallery script Remote Command Execution Vulnerability
====================================================================
# Date: 2010/07/21
# Author: ViRuS Qalaa
# Email: em9@live.com
# My Sites : www.pal-mafia.com &amp; www.vbspiders.com
# Script home: http://www.phpgalleryscript.org
# download Script: http://phpweby.com/downloads/gallery
# Tested [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Free PHP photo gallery script Remote File inclusion Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================================
Free PHP photo gallery script Remote File inclusion Vulnerability
=================================================================
# Date: 2010/07/21
# Author: ViRuS Qalaa
# Email: em9@live.com
# My Sites : www.pal-mafia.com &amp; www.vbspiders.com
# Script home: http://www.phpgalleryscript.org
# download Script: http://phpweby.com/downloads/gallery
# Tested [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>phpBazar admin Information Disclosure Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================================
phpBazar admin Information Disclosure Vulnerability
===================================================
Author :: Net_Spy
Group [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>PHPBB MOD 2.0.19 Invitation Only PassCode Bypass Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================================
PHPBB MOD 2.0.19 Invitation Only PassCode Bypass Vulnerability
==============================================================
——————————————————————————-
0 [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ShaadiClone v2x Persistent XSS Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================
ShaadiClone v2x Persistent XSS Vulnerability
============================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Zeejobsite Upload Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================
Zeejobsite Upload Vulnerability
===============================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Apple is at the industry leader in many areas, but it certainly doesn’t want to know it’s the industry leader in terms of security flaws. That’s the conclusion reached by security firm Secunia, in their half-year report for 2010 (.PDF).
In the first six months of 2010, Apple had more reported vulnerabilities than any other company. [...]

Despite assertions by Apple that its OS and software are more secure than Windows, it’s all just software, and there’s no such thing as bug-free software. Thus, we have a report from security guru Jeremiah Grossman, which highlights a very scary Safari flaw.
Safari has browser autofill enabled by default. The flaw is such that websites [...]

LinkedIn, Facebook, Twitter and social networking in general are argued by some to have tangible business benefits, but are these communication channels nothing more than a business risk gateway or do they have the potential to deliver a real and positive impact upon total Return on Investment (ROI)?
Leading research and advisory company Gartner predicts social [...]

The Windows attack used by a recently discovered worm is being picked up by other virus writers and will soon become much more widespread, according to security vendor Eset.
Eset reported Thursday that two new families of malicious software have popped up, both of which exploit a vulnerability in the way Windows processes .link files, used [...]

Has search and advertising giant Google been tracking you just to sell you stuff — or is it because the U.S. government asked it to? A congressional hearing later today may raise more questions than answers.
Since May, Google has been in hot water worldwide over the information it collected during its street-mapping projects. European regulators [...]

Microsoft will not follow the lead of Mozilla and Google in paying researchers for reporting vulnerabilities, a company executive said today.
"We don’t think [bug bounties] are the best way for us to compensate researchers," said Mike Reavey, director of the Microsoft Security Research Center (MSRC) in an interview Thursday.
Reavey was responding to questions about recent [...]