Information Security News and Exploits

Source: http://inj3ct0r.com/exploits/13487

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component Appointinator 1.0.1 Multiple Remote Vulnerabilities</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================================
Joomla Component Appointinator 1.0.1 Multiple Remote Vulnerabilities
====================================================================
Appointinator 1.0.1 Joomla Component Multiple Remote Vulnerabilities
Name Appointinator
Vendor [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>nuBuilder Remote File inclusion Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================
nuBuilder Remote File inclusion Vulnerability
=============================================
Software: nuBuilder 10.04.x and lower(maybe)?
Type: Remote File Inclusion
Download: http://sourceforge.net/projects/nubuilder/files/
Author: Ahlspiess
Email: ahlspiess@tbdsecurity.com
Vulnerable file: report.php
report.php file content
1 &lt;?php
2 /*
3 ** File: report.php
4 ** [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ClickAndBanex (Auth Bypass) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================================
ClickAndBanex (Auth Bypass) SQL Injection Vulnerability
=======================================================
# Author: [walid]
# Software Link: [null]
# Version: [null]
# Tested on: [Windows]
# CVE : [null]
* Founded By : WaLiD
* E-mail : Rezultas[at]Gmail[Dot]com
* GreeTZ : [:) [Gaza]]
———————————————————
vondor : http://icash.ch
———————————————————
Exploit [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_maxcomment Sql Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===========================================================
Joomla Component com_maxcomment Sql Injection Vulnerability
===========================================================
Author : SixP4ck3r
Email &amp; msn : SixP4ck3r@Bolivia.com
Date : 27 July 2010
Critical Lvl : low
Where : From Remote
web : http://foro.nbsecurity.net/
Credits : Diablada and caporal is Bolivian!
Dork : inurl:com_maxcomment
—————————————————————————
[Exploting..Bug..Demo..]
http://example/index.php?option=com_maxcomment&amp;task=quote&amp;id=[SQL]&amp;lang=es&amp;Itemid=1
—————————————————————————
With [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>EggBlogg 4.1 &lt;= LFI Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================
EggBlogg 4.1 &lt;= LFI Vulnerability
=================================
# Exploit Title: EggBlogg 4.1 &lt;= LFI
# Date: 28 luglio 2010
# Author: Anti Sec
# Software Link: http://eggblog.net/
# Version: 4.1
# Google dork : Eggblogg
# Platform / Tested on: Slackware 13.1
# [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Powered by Arcs Solutions Auth Bypass Admin</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===========================================
Powered by Arcs Solutions Auth Bypass Admin
===========================================
========================================================================
| # Title : Powered by Arcs Solutions Auth Bypass Admin
| # Author : Spy-Q8
| # Date : 28/7/2010
| # email [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>AV Arcade v3 Cookie Authentication Bypass</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================
AV Arcade v3 Cookie Authentication Bypass
=========================================
:—————————————————————————-:
: # Software : AV Arcade v3 [PHP] [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component PhotoMap Gallery 1.6.0 Multiple Blind SQL Injection</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================================
Joomla Component PhotoMap Gallery 1.6.0 Multiple Blind SQL Injection
====================================================================
PhotoMap Gallery 1.6.0 Joomla Component Multiple Blind SQL Injection
Name [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Netvision V-1.0 RFI Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================
Netvision V-1.0 RFI Vulnerability
=================================
[...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Zemana AntiLogger AntiLog32.sys &lt;= 1.5.2.755 Local Privilege Escalation</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================================================
Zemana AntiLogger AntiLog32.sys &lt;= 1.5.2.755 Local Privilege Escalation
=======================================================================
Zemana AntiLogger AntiLog32.sys &lt;= 1.5.2.755 Local Privilege Escalation Vulnerability
VULNERABLE PRODUCTS
Zemana AntiLogger &lt;=1.9.2.2.206
DETAILS:
AntiLog32.sys create a device called DeviceAntiLog32 , and handles DeviceIoControl request IoControlCode [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Apache Tomcat &lt; 6.0.18 UTF8 Directory Traversal Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================================
Apache Tomcat &lt; 6.0.18 UTF8 Directory Traversal Vulnerability
=============================================================
/*Apache Tomcat &lt; 6.0.18 UTF8 Directory Traversal Vulnerability get /etc/passwd Exploit
c0d3r: mywisdom
thanks for not being lame to change exploit author
tis is one of [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Symantec AMS Intel Alert Handler Service Design Flaw</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
Symantec AMS Intel Alert Handler Service Design Flaw
====================================================
// Remote command execution at System level without authentication
// Advisory:https://www.foofus.net/?page_id=149
// Exploit Title: Symantec AMS Intel Alert Handler service Design Flaw
// Date: 07/28/10
// Author: [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>UPlusFTP Server v1.7.1.01 HTTP Remote Buffer Overflow Post Auth</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================================
UPlusFTP Server v1.7.1.01 HTTP Remote Buffer Overflow Post Auth
===============================================================
#!/usr/bin/python
import socket,sys,base64
print &quot;&quot;&quot;
#
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
UPlusFTP Server v1.7.1.01 [ HTTP ] Remote BoF Exploit PoC
Discovered by [...]

AT&T says it won’t interfere with a highly anticipated talk on intercepting cell phone calls at the Black Hat conference this week, even though rumors are circulating that it will do just that.
Last week, hacker Chris Paget said he plans to demonstrate how to set up what’s essentially a fake cell tower that lets him [...]

A hacker group known as the Ninjas has created what may be the best DefCon badge ever. The badge allows wireless ninja battle between badge holders. Unlike the official badge, attendees canâ??t buy this one: itâ??s free.
DefCon, the worldâ??s largest hacker convention, is more than just a group of hackers getting together to exchange the [...]

Neo-Nazis have hacked into Germany’s Buchenwald concentration camp website, defacing it and redirecting visitors to a revisionist site, the camp’s memorial foundation director said on Wednesday.
The internet vandals hijacked the welcome page at www.buchenwald.de, in remembrance of victims of one of the largest and most notorious concentration camps on German soil in World War II, [...]

US, Spanish and Slovenian law enforcement authorities on Wednesday announced the arrest of the suspected creator of the "Mariposa Botnet," a vast network of virus-infected computers used by criminal hackers.
The suspect, a 23-year-old Slovenian citizen identified only as "Iserdo," was arrested by Slovenian police last week, the FBI, the Slovenian Criminal Police and the Spanish [...]

Dell on Wednesday beefed up its security offerings with new hardware and services, which could help the company to strike more long-term service engagements with customers.
The security offerings are part of a new product portfolio targeted at medium-sized businesses, Dell said. The portfolio brings together security management, deployment and vulnerability assessment tools to protect data [...]

Apple released an update to its Safari web browser Wednesday. Safari 5.0.1 is available from Apple as a free download for Windows and for Mac OS X (Leopard or better). Mac users can also find it in Software Update.
This is an incremental upgrade, but it comes with one big new feature: Safari now has a [...]