Information Security News and Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>PunBB &lt;= 1.3.4 Pun_PM &lt;= v1.2.6 Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================================
PunBB &lt;= 1.3.4 Pun_PM &lt;= v1.2.6 Blind SQL Injection Vulnerability
=================================================================
#!/usr/bin/perl
# [0-Day] PunBB &lt;= 1.3.* Package: Pun_PM &lt;= v1.2.6 Remote Blind SQL Injection Exploit
# Author/s: Dante90, WaRWolFz Crew
# Created: [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>EggBlogg 4.1 &lt;= LFI Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================
EggBlogg 4.1 &lt;= LFI Vulnerability
=================================
# Exploit Title: EggBlogg 4.1 &lt;= LFI
# Date: 28 luglio 2010
# Author: Anti Sec
# Software Link: http://eggblog.net/
# Version: 4.1
# Google dork : Eggblogg
# Platform / Tested on: Slackware 13.1
# [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Zemana AntiLogger AntiLog32.sys &lt;= 1.5.2.755 Local Privilege Escalation</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================================================
Zemana AntiLogger AntiLog32.sys &lt;= 1.5.2.755 Local Privilege Escalation
=======================================================================
Zemana AntiLogger AntiLog32.sys &lt;= 1.5.2.755 Local Privilege Escalation Vulnerability
VULNERABLE PRODUCTS
Zemana AntiLogger &lt;=1.9.2.2.206
DETAILS:
AntiLog32.sys create a device called DeviceAntiLog32 , and handles DeviceIoControl request IoControlCode [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Apache Tomcat &lt; 6.0.18 UTF8 Directory Traversal Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================================
Apache Tomcat &lt; 6.0.18 UTF8 Directory Traversal Vulnerability
=============================================================
/*Apache Tomcat &lt; 6.0.18 UTF8 Directory Traversal Vulnerability get /etc/passwd Exploit
c0d3r: mywisdom
thanks for not being lame to change exploit author
tis is one of [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component PBBooking 1.0.4_3 Multiple Blind SQL Injection</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================================
Joomla Component PBBooking 1.0.4_3 Multiple Blind SQL Injection
===============================================================
PBBooking 1.0.4_3 Joomla Component Multiple Blind SQL Injection
Name PBBooking
[...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Whizzy CMS 10.02 Local File Inclusion Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================================
Whizzy CMS 10.02 Local File Inclusion Vulnerability
===================================================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[x] Type: Local File Inclusion
[x] Vendor: www.unverse.net
[x] Script Name: Whizzy CMS
[x] Script Version: 10.02
[x] Script DL: http://code.google.com/p/whizzy/downloads/list
[x] Author: Anarchy Angel
[x] Mail : anarchy[dot]ang31@gmail[dot]com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit:
http://site.org/?[LFI]
Ex:
http://site.org/?../../../../../../../etc/passwd
This is a [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>osCSS 1.2.1 Changer Login and Pass CSRF Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=====================================================
osCSS 1.2.1 Changer Login and Pass CSRF Vulnerability
=====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Oscommerce Max v2.0.25 Changer Login and Pass CSRF Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================================
Oscommerce Max v2.0.25 Changer Login and Pass CSRF Vulnerability
================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ezRESERVATION Remote File Upload / File Disclosure</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==================================================
ezRESERVATION Remote File Upload / File Disclosure
==================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ezRESERVATION Changer Login and Pass CSRF Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================================
ezRESERVATION Changer Login and Pass CSRF Vulnerability
=======================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ezRESERVATION by Pass / Creat and Download Backup Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================================
ezRESERVATION by Pass / Creat and Download Backup Vulnerability
===============================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>EZ-Oscommerce 3.1 Remote File Upload / File Disclosure</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>======================================================
EZ-Oscommerce 3.1 Remote File Upload / File Disclosure
======================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>EZ-Oscommerce 3.1 Changer Login and Pass CSRF Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===========================================================
EZ-Oscommerce 3.1 Changer Login and Pass CSRF Vulnerability
===========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ezAPPAREL Changer Login and Pass CSRF Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================================
ezAPPAREL Changer Login and Pass CSRF Vulnerability
===================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>EZ-Oscommerce 2.1 Changer Login and Pass CSRF / File Disclosure</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================================
EZ-Oscommerce 2.1 Changer Login and Pass CSRF / File Disclosure
===============================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

With 500 million users offering up reams of personal data and ever-shifting and confusing privacy policies, Facebook is a tempting target for phishing and other nefarious activities. And itâ??s no wonder given the companyâ??s attitude to security. When hackers find vulnerabilities in the service, donâ??t expect any help from Facebook, which has adopted a â??blame [...]

In a city filled with slot machines spilling jackpots, it was a â??jackpottedâ? ATM machine that got the most attention Wednesday at the Black Hat security conference, when researcher Barnaby Jack demonstrated two suave hacks against automated teller machines that allowed him to program them to spew out dozens of crisp bills.
The demonstration was greeted [...]

Digital copiers pose security risks that companies may not appreciate, especially smaller firms without dedicated information-security staff. But what the greatest threat is, and how high the relative risk levels are, are matters of current debate.
The issue has received a lot of attention since April, when the CBS Evening News ran a report on it. [...]

Many developers and users of Apple’s iOS devices bemoan the "walled garden" of the App Store approval process, but it appears that the company’s measures have prevented mass data theft from iPhones, and iPads.
At the Black Hat security conference being held in Las Vegas this week, mobile security firm Lookout announced that an app distributed [...]

If an international cyber-war were ever to destroy the internet as we know it, the seven chosen ones have been tasked to revive it.
Seven individuals across the world now hold the safety of the internet in their hands. Should the internet ever be taken down by cyber-terrorists, these guardians are now in possession of keycards [...]