Information Security News and Exploits

Providing you with Security News and Exploits from all over the web.

Entries for April, 2011

[local exploits] – KMPlayer <=2.9.x (.kpl) Stack Buffer Overflow (meta)

Apr.30, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – PulseCMS Basic <= 1.3_Get.Pro (RFD/UF/XSS) Vulnerabilities

Apr.30, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – Caravel <= 3.4 Multiple Upload Vulnerability

Apr.30, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – CitusCMS <= 0.6 Download Backup Vulnerability

Apr.30, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – jojoCMS <= 1.0rc2 File Upload Vulnerability

Apr.30, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – Nuke_Evolution_Xtreme <= 2.0 Multiple Upload Vulnerability

Apr.30, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – Nuke_Evolution_Xtreme <= 2.0 (SQLi/LFI) Vulnerabilities

Apr.30, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – SaurusCMS <=upd 4.7.1 (editor) Multiple RFI Vulnerabilities

Apr.30, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – Rightnow’s => Auth Bypass Vulnerability (Shell Upload)

Apr.30, 2011 in Exploits

~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KaCaK
[~] Contact : kacak@live.se
[~] HomePage : http://secureb0x.blogspot.com , http://griadamlar.com
[~] Greetz : KnockOut , Mus4llat , Technical and All My Friends
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Madni Designers Web Portal
|~Price : Price
|~Version : N/A
|~Software: http://www.rightnow.co.nz
|~Vulnerability Style : Auth Bypass // File Uploaded
Google Dork :
"Powered by Rightnow’s"
———————————————————–
Tested on: http://www.rightnow.co.nz
Not Security of Admin Panel
—————————————————-
http://www.rightnow.co.nz/manage
Username : [...]

Leave a Comment

[webapps / 0day] – Publishing technology <= BLIND SQL Injection Vulnerabilities

Apr.30, 2011 in Exploits

============================================================
Publishing technology <= BLIND SQL Injection Vulnerabilities
============================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – html_edit CMS <= 3.1.9 Multiple Vulnerabilities

Apr.30, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – ATutor <= 2.0.2 Upload File Vulnerability

Apr.30, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – AlegroCart <= 1.2.5 (FCKeditor) Upload File / SQL Injection Vulnerability

Apr.30, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – Rightnow’s Catalogue Manager => Blind SQL Injection Vulnerability

Apr.30, 2011 in Exploits

===========================================================================
# Exploit Title: Rightnow’s Catalogue Manager => Blind SQL Injection
Vulnerability
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia@hotmail.com
# Category:: webapps
# Google dork: Powered by Rightnow’s Catalogue Manager
# Tested on: [Windows Vista Edition Intégrale]
################
[*] ## ExPLo!T:
# http://127.0.0.1/galleryitem.asp?ID=26&GalleryID=3+and+1=1– [True]
# http://127.0.0.1/galleryitem.asp?ID=26&GalleryID=3+and+1=2– [...]

Leave a Comment

[webapps / 0day] – Ariadne <= 2.7.4 Multiple Upload Vulnerability

Apr.30, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – Artologics Software <= Multiple Vulnerability

Apr.30, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – ShelTec Inc. (news.php & news_*.php) => SQL Injection Vulnerability

Apr.30, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – ConnectPlatform <= Remote (blog.cgi) Based SQL Injection

Apr.30, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – PHPDirector 0.30 <= Insecure Cookie Handling Exploit

Apr.30, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – eyeOS <= 1.9.0.2 Stored XSS Vulnerability Using Image Files

Apr.30, 2011 in Exploits

Title: eyeOS <= 1.9.0.2 Stored XSS vulnerability using image files
Product: eyeOS <= 1.9.0.2
Author: Alberto Ortega @a0rtega alberto[at]pentbox[dot]net
http://securitybydefault.com/
- Summary:
A stored XSS vulnerability using image files (jpg, png, gif tested) affects to
eyeOS 1.9.0.2 version, older versions are probably affected too. eyeOS 2.x
branch doesn’t seem to be affected.
- Attack vector:
eyeOS is a virtual desktop where you can store [...]

Leave a Comment