Tags archives: security

 

0

Simple PHP Agenda 2.2.8 SQL Injection

============================================= WEBERA ALERT ADVISORY 02 – Discovered by: Anthony Dubuissez – Severity: high – CVE Request – 05/06/2013 – CVE Assign – 06/06/2013 – CVE Number – CVE-2013-3961 – Vendor notification – 06/06/2013 – Vendor reply – 10/06/2013 – Public disclosure – 11/06/2013 =============================================   I. VULNERABILITY ————————- iSQL in php-agenda <= 2.2.8   II. [...]

 

0

Libretto CMS 2.2.2 Shell Upload

# Exploit Title : LibrettoCMS 2.2.2 Malicious File Upload # Date : 14 June 2013 # Exploit Author : CWH Underground # Site : www.2600.in.th # Vendor Homepage : http://libretto.artwebonline.com/ # Software Link : http://jaist.dl.sourceforge.net/project/librettocms/librettoCMS_v.2.2.2.zip # Version : 2.2.2 # Tested on : Window and Linux   ,–^———-,——–,—–,——-^–, | ||||||||| `——–’ | O .. CWH [...]

 

0

Linux perf_swevent_init Local Root

/* * CVE-2013-2094 exploit x86_64 Linux < 3.8.9 * by sorbo (sorbo@darkircop.org) June 2013 * * Based on sd’s exploit. Supports more targets. * */   #define _GNU_SOURCE #include <string.h> #include <stdio.h> #include <unistd.h> #include <stdlib.h> #include <stdint.h> #include <sys/syscall.h> #include <sys/mman.h> #include <linux/perf_event.h> #include <signal.h> #include <assert.h>   #define BASE 0×380000000 #define BASE_JUMP 0×1780000000 [...]

 

0

WordPress NextGEN Gallery 1.9.12 Shell Upload

##############################################################     – S21Sec Advisory –     ##############################################################   Title: NextGEN Gallery 1.9.12 Arbitrary File Upload ID: S21SEC-046-en CVE ID: CVE-2013-3684 Severity: High Status: Fixed History: 27.May.2013 Vulnerability discovered 28.May.2013 Vendor informed 12.Jun.2013 Fix released Authors: Marcos Agüero (maguero@s21sec.com) URL: http://www.s21sec.com/images/labs/advisories/s21sec-046-en.txt Release: Public     [ SUMMARY ]   NextGEN Gallery is a [...]

 

0

NanoBB 0.7 Cross Site Scripting / SQL Injection

# Exploit Title : NanoBB 0.7 Multiple Vulnerabilities # Date : 10 June 2013 # Exploit Author : CWH Underground # Site : www.2600.in.th # Vendor Homepage : http://nanobb.sourceforge.net/ # Software Link : heanet.dl.sourceforge.net/project/nanobb/v0.7.zip # Version : 0.7 # Tested on : Window and Linux   ,–^———-,——–,—–,——-^–, | ||||||||| `——–’ | O .. CWH Underground [...]

 

0

MaxForum 2.0.0 Code Injection / LFI / Disclosure

# Exploit Title : MaxForum 2.0.0 Multiple Vulnerabilities # Date : 9 June 2013 # Exploit Author : CWH Underground # Site : www.2600.in.th # Vendor Homepage : http://sourceforge.net/projects/maxforum/ # Software Link : jaist.dl.sourceforge.net/project/maxforum/2.0.0/Max_v2.0.0.zip # Version : 2.0.0 # Tested on : Window and Linux   ,–^———-,——–,—–,——-^–, | ||||||||| `——–’ | O .. CWH Underground [...]

 

0

Resin Application Server 4.0.36 Cross Site Scripting

Resin Application Server 4.0.36 Cross-Site Scripting Vulnerabilities     Vendor: Caucho Technology, Inc. Product web page: http://www.caucho.com Affected version: Resin Professional Web And Application Server 4.0.36   Summary: Resin is the Java Application Server for high traffic sites that require speed and scalability. It is one of the earliest Java Application Servers, and has stood [...]

 

 

0

TESO Web 2.0 SQL Injection

============================================ TESO web 2.0 SQLInjection/ Blind SQLInjection   =============================================   I. VULNERABILITY ————————- #Title: TESO SQLInjection/ Blind SQLInjection #Vendor:http://www.tesoweb.com #Author:Juan Carlos García (@secnight) #Follow me http://www.highsec.es http://hackingmadrid.blogspot.com http://blogs.0verl0ad.com Twitter:@secnight Facebook:https://www.facebook.com/pages/ETHICAL-HACKING-Y-OL%C3%89-by-the-Face-WhiteHat/172393869485449?ref=tn_tnmn       II. DESCRIPTION ————————-   TESO is a powerful, free lets you take control of your money and your portfolio, both at home [...]