Search results

########################################################################################### # Exploit Title: Bigace CMS CSRF - Adding an admin account # Date: 2013 29 July # Exploit Author: Yashar shahinzadeh # Credit goes for: ha.cker.ir # Vendor Homepage: http://www.bigace.de/ # Tested on...

--------------------------------------------------------------------------------- vtiger CRM <= 5.4.0 (customerportal.php) Two Local File Inclusion Vulnerabilities --------------------------------------------------------------------------------- [-] Software Link: http://www.vtiger.com/...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [x] Type: SQL Injection [x] Vendor: www.telmanik.com [x] Script Name: Telmanik CMS Press [x] Script Version: 1.01b [x] Script DL: http://www.telmanik.com/download/Telmanik_CMS_Press/1.01_beta/telmanik_cms_press_v1.01_beta.zip [x] Author: Anarchy Angel [x]...

Multiple vulnerabilities on D-Link DIR-645 devices ================================================== [ADVISORY INFORMATION] Title: Multiple vulnerabilities on D-Link DIR-645 devices Discovery date: 06/03/2013 Release date: 02/08/2013 Advisory URL...

Trustwave SpiderLabs Security Advisory TWSL2013-023: Lack of Web and API Authentication Vulnerability in INSTEON Hub Published: 8/01/13 Version: 1.0 Vendor: INSTEON (http://www.INSTEON.com/) Product: Hub Version affected: 2242-222 (model discontinued) Product description: Home automation...

Trustwave SpiderLabs Security Advisory TWSL2013-019: Multiple Vulnerabilities in MiCasaVerde VeraLite Published: 08/01/13 Version: 1.0 Vendor: MiCasaVerde (http://www.micasaverde.com/) Product: VeraLite Version affected: 1.5.408 Product description: The MiCasaVerde VeraLite is the budget...

# Exploit Title: TEC-IT TBarCode OCX ActiveX Control (TBarCode4.ocx 4.1.0 ) dos poc # Date: 29.7.2013 # Exploit Author: d3b4g # Vendor Homepage:http://www.tec-it.com/en/start/Default.aspx # Software Link: http://www.tec-it.com/en/start/Default.aspx # Tested on: Windows XP SP3 Exception...

#!/usr/bin/env python #================================================================# # [+] Title: EchoVNC Viewer Remote DoS Vulnerability # # [+] Discovered: 29/07/2013 # # [+] Software Vendor: http://sourceforge.net/projects/echovnc/ # # [+]...

[Hebrew] Digital Whisper Security Magazine #44 Link PDF: http://www.exploit-db.com/wp-content/themes/exploit/docs/27280.pdf

Phishing and Social Engineering Techniques 2.0 Ahmed Mohamed May 22, 2013 This is the second part of the phishing and social engineering techniques series. In the first article, we have discussed what phishing is, as well as different types of phishing. We made a demo of a phishing attack...

SyScan 2013, Bochspwn paper and slides (Collaborative post by Mateusz “j00ru” Jurczyk and Gynvael Coldwind) A few days ago we (Gynvael and I) gave a talk during the SyScan’13 conference in the fine city of Singapore, and as promised (though with a slight delay), today we are publishing both...

JDWP Exploitation Authored by prdelka This is a whitepaper discussing arbitrary java code execution leveraging the Java Debugging Wire Protocol (JDWP). JDWP Arbitrary Java Code Execution Exploitation =============================================== Java Debugging Wire Protocol (JDWP) is the...

Description: The bash shell is a complete programming language, not merely a glue to combine external Linux commands. By taking full advantage of shell internals, shell programs can perform as snappily as utilities written in C or other compiled languages. And you will see how, without assuming...

Anatomy of BIOS Security Albert Fruz July 31, 2013 Introduction Computer security has become much harder to manage in recent years, and this is due to the fact that attackers continuously come up with new and more effective ways to attack our systems. As attackers become increasingly...

There’s an on-going debate in the IT field about whether or not you need certifications or degrees to advance in your career. Frankly, it would be easier to answer the chicken and egg problem! Most of the time people will answer “it depends.” But there are good reasons why the answer differs...

Why Audit? Harriet Beecher Stowe is credited with the quote “Human nature is above all things lazy” – while I prefer to think of myself as ‘efficient’ rather than lazy I think the principle is sound. When faced with the choice of executing a task in a difficult or simple way (with no difference...

Pharming Attack Ahmed Mohamed August 01, 2013 Internet usage is growing dramatically, but the vast majority of Internet users don’t have security backgrounds. Nor do a large majority of companies care about information security and the possible severity of any attack that could harm valuable...

Anti-debugging and Anti-VM techniques and anti-emulation D12d0x34X August 01, 2013 These days malware is becoming more advanced. Malware Analysts use lots of debugging software and applications to analyze malware and spyware. Malware authors use some techniques to detect the presence of...

Recon-ng Framework A Quick Intro Recon-ng is an open-source framework coded in python by Tim Tomes a.k.a LaNMaSteR53. Its interface is modeled after the look of the Metasploit Framework but it is not meant for exploitation or for spawning a meterpreter session or a shell, it is for web-based...

Earlier this year, Bluebox Security announced that they had found a bug in Android that could be used to modify the contents of any application package (including ones distributed as part of the system software) without affecting the attached cryptographic signatures; details to be disclosed...