Search the Community

Pentru Android am gasit appmakr[.]com Ceea ce vreau este sa introduc in ios store si android store o aplicatie care odata downloadata si deschisa sa iti dea un redirect direct catre un site Clientul meu are un site de nunti (exemplu), si vrea ca sa poata downloada lumea aplicatia care sa-i duca direct pe site odata deschisa, simplu. Astept orice sfat. Multumesc +rep

The takeover of the SourceForge account for the Windows version of the open-source GIMP image editing tool reported by Ars last week is hardly the first case of the once-pioneering software repository attempting to cash in on open-source projects that have gone inactive or have actually attempted to shut down their SourceForge accounts. Over the past few years, SourceForge (launched by VA Linux Systems in 1999 and now owned by the tech job site company previously known as Dice) has made it a business practice to turn abandoned or inactive projects into platforms for distribution of "bundle-ware" installers. Despite promises to avoid deceptive advertisements that trick site visitors into downloading unwanted software and malware onto their computers, these malicious ads are legion on projects that have been taken over by SourceForge's anonymous editorial staff. SourceForge's search engine ranking for these projects often makes the site the first link provided to people seeking downloads for code on Google and Bing search results. And because of SourceForge's policies, it's nearly impossible for open-source projects to get their code removed from the site. SourceForge is, in essence, the Hotel California of code repositories: you can check your project out any time you want, but you can never leave. Finders, keepers As Ars reported, SourceForge posted a statement on the service's blog last week contending that GIMP had abandoned their project, and the site's team had merely picked up the account to maintain it under their "mirror" program for open source and free software projects. But the company did admit that it wrapped the GIMP installer on its site with a Web installer offering commercial software packages to get revenue out of the downloads. For some developers who post code to SourceForge, the adware offering bundles around downloads are welcome. In 2013, the FileZilla project's lead developer Tim Kosse authorized SourceForge to put an offer-producing installer around the project's download file. When someone expressed concern about the adware installer in the FileZilla forum, Kosse replied, "This is intentional. The installer does not install any spyware and clearly offers you a choice whether to install the offered software." He added that an unbundled installer was still available on FileZilla's official download page. FileZilla was an early participant in DevShare, SourceForge's revenue sharing plan for open-source developers. It was supposed to be opt-in only. By allowing SourceForge to wrap downloads in a Web installer that offered up to three different software bundles, open-source projects could generate some cash to support development. But GIMP never enrolled in DevShare—SourceForge foisted the adware on the project's Windows installer after taking over the project's page. On Sunday, the GIMP team issued an official statement through Michael Schumacher, a maintainer of the GIMP website. It said that the GIMP team was never informed of what SourceForge was going to do. "This was done without our knowledge and permission, and we would never have permitted it," Schumacher wrote. Furthermore, he noted, the move broke a promise SourceForge made in November 2013: "We want to reassure you that we will never bundle offers with any project without the developers consent." Schumacher said that "SourceForge are abusing the trust that we and our users had put into their service in the past. We don't believe that this is a fixable situation. Even if they promise to adhere to the set of guidelines outlined below, these promises are likely to become worthless with any upcoming management change at SourceForge. However, if SourceForge's current management are willing to collaborate with us on these matters, then there might be a reduction in the damage and feeling of betrayal among the Free and Open Source Software communities." One way to fix things, Schumacher said, would be for SourceForge to "provide a method for any project to cease hosting at any SourceForge site if desired, including the ability to: completely remove the project and URLs permanently, and not allow any other projects to take its place; remove any hosted files from the service, and not maintain mirrors, serving installers or files differing from those provided by the project or wrap those in any way; [and] provide permanent HTTP redirects (301) to any other location as desired by the project. This is not unreasonable to expect from a service that purports to support the free software community." However, SourceForge's current policy makes pulling a project from the site almost impossible: A little something extra GIMP left SourceForge in part because of what Schumacher called "the invasion of the big green 'Download' button ads." Those ads, which SourceForge promised to make an effort to block from download pages, appear on nearly every one of the downloads for "mirrored" open-source projects either established or taken over by SourceForge's staff. SourceForge isn't alone in hosting these deceptive advertisements that try to fool site visitors into downloading something a little extra. CNET's Downloads.com and other download-focused sites also mirror popular open-source and free software to generate advertising revenue and promote software bundles, and they often include ads with "Download" buttons that are totally unrelated to the software the visitor is seeking. And while many legitimate applications are offered through accompanying downloads on those sites, the ads often deliver software that is of questionable value at best—and malware at worst. But those other sites don't have the same open-source heritage that SourceForge's name carries. Launched in 1999 by the company then known as VA Research (and shortly after as VA Linux Systems), SourceForge was the original open community development platform. The software behind SourceForge became an enterprise product as well. By 2007, even the Department of Defense had embraced it to set up the original Forge.mil at the Defense Information Systems Agency—a way for the military's developers to create military development communities around shared projects, even classified ones. The enterprise version of SourceForge was sold off to CollabNet in April of 2007. And as competition rose from other source code repositories—chiefly from GitHub, which by January of 2013 had more than five million project repositories—many projects began to abandon SourceForge. The service's character seemed to shift after its sale by Geeknet (along with Slashdot and Freecode) to Dice Holdings for $20 million in September 2012, and that company instead focused on the retail site ThinkGeek. (Update: Geeknet is on track to be acquired by GameStop, after Gamestop outbid Hot Topic. This story originally reported the proposed acquisition by Hot Topic from last week.) The GIMP-Windows project is still active on SourceForge, and it is still packaged with the bundle-offer installer. Update: SourceForge now says that it will discontinue this practice for all "abandoned" projects, and only offer the advertisement-loaded installer as an opt-in for active project developers. Source

Salut, lucrez de cateva saptamani la un marketplace, in care oricine se poate inregistra si vinde produse digitale prin bitcoin. mai am cateva saptamani de lucru, la seo, si alte functii. totusi intre timp as fi curios daca am facut greseli mari la securitate, sunt un programator de nivel mediu 2,3 anni experienta, pentru asta apelez la voi, nu am foarte multi bani la dispozitie, totusi pun la bataie 100 usd bitcoin pentru acest concurs. site : Simple Flask app with local Captcha user : admin pass : admin Siteul foloseste database remote, uneori o sa va dea erroare, rezolvarea e sa dati un refresh. Nu luati in considerare designul siteului o sa fie facut la sfarsit. Orice sfat sau ideee este bine venit. Va multumesc, Cu respect Ionut edit : As fi recunoscator daca imi ziceti, am incercat aia si aia dar fara success siteul e ok. Maresc miza la 500 usd ..

Dau un site spre administrare la cineva care se poate ocupa de el. Host platit pe 1 an , domeniu 5 ani + pachet seo de la godaddy. Domeniu in PM!

am scanat si eu un site pana mia dat urmatorul txt cu numele adminlogin cu continut: {"v":1,"csrf":"XaKb4QYbMAQR4kg3UtvAeaUp4wy_L9c7Ktlv4sodC2k"} Nimeni cu o ideie si pt mine

Stie cineva un program de picat resurse la site-uri de ex dai flood si apare cand intri pe site ceva de genul ca numai are resurse

Ma intereseaza acest site kapye.ro o copie a lui, apoi modific eu css-ul. Pret PM.

site de cpa care plateste, viraladmedia or sa bage si plata prin bitcoin.

Cumpar site filme. Lasati aici link & pret.

Salut , am si eu nevoie de un site informativ , este vorba de o firma de centrale . Doar doar HTML , o pagina simpla , in mijloc niste poze ceva , si o pagina de contact etc. Pentru detalii contact alin.oanta21 skype. alin_alin2009k@yahoo.com - Mail

Am un site pe nisa adult (site nou creat) imi puteti recomanda niste directoare/backlink-uri sau orice alta metoda de promovarea a site-ului ? Sau puteti sa imi recomandati un site care sa imi aduca vizitatori (site-uri gen ppc) dar cu plata prin btc. PS: Nu vreau promovare pe retelele de socializare sau adsense Vreau trafic din romania

Salut, De unde pot cumpara reclama pentru un site de matrimoniale?

Salut, cred ca o sa va para cam absurda ideea pe care o am dar merita incercat, am nevoie de un crypter care sa fie FUD si sa fie folosit doar de persoanele care participa. M-am gandit ca, cineva care stie, sa faca un crypter FUD, iar eu sa fac un site unde prezentam crypterul si m-am gandit sa facem un site in care cryptam fisierele celor care vor contra unei valori. Costurile ar fi impartite, cel care face crypterul nu trebuie sa faca aproape nimic, eu voi plati hostul pentru site. Cine este interesat ? Astept pareri din partea voastra. Multumesc!

//

Title: Stored XSS Vulnerability in Add Link to Facebook Wordpress Plugin Author: Rohit Kumar Plugin Homepage: http://wordpress.org/extend/plugins/add-link-to-facebook/ Severity: Medium Version Affected: Version 1.215 and mostly prior to it. Version Tested: Version 1.215 Version Patched : 1.215 Description: Vulnerable Parameter 1. App ID 2. App Secret 3. Custom Picture URL 4. Default Picture URL 5. URL News Feed Icon About Vulnerability This plugin is vulnerable to Stored Cross Site Scripting Vulnerability. This issue was exploited when user accessed to Add Link to Facebook Settings in Wordpress with Administrator privileges. A malicious administrator can hijack other users sessions, take control of another administrators browser or install malware on their computer. Vulnerability Class: Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)) Steps to Reproduce: After installing the plugin: Goto Settings All in One Facebook Input this payload in App ID :- ><script>alert(1)</script> Click on the Save button. After reloading the page you will see a Pop Up Box with 1 written on it. Reload the page again to make sure its stored. Change Log https://wordpress.org/plugins/add-link-to-facebook/changelog/ Disclosure 09th March 2015 Source: http://packetstorm.wowhacker.com/1504-advisories/wpfacebook-xss.txt

Document Title: =============== PayPal Inc Bug Bounty #113 - Client Side Cross Site Scripting Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1453 Video: http://www.vulnerability-lab.com/get_content.php?id=1454 View: https://www.youtube.com/watch?v=v5egy9V_Bs0 Release Date: ============= 2015-04-18 Vulnerability Laboratory ID (VL-ID): ==================================== 1453 Common Vulnerability Scoring System: ==================================== 3.4 Product & Service Introduction: =============================== PayPal is a global e-commerce business allowing payments and money transfers to be made through the Internet. Online money transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money orders. Originally, a PayPal account could be funded with an electronic debit from a bank account or by a credit card at the payer s choice. But some time in 2010 or early 2011, PayPal began to require a verified bank account after the account holder exceeded a predetermined spending limit. After that point, PayPal will attempt to take funds for a purchase from funding sources according to a specified funding hierarchy. If you set one of the funding sources as Primary, it will default to that, within that level of the hierarchy (for example, if your credit card ending in 4567 is set as the Primary over 1234, it will still attempt to pay money out of your PayPal balance, before it attempts to charge your credit card). The funding hierarchy is a balance in the PayPal account; a PayPal credit account, PayPal Extras, PayPal SmartConnect, PayPal Extras Master Card or Bill Me Later (if selected as primary funding source) (It can bypass the Balance); a verified bank account; other funding sources, such as non-PayPal credit cards. The recipient of a PayPal transfer can either request a check from PayPal, establish their own PayPal deposit account or request a transfer to their bank account. PayPal is an acquirer, performing payment processing for online vendors, auction sites, and other commercial users, for which it charges a fee. It may also charge a fee for receiving money, proportional to the amount received. The fees depend on the currency used, the payment option used, the country of the sender, the country of the recipient, the amount sent and the recipient s account type. In addition, eBay purchases made by credit card through PayPal may incur extra fees if the buyer and seller use different currencies. On October 3, 2002, PayPal became a wholly owned subsidiary of eBay. Its corporate headquarters are in San Jose, California, United States at eBay s North First Street satellite office campus. The company also has significant operations in Omaha, Nebraska, Scottsdale, Arizona, and Austin, Texas, in the United States, Chennai, Dublin, Kleinmachnow (near Berlin) and Tel Aviv. As of July 2007, across Europe, PayPal also operates as a Luxembourg-based bank. On March 17, 2010, PayPal entered into an agreement with China UnionPay (CUP), China s bankcard association, to allow Chinese consumers to use PayPal to shop online.PayPal is planning to expand its workforce in Asia to 2,000 by the end of the year 2010. (Copy of the Homepage: www.paypal.com) [http://en.wikipedia.org/wiki/PayPal] Abstract Advisory Information: ============================== An independent Vulnerability Laboratory researcher discovered a client-side cross site scripting web vulnerability in the official PayPal Inc online service web-application. Vulnerability Disclosure Timeline: ================================== 2014-12-30: Researcher Notification & Coordination (Milan A Solanki) 2014-12-31: Vendor Notification (PayPal Inc - Bug Bounty Team) 2015-01-08: Vendor Response/Feedback (PayPal Inc - Bug Bounty Team) 2015-01-15: Vendor Fix/Patch (PayPal Inc - Developer Team) 2015-04-18: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== PayPal Inc Product: PayPal - Online Service Web Application 2015 Q2 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A non persistent cross site scripting web vulnerability has been discovered in the official PayPal Inc online service web-application. The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions data by client-side manipulated cross site requests. The vulnerability is located in the `q` values of the merchant search module. Remote attackers are able to inject own script codes to the vulnerable GET method request of the merchant search module. The attack vector of the vulnerability is located on the client-side of the paypal online service web-application. The request method to inject the script code on client-side is `GET`. The injection point of the issue is the vulnerable `q` value in the search engine and the script code execution point is located in the results output context page. The security risk of the non-persistent input validation web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.4. Exploitation of the client-side cross site scripting web vulnerability requires low user interaction (click) and no privileged application user account. Successful exploitation results in client-side account theft by hijacking, client-side phishing, client-side external redirects and non-persistent manipulation of affected or connected service modules. Request Method(s): [+] GET Vulnerable Service(s): [+] PayPal Inc (paypal.com) Vulnerable Module(s): [+] Merchant Search Vulnerable Parameter(s): [+] q Affected Section(s): [+] Merchant Search Results Proof of Concept (PoC): ======================= The client-side cross site scripting web vulnerability can be exploited by remote attackers without privileged application user account and with low user interaction (click). For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. PoC: Example https://www.paypal.com/directory/merchants?q=directory/merchants?q=&q=q=directory/merchants?q=&q=[CROSS SITE SCRIPTING VULNERABILITY!] PoC: Payload(s) https://www.paypal.com/directory/merchants?q=directory/merchants?q=&q=q=directory/merchants?q=&q=%22%3E%3Cimg%20src=x%20onerror=prompt%28document.domain%29%3E https://www.paypal.com/directory/merchants?q=directory/merchants?q=&q=q=directory/merchants?q=&q=%22%3E%3Ciframe%20src=x%20onerror=prompt%28document.cookie%29%3E Reference(s): https://www.paypal.com/directory/merchants?q=directory/merchants?q= https://www.paypal.com/directory/merchants?q=directory/merchants?q=&q=q=directory/merchants?q=&q= Solution - Fix & Patch: ======================= 2015-01-15: Vendor Fix/Patch (PayPal Inc - Developer Team) Security Risk: ============== The security risk of the client-side cross site scripting web vulnerability in the `q` merchant search value is estimated as medium. (CVSS 3.4) Credits & Authors: ================== Milan A Solanki - (milans812@gmail.com) [www.safehacking4mas.blogspot.in] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/ Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright Š 2015 | Vulnerability Laboratory - [Evolution Security GmbH]â? -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com CONTACT: research@vulnerability-lab.com PGP KEY: http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt Source: http://packetstorm.wowhacker.com/1504-exploits/VL-1453.txt

salut tuturor, as dori si eu samtiu daca se merita sa investes intr-un astfel de site. un design frumos, filme la calitate 420/720p la un plan free, si 1080p la un plan platit pe zi/saptamana/luna. Vizitatori fideli nu cred ca e greu sa fac rost de ei, filme 2013/2014/2015. cam cate cuvinte ar trebuii in descriere pentru un seo corespunzator? cam cat ar costa un script cu form securizat de plata, cu planurile free\premium si un design frumos?

Vreau sa imi deschid un site si nu m-am decis de care. Site filme online sau site filme porn. Cu care credeti ca as reusi sa am mai multi vizitatori si poate pe viitor sa scot si ceva bani?

Vreau s? creez un site, dar nu ?tiu despre ce, în special a? dorii ca site-ul s? fie pe un content care se indexeaz? u?or în google ?i dac? se poate s? scot ?i pu?in profit. Evident, cea mai bun? sugesti va fii r?spl?tit?.

Cum spune si titlul Da, vreau sa ajut . Daca ai de gand sa-ti faci un site pe una dintre aceste platforme si ai nevoie de ajutor , sunt aici sa te ajut . Gratis, ce plm . Am prea mult timp liber

Researchers at Malwarebytes have identified an attack campaign believed to be exploiting a vulnerability in a WordPress plugin. During the past few days, Malwarebytes detected multiple WordPress sites injected with a malicious iframe. The iframe redirects victims to a phony version of The Pirate Bay site. Once there, victims are served the Nuclear exploit kit via a drive-by download attack. "This exploit kit targets most browser plugins but it focuses in particular on the Flash Player which was affected by no less than three zero days in the span of a month," said Jerome Segura, senior security researcher at Malwarebytes Labs. According to Segura, Malwarebytes does not have the exact numbers of how many sites are impacted. However, he said the attack appears to be a specific or targeted campaign. As of this afternoon, the phony site is still up. "And I can add something that I didn't mention originally, in that the site does not index real torrent results but rather pushes a program, maybe to collect affiliate kickbacks," he said. "We believe it has to do with a WordPress plugin rather than the CMS itself," Segura noted. "We have seen similar attacks in recent months taking advantage of the RevSlider Plugin and this could be linked to it." "Once the vulnerability has been exploited, the bad guys usually upload backdoors and shells designed to not only maintain control of the compromised website but also alter its core files, such as injecting iframes," he added. WordPress is one of the most popular - and most targeted - content management systems. In the case of the RevSlider attack, more than 100,000 WordPress websites were found to have been compromised. Segura suggested anyone running WordPress make sure their site and plugins are fully patched, and recommended people not log into their site from unsecure access points such as public Wi-Fis. The attack is ongoing, Segura said. Sursa: Cloned Pirate Bay Site Serving Malware | SecurityWeek.Com

Cumpar siteuri filme pana in 800 euro. P.M. cu site care are, rank etc.

S-a deschis un nou site de socializare aproape identic cu FACEBOOK, doar ca acesta te plateste ori de cate ori primesti un like,coment , postezi sau dai share Site-ul e deschis nou si deocamdata iti trebuie o invitatie ca sa iti poti face cont dar deja are milioane de utilizatori, devenind viral in mai putin de o luna. Vino si tu pe TSU si invita-ti prietenii Aici aveti invitatia cu ref far ref Ce parere aveti despre acest site?

Advisory ID: SGMA15-001 Title: DokuWiki persistent Cross Site Scripting Product: DokuWiki Version: 2014-09-29c and probably prior Vendor: www.dokuwiki.org Vulnerability type: Persistent XSS Risk level: Medium Credit: Filippo Cavallarin - segment.technology CVE: N/A Vendor notification: 2015-03-18 Vendor fix: 2015-03-19 Public disclosure: 2015-03-23 Details DokuWiki version 2014-09-29c (and probably prior) is vulnerable to Persistent Cross Site Scriptng in the admin page. An attacker may use this vulnerability to execute javascript in the context of a logged admin user. Since the vulnerable page has forms with the CSRF token (the same for all requests), a full backend compromise may be possible. To successfully exploit this vulenrability an attacked must: 1. have an account on the target site 2. trick and admin to visit a link or to edit user account Proof of concept: 1. change your account real name to: my name" autofocus onfocus="alert('code executed') 2. login as admin and try to edit the user profile from User Manager Solution Apply the latest hotfix from vendor's site References https://www.dokuwiki.org/ https://github.com/splitbrain/dokuwiki/issues/1081 Filippo Cavallarin https://segment.technology Source

one.com Abuse Department Thank you for reporting this issue. The account has been suspended pending further investigation. Cand intru pe crackinghood - This site has been temporarily disabled, please try again later. @crackerboy - te-am pupat Cu toata dragostea ><