Jump to content

Search the Community

Showing results for tags 'vulnerable'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 20 results

  1. SPOILER is the newest speculative attack affecting Intel's micro-architecture. Researchers out of the Worcester Polytechnic Institute and University of Lubeck discovered this new speculative attack dubbed SPOILER, Speculative Load Hazards Boost Rowhammer and Cache Attacks. Intel was notified of this issue a few months ago but no software/hardware fix appears ready yet, while the researchers claim there might not be an effective software solution available at least anytime soon -- and any mitigation would likely come at a performance cost, as we've seen with Spectre and Meltdown over the
  2. The wireless industry continues to grow in leaps and bounds with more and more gadgets evolving to be wireless. Wireless access points, media centers, phones, and even security systems are commonplace in the average household. Unfortunately, the security that is implemented on this equipment is often lacking, opening the devices syto severe security vulnerabilities. In practice, many companies and organizations still use and deploy vulnerable wireless gear, often in their default configurations. This is most often due to poor security awareness or a lack of understanding of the risks and ramif
  3. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager def initialize(info = {}) super(update_info(info, 'Name' => 'Airties login-cgi Buffer Overflow', 'Description' => %q{ This module exploits a remote buffer overflow vulnerability on several Airties routers. The vulnerability exists in the handl
  4. ================================================================ CSRF/Stored XSS Vulnerability in Ad Buttons Plugin ================================================================ . contents:: Table Of Content Overview ======== * Title :CSRF and Stored XSS Vulnerability in Ad Buttons Wordpress Plugin * Author: Kaustubh G. Padwad * Plugin Homepage: https://wordpress.org/plugins/ad-buttons/ * Severity: HIGH * Version Affected: Version 2.3.1 and mostly prior to it * Version Tested : Version 2.3.1 * version patched: Description =========== Vulnerable Parameter -------------------- * Yo
  5. Hi Team, #Affected Vendor: https://www.php-fusion.co.uk/home.php #Date: 04/05/2015 #Creditee: http://osvdb.org/creditees/13518-vadodil-joel-varghese #Type of vulnerability: Persistent XSS + Clickjacking #Tested on: Windows 8.1 #Product: PHP Fusion #Version: 7.02.07 #1 Cross Site Scripting x-x-x-x-x-x-x-x-x-x-x-x- #Tested Link: http://localhost/PHPfusion/files/administration/custom_pages.php?aid=68bca08161175b0e #Description: PHP Fusion is vulnerable to stored cross site scriting vulnerability as the parameter "page_content" is vulnerable which will lead to its compromise. #Proof of Concept (
  6. #Vulnerability title: Wordpress plugin Simple Ads Manager - Multiple SQL Injection #Product: Wordpress plugin Simple Ads Manager #Vendor: https://profiles.wordpress.org/minimus/ #Affected version: Simple Ads Manager 2.5.94 and 2.5.96 #Download link: https://wordpress.org/plugins/simple-ads-manager/ #CVE ID: CVE-2015-2824 #Author: Le Hong Minh (minh.h.le@itas.vn) & ITAS Team ::PROOF OF CONCEPT:: ---SQL INJECTION 1--- + REQUEST: POST /wp-content/plugins/simple-ads-manager/sam-ajax.php HTTP/1.1 Host: target.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firef
  7. |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |-------------------------------------------------------------------------| | [+] Exploit Title: Wordpress aspose-doc-exporter Plugin Arbitrary File Download Vulnerability | | [+] Exploit Author: Ashiyane Digital Security Team | | [+] Vendor Homepage : https://wordpress.org/plugins/aspose-doc-exporter/developers/ | [+] Download Link : https://downloads.wordpress.org/plugin/aspose-doc-exporter.zip | [+] Tested on: Windows,Linux | | [+] Discovered By : ACC3SS |---------------------------------------
  8. |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |-------------------------------------------------------------------------| | [+] Exploit Title:Wordpress aspose-doc-exporter Plugin Arbitrary File Download Vulnerability | | [+] Exploit Author: Ashiyane Digital Security Team | | [+] Vendor Homepage : https://wordpress.org/plugins/aspose-doc-exporter/developers/ | [+] Download Link : https://downloads.wordpress.org/plugin/aspose-doc-exporter.zip | [+] Tested on: Windows,Linux | | [+] Date : 2015-03-28 | [+] Discovered By : ACC3SS |-----------------------------
  9. |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |-------------------------------------------------------------------------| | [+] Exploit Title:Wordpress Aspose-Cloud-eBook-Generator Plugin Arbitrary File Download Vulnerability | | [+] Exploit Author: Ashiyane Digital Security Team | | [+] Vendor Homepage : https://wordpress.org/plugins/aspose-cloud-ebook-generator/ | [+] Download Link : https://downloads.wordpress.org/plugin/aspose-cloud-ebook-generator.zip | [+] Tested on: Windows,Linux | | [+] Discovered By : ACC3SS |------------------------
  10. A four year old Adobe Flash patch did not properly resolve a vulnerable Flex application, and attackers can exploit the bug, which is said to affect some 30 percent of Alexa’s top 10 most popular sites in the world. LinkedIn security researcher Luca Carettoni and Mauro Gentile, a security consultant at Minded Security, presented their findings showing that Shockwave Flash files compiled by the vulnerable Flex software developers kit remain exploitable in fully updated Web browsers and Flash plugins. The researchers released partial details for the vulnerability along with mitigation informatio
  11. DLL hijacking has plagued Windows machines back as far as 2000 and provides hackers with a quiet way to gain persistence on a vulnerable machine, or remotely exploit a vulnerable application. And now it’s come to Apple’s Mac OS X. This week at the CanSecWest conference in Vancouver, Synack director of research Patrick Wardle is expected to deliver a talk during which he’ll explain different attacks that abuse dylibs in OS X for many of the same outcomes as with Windows: persistence; process injection; security feature bypass (in this case, Apple Gatekeeper); and remote exploitation. “DLL hijac
  12. # Exploit Title: ocPortal 9.0.16 Multiply XSS Vulnerabilities # Google Dork: "Copyright (c) ocPortal 2011 " # Date: 26-2-2015 # Exploit Author: Dennis Veninga # Vendor Homepage: http://ocportal.com/ # Vendor contacted: 22-2-2015 # Fix: http://ocportal.com/site/news/view/security_issues/xss-vulnerability-patch.htm # Version: 9.0.16 # Tested on: Firefox 36 & Chrome 38 / W8.1-x64 ocPortal -> Version: 9.0.16 Type: XSS Severity: Critical Info Exploit: There are MANY possibilities to execute XSS on the new released ocPortal. All XSS attacks are done by a new regist
  13. # Exploit Title: OpenKM Platform Remote Reflected Cross Site Scripting # Google Dork: N/A # Date: 18-11-2014 # Exploit Author: Mohamed Abdelbaset Elnoby (@SymbianSyMoh) # Vendor Homepage: http://www.openkm.com/en <http://s.bl-1.com/h/mQ2bNXq?url=http://www.openkm.com/en>/ # Software Link: http://www.openkm.com/en/download-english.html <http://s.bl-1.com/h/mQ2bTws?url=http://www.openkm.com/en/download-english.html> # Version: All versions < 6.4.19 (built 23338) # Tested on: All OS # CVE : 2014-9017 -About OpenKM OpenKM is a Free/Libre document management system that provides a w
  14. Seagate, a popular vendor of hardware solutions, has a critical zero-day vulnerability in its Network Attached Storage (NAS) device software that possibly left thousands of its users vulnerable to hackers. Seagate's Business Storage 2-Bay NAS product, found in home and business networks, is vulnerable to a zero-day Remote Code Execution vulnerability, currently affecting more than 2,500 publicly exposed devices on the Internet. Seagate is one of the world’s largest vendor of hardware solutions, with products available worldwide. After Western Digital, Seagate ranked second and holds 41% of the
  15. # Exploit Title: Wordpress Media Cleaner - XSS # Author: ?smail SAYGILI # Web Site: www.ismailsaygili.com.tr # E-Mail: iletisim@ismailsaygili.com.tr # Date: 2015-02-26 # Plugin Download: https://downloads.wordpress.org/plugin/wp-media-cleaner.2.2.6.zip # Version: 2.2.6 # Vulnerable File(s): [+] wp-media-cleaner.php # Vulnerable Code(s): [+] 647. Line $view = $_GET['view'] : "issues"; [+] 648. Line $paged = $_GET['paged'] : 1; [+] 653. Line $s = isset ( $_GET[ 's' ] ) ? $_GET[ 's' ] : null; # Request Method(s):
  16. Top operating systems by vulnerabilities reported in 2014 Top applications by vulnerabilities reported in 2014 Most vulnerable operating systems and applications in 2014
  17. |#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#| |-------------------------------------------------------------------------| |[*] Exploit Title: Wordpress RedSteel Theme Arbitrary File Download Vulnerability | |[*] Google Dork: inurl:wp-content/themes/RedSteel | |[*] Date : Date: 2015-01-25 | |[*] Exploit Author: Ashiyane Digital Security Team | |[*] Vendor Homepage : http://www.webdesignlessons.com/redsteel-wordpress-theme/ | |[*] Tested on: Windows 7 | |[*] Discovered By : ACC3SS | |-------------------------------------------------------------------------| | |[
  18. Exploit Title: WebGUI 7.10.29 stable version Cross site scripting vulnerability Software Link: http://www.webgui.org/download Author: SECUPENT Website:www.secupent.com Email: research{at}secupent{dot}com Date: 17-1-2015 Version: 7.10.29. Previous version maybe vulnerable also. Vulnerable area: http://localhost/style-underground/search XSS PoC: 1" onmouseover=prompt(907460) bad=" Screenshot: Link: http://secupent.com/exploit/images/webgui-xss.png Mirror: http://vulnerability.io/exploit/images/webgui-xss.png Reference: http://secupent.com/exploit/WebGUI-7.10.29-XSS.txt Special Thanks:
  19. Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. Download: Downloads - DVIA (Damn Vulnerable iOS App)
  20. Target:Down Status:Game Over Obiectiv: Ob?ine?i codul serial de 12 caractere pentru a intra in posesia premiului Hint: Codul se afla pe serverul target Trimite?i codul serial la adresa mea de mail (o g?si?i în semn?tur?) folosind cheia mea publica PGP Nu voi lua in considerare email-urile in clar text. Nu va voi r?spunde dac? nu va l?sa?i cheia voastr? publica . In cazul in care sunt mai multi care rezolva challenge-ul vom trece la un alt nivel unde doar unul din voi va putea lua premiul. In cazul in care nimeni nu rezolva challenge-ul premiul va r?mîne pentru urm?torul challenge. Nivel:
×
×
  • Create New...