Digital Armaments October-November Hacking Challenge: Linux Local Kernel Exploit (5,000$)

Digital Armaments October-November Hacking Challenge: 5,000$ Prize - Linux Local Kernel Vulnerabilities and Exploit Challenge pubblication is 10.10.2008 http://www.digitalarmaments.com/content/view/47/27/ I. Details Digital Armaments officially announce the launch of October-November hacking

Digital Armaments September-October Hacking Challenge: Explorer and Mozilla

Challenge Publication is 09.15.2006 http://www.digitalarmaments.com/challange200609253923.html I. Details Digital Armaments officially announce the launch of September-October hacking challenge. The challenge starts on September 1. For the September-October Challenge, Digital Armaments wi

SAP Internet Transaction Server XSS vulnerability

Vulnerability class : Cross-Site Scripting Discovery date : 13 September 2006 Remote : Yes Credit : ILION Research Labs Vulnerable : SAP ITS Vulnerable version: Versions 6.1 and 6.2 have been found to be vulnerable. Other versions might be too. A XSS (Cross-Site-Scripting) vulnerability h

new version of phplist fix XSS vulnerability

phplist, http://www.phplist.com is a popular open source newsletter application written in PHP. An XSS vulnerability has been found, in the public pages of the application. This issue has been addressed in the latest release 2.10.3, available from www.phplist.com Versions affected: any version

igital Armaments November-Decemberr Hacking Challenge: KERNEL Remote

Challenge pubblication is 11.02.2006 http://www.digitalarmaments.com/challenge200611849937.html I. Details Digital Armaments officially announce the launch of November-December hacking challenge. The challenge starts on November 1. For the November-December Challenge, Digital Armaments will

Digital Armaments November-Decemberr Hacking Challenge: KERNEL

Challenge pubblication is 11.02.2006 http://www.digitalarmaments.com/challenge200611849937.html I. Details Digital Armaments officially announce the launch of November-December hacking challenge. The challenge starts on November 1. For the November-December Challenge, Digital Armaments will g

Digital Armaments Security Advisory 07.12.2006: Yahoo multiple services authentication bypass Vulnerability

Digital Armaments advisory for Platinum Subcription is 06.20.2006 Digital Armaments public advisory is 12.07.2006 http://www.digitalarmaments.com/2006061285940301.html I. Background Yahoo! Inc. is an American computer services company with a mission to "be the most essential global Internet ser

MkPortal Urlobox Cross Site Request Forgery

MkPortal Urlobox Cross Site Request Forgery Discovered by: Demential Web: http://www.burnhead.it E-mail: [EMAIL PROTECTED] Mkportal website: http://www.mkportal.it posting [img]?ind=urlobox&op=delete&idurlo=X[/img] in MkPortal urlobox where X is an ID of a message, when administrator opens urlobo

HP Quality Center vulnerability

Find below the details of a vulnerability in the HP Quality Center product (formely Mercury Quality Center). Introduction -- Quality Center (QC) is a web-based QA testing and management tool. It is a product from HP when they took over Mercury Interactive last year. The front-e

maxcms2.0 creat new admin exploit

http://$host$path\r\n";; $message .= "Accept-Language: zh-cn\r\n"; $message .= "Content-Type: application/x-www-form-urlencoded\r\n"; $message .= "User-Agent: securitylab\r\n"; $message .= "X-Forwarded-For:1.1.1.1\r\n"; $message .= "Host: $host\r\n"; $message .= "Conte

Namad Cms Remote File Download

# Securitylab.ir # Application Info: # Name: Namad # Version: 2.0.0.0 # Website: http://imenafzar.com # # Discoverd By: Securitylab.ir # Website: http://securitylab.ir # Contacts

DMXReady Registration Manager Arbitrary File Upload Vulnerability

# Securitylab.ir # Application Info: # Name: DMXReady Registration Manager # Version: 1.1 # Website: http://www.dmxready.com # # Discoverd By: Securitylab.ir # Website: http

LxBlog

# Securitylab.ir # Application Info: # Name: LxBlog # Website: http://www.lxblog.net # # Discoverd By: Securitylab.ir # Website: http://securitylab.ir # Contacts: admin[at

ecshop 2.6.2

# Securitylab.ir # Application Info: # Name: ecshop # Version: 2.6.2 # Website: http://www.ecshop.com # # Discoverd By: Securitylab.ir # Website: http://securitylab.ir # Contacts: i

Empire Cms 5.1 sql injection

# Securitylab.ir # Application Info: # Name: Empire Cms # Version: 5.1 # Download: http://www.phome.net/OpenSource/download/EmpireCMS_5.1os_SC_GBK.zip # # Discoverd By

dedecms v5.3 Arbitrary File Upload Vulnerability

# Securitylab.ir # Application Info: # Name: dedecms # Version: v5.3 # Website: http://dedecms.com # # Discoverd By: Securitylab.ir # Website: http://securitylab.ir # Contacts

Admin News Tools 2.5 Remote File Download Vulnerability

# Securitylab.ir # Application Info: # Name: Admin News Tools # Version: 2.5 # Website: http://www.adminnewstools.fr.nf # Download: http://www.adminnewstools.fr.nf/zip/ANT-2.5.zip

Digital Armaments March-April Hacking Challenge: 5,000$ Prize - Client Vulnerabilities and Exploit

Digital Armaments March-April Hacking Challenge: 5,000$ Prize - Client Vulnerabilities and Exploit Pubblication is 03.15.2008 http://digitalarmaments.com//content/view/46/27/ I. Details Digital Armaments officially announce the launch of March-April hacking challenge. The challenge starts

Easy-Clanpage 2.2 (id) Remote SQL Injection Vulnerability

# ##Easy-Clanpage v2.2 ### # SQL İnjection VuLnerabiLity ## ##

Zune software - arbitrary file overwrite

Vulnerability class : Arbitrary file overwrite Discovery date : 21 April 2008 Remote : Yes Credits : J. Bachmann & B. Mariani from ilion Research Labs Vulnerable : Zune software: EncProfile2 Class An arbitrary file overwrite as been discovered in an ActiveX control installed with the Zune so

Hack.lu 2008 CfP

sent via the http://www.hack.lu/ website. Submissions should also include the following: 1. Presenter, and geographical location (country of origin/passport)and contact info. 2. Employer and/or affiliations. 3. Brief biography, list of publications or papers. 4. Any significant presentation

Re: LuckyBot v3 Remote File Include

this won't work, unless register globals is on, and on almost every webhost with PHP5, does not have register_globals on. So what a stupid exploit.

Re: Menu Manager Mod for WebAPP - No Input Filtering

The issue is not yet secure at http://www.web-app.org 1.) Guests can edit files on the server by: http://victim-domain/cgi-bin/index.cgi?action=menu - There are approximately 35 webapporg sites of version 0.9.9.7 defaced with the issue. So it couldn't possibly be fixed for 0.9.9.7 as claimed abo

Re: InterWorx-CP Multiple HTML Injections Vulnerabilitie

InterWorx 3.0.3 has been released that addresses this problem. http://interworx.com/forums/showthread.php?t=2501

Digital Armaments 2007 September-October Hacking Challenge: Symbian

Digital Armaments September-October Hacking Challenge: Symbian Challenge pubblication 09.04.2007 http://www.digitalarmaments.com/challenge200709362386.html I. Details Digital Armaments officially announce the launch of September-October hacking challenge. The challenge starts on September 1.

hack.lu 2007 18-20 October, Luxembourg

Dear Information Security Freaks, This is to announce that the line-up of the speakers and their subjects is finally up in a draft version on hack.lu 2007 (http://www.hack.lu/). Have a look and register as space is limited and prices go up progressively. We managed again to have speakers from al

new vuln in snewscms.net.ru in lang file

New Advisory: Snewscms Rus http://www.medconsultation.ru Summary Software: SnewsCMS Rus v. 2.1 Sowtware's Web Site: http://www.snewscms.net.ru Versions: 2.1 Critical Level: Moderate Type: XSS Class: Remote Status: Unpatched PoC/Exploit: Not

Smart Douran CMS Remote File Download

# # Securitylab.ir # # Application Info: # Name: Smart Douran CMS # Vendor: http://smartdouran.ir

Re: Microsoft Outlook Web Access (OWA) v8.2.254.0 "id" parameter Information Disclosure Vulnerability

Not working , Tested on : XpSp2 , IE6

Nginx 0.8.35 Space Character Remote Source Disclosure

# # Securitylab.ir # # Application Info: # Name: Nginx # Tested on nginx 0.8.35 # Nginx 0.8.36 and higher is not vulnerable

Re: RE: Nginx 0.8.35 Space Character Remote Source Disclosure

Vul in stable versions now isn't work. Original Advisory: http://blog.pouya.info/userfiles/vul/NginX.rar

Cherokee Web Server 0.5.3 Multiple Vulnerabilities

# # Securitylab.ir # # Application Info: # Name: Cherokee Web Server # Version: 0.5.3 # Download: http://mirror.aarnet.edu.au/pub/cherokee/windows/Cherokee

IE6 css set Denial of Service Vulnerability

Published by Securitylab.ir Founder: unknown /*

Flash Player 9 DLL Hijacking Exploit (schannel.dll)

=== Flash player 9.exe DLL Hijacking Exploit (schannel.dll) === Founded By: Securitylab.ir (Kamran Safaei Tabrizi) === include "stdafx.h"

Microsoft Windows wscript.exe (XP) DLL Hijacking Exploit (wshfra.dll)

= Founded By: Kamran Safaei Tabrizi(k4mr4n_st(at)yahoo(dot)com) Securitylab Security Research Team Website: http://www.securitylab.ir Special Thanks: Mazo shinozuki, BangoDragon =

[STANKOINFORMZASCHITA-10-01] Netbiter� webSCADA multiple vulnerabilities

[STANKOINFORMZASCHITA-10-01] Netbiter® webSCADA – multiple vulnerabilities Authors: Eugene Salov (eug...@itdefence.ru), Andrej Komarov (koma...@itdefence.ru) Product: Netbiter® webSCADA CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:R/C:C/I:C/A:C) Impact Subscore: 10.0 Exploitability Subscore: 8.0 A

[STANKOINFORMZASCHITA-10-02] ITS SCADA Authorization bypass

stems. Contact: info (at) itdefence (dot) ru Russia, Moscow, Bolshaya Bochtovaya st., 26, Business Center Tel.: +7 (495) 790-16-60 http://itdefence.ru

Mozilla Firefox 3.6.12 Denial of Service Vulnerability

PoC: By: Pouya Daneshmand Advisory: http://securitylab.ir/Advisories/Firefox%203.6.12%20Denial%20of%20Service%20Vulnerability.txt

Sigma Portal Denial of Service Vulnerability

# # Securitylab.ir # # Application Info: # Name: Sigma Portal # Vendor: http://www.sigma.ir

Asan Portal (IdehPardaz) Multiple Vulnerabilities

# # Securitylab.ir # # Application Info: # Name: Asan Portal # Vendor: http://iptech.ir/default.aspx?id=130

Microsoft IIS 6 parsing directory �x.asp� Vulnerability

# Microsoft IIS 6 parsing directory Vulnerability #Discovered by: Pouya daneshmand whh_iran[AT]yahoo[DOT]com http://securitylab.ir/blog #Introduction: Using this vuln

Re: Chamilo 1.8.7 / Dokeos 1.8.6 Remote File Disclosure

Dokeos 1.8.6.2 fixes these 2 security holes. Dokeos 1.8.6.2 has been released one day after we got informed about this security release. Download @sourceforge http://bit.ly/dYOvDc

DBHCMS Web Content Management System v1.1.4 RFI Vulnerability

# Securitylab.ir # Application Info: # Name: DBHCMS Web Content Management System # Version: 1.1.4 # Download: :( # # Discoverd By: Securitylab.ir # Website: http

httpdx webserver v1.5 Remote Source Disclosure

# # Securitylab.ir # # Application Info: # Name: httpdx webserver # Version: 1.5

QvodPlayer ColorFilter Codec ActiveX Remote Exec

### # QvodPlayer ColorFilter Codec ActiveX Remote Exec # Download : http://www.qvod.com ### # Vulnerability: # ###

eWebeditor Directory Traversal Vulnerability

# # Securitylab.ir # # Application Info: # Name: eWebeditor # Version: all version # # Vulnerability Info

Microsoft IE 6&7 Crash Exploit

# # Securitylab.ir # # Application Info: # Name: Microsoft IE # Version: 6 & 7 # Tested on : XP(SP1/SP2

Tavanmand Portal (fckeditor) Remote Arbitrary File Upload Vulnerability

# # Securitylab.ir # # Application Info: # Name: Tavanmand Portal # version: 1.1 # Vendor: http://www.tavanmand.ir

eWebeditor ASP Version Multiple Vulnerabilities

# # Securitylab.ir # # Application Info: # Name: eWebeditor # Version: ASP # Vulnerability

RaakCms Multiple Vulnerabilities

# # Securitylab.ir # # Application Info: # Name: RaakCms # Vendor: http://raakcms.com # Vulnerability

mongoose Space Character Remote File Disclosure Vulnerability

# # Securitylab.ir # # Application Info: # Name: mongoose # Version: 2.8 # Download: http://code.google.com/p/mongoose/downloads/list

Joomla (Jw_allVideos) Remote File Download Vulnerability

# # Securitylab.ir # # Application Info: # Name: Joomla (jw_allvideos Plugin) # Version: 1.0

IE address bar characters into a small feature

# # Securitylab.ir # # Application Info: # Name: Internet Explorer # Version: 8.0 # Vulnerability: IE

Pixel Portal Sql Injection Vulnerability

# # Securitylab.ir # # Application Info: # Name: Pixel Portal # Vendor: http://www.pixelidea.ir

Re: Re: Joomla (Jw_allVideos) Remote File Download Vulnerability

You right. it's working at version 1.0 only ;) # Application Info: # Name: Joomla (jw_allvideos Plugin) # >>>>> Version: 1.0 <<<<<

Official Portal 2007 Multiple Vulnerabilities

# # Securitylab.ir # # Application Info: # Name: Official Portal 2007 # # Vulnerability Info

phpinfo() XSS Vulnerability

# Vulnerability: http://site.com/phpinfo.php?+alert(011100110110010101100011011101010111001001101001011101000001);+ # # Discoverd By: Pouya Daneshmand # Website: http://securitylab.ir # Contacts: info[at]securitylab.ir & whh_i...@yahoo.com ###

IE 6.0 - Local Crash Exploit

### # Securitylab.ir ### Vul: function crash() { var buff = ''; for(i=0;i<=5000;i++) {buff+="AA";} obje

Joomla Component com_weblinks Sql Injection Vulnerability

# # Securitylab.ir # # Application Info: # Name: Joomla Component com_weblinks # # Vulnerability Info

XSS vulnerability in easy page cms

# # Securitylab.ir # # Application Info: # Name: Easy Page # Vendor: http://easypage.org

Joomla Component com_xmap Sql Injection Vulnerability

# # Securitylab.ir # # Application Info: # Name: Joomla Component com_xmap # # Vulnerability Info: # Type

Hack.lu 2010 CfP

/cfp/ Submissions should also include the following: 1. Presenter, and geographical location (country of origin/passport) and contact info. 2. Employer and/or affiliations. 3. Brief biography, list of publications or papers. 4. Any significant presentation and/or educational experience

Vana CMS Remote File Download

# # Securitylab.ir # # Application Info: # Name: Vana CMS # Vendor: http://www.vanasoft.com

Ziggurat CMS Multiple Vulnerabilities

# # Securitylab.ir # # Application Info: # Name: Ziggurat CMS # Vendor: http://www.farsi-cms.com

VigileCMS 1.4 Multiple Remote Vulnerabilities

VigileCMS 1.4 Multiple Remote Vulnerabilities --- --- Author : DevilAuron (http://devilsnight.altervista.org) Vendor : V

Digital Armaments November-December Hacking Challenge: Diffuse Client Application (10.000$ extra)

Digital Armaments November-December Hacking Challenge: Diffuse Client Application Challenge Pubblication 11.29.2007 http://www.digitalarmaments.com/challenge200711849505.html I. Details Digital Armaments officially announce the launch of November-December hacking challenge. The challenge

Digital Armaments January-February Hacking Challenge: Special 20.000$ Prize - Windows Vulnerabilities and Exploit

Digital Armaments January-February Hacking Challenge: Special 20.000$ Prize - Windows Vulnerabilities and Exploit Challenge pubblication is 01.04.2008 http://www.digitalarmaments.com/challenge200801566321.html I. Details Digital Armaments officially announce the launch of January-February

LiveCart XSS vulnerability fixed since version 1.1.0

This issue has been resolved since version 1.1.0: http://livecart.com/news/Major-update-LiveCart-1-1-0.8

DvBBS v2.0(PHP) boardrule.php Sql injection

## Securitylab.ir # Application Info: # Name: DVBBS (php) # Version: 2.0 # Vendor: http://p.dvbbs.net # # Discoverd By: Securitylab.ir # Website: http://securitylab.ir

Various Orion application application server example pages are vulnerable to XSS.

R08-08: Several XSS on Orion Application server 2.0 to 2.0.8 Vulnerability found: May 2008 Revalidated 23 July 2009 Vendor informed: 27th July 09 Vulnerability fixed: Severity: Medium Description: Various Orion application application server example pages are vulnerable to XSS.

DEDECMS v5.1 Sql Injection Vulnerability

# Securitylab.ir # Application Info: # Name: DEDECMS # Version: 5.1 # # Discoverd By: Securitylab.ir # Website: http://securitylab.ir # Contacts: admin[at]securitylab.ir &am

phpcms 2008 Remote File Disclosure Vulnerability

## Securitylab.ir # Application Info: # Name: phpcms 2008 # Version: All # # Discoverd By: Securitylab.ir # Website: http://securitylab.ir # Contacts: admin[at]securitylab.ir &am

PHP168 v6.0 rc

## Securitylab.ir # Application Info: # Name: PHP168 # Version: 6.0 # # Discoverd By: Securitylab.ir # Website: http://securitylab.ir # Contacts: admin[at]securitylab.ir &am

PSAtr v1.2 Sql Injection

## Securitylab.ir # Application Info: # Name: PSArt # Version: 1.2 # # Discoverd By: Securitylab.ir # Website: http://securitylab.ir # Contacts: admin[at]securitylab.ir &am

QuahogCon Call for Papers

About QuahogCon QuahogCon is a new regional conference for the hacker culture in all forms. Hardware, Software, Security, Social, Eco Hacking, Zero Impact Living. Like most hacker cons, it will run Friday to Sunday. We'll have two tracks: one for InfoSec topics and the other track will be a mi

Vulnerability: protected Adobe eBooks can be copied between computers

Russia Vendor (Adobe has been notifed about this vulnerability at July 23, 2002, but have hot replied. TECHNICAL INFO === Description of the vulnerability. - Adobe

Telnetd AYT overflow scanner

/* * Telnetd AYT overflow scanner, by Security Point(R) * Bug found by scut of TESO Security * * Date: 25/07/01 * Author: Security Point(R) * WWW: http://www.secpoint.com * Email: [EMAIL PROTECTED] * * This program checks for the AYT overflow realted to the * newly discov

Vulnerability in Windows 2000 TELNET service

Security Point (R) [EMAIL PROTECTED] http://www.secpoint.com/ Advisory #003 Title: Vulnerability in Windows 2000 TELNET service. Date: 25-07-01 Copyright (c) 2001 SECURITY POINT (R) Contents: = I Disclaimer II Introduction

Implementation flaws in Adobe Document Server for Reader Extensions

been reported to vendor (Adobe Systems Inc) on 02/24/2003; vendor has not replied. Technical info === Adobe Document Server for Reader Extensions

Re: @(#)Mordred Labs advisory - Texis sensitive information leak

In-Reply-To: <[EMAIL PROTECTED]> THUNDERSTONE RESPONSE TO SECURITY ALERT Thunderstone Software is aware of a report about a "vulnerability" in one of our products, published on Bugtraq. Thunderstone takes such concerns seriously. We offer the following details for concerned customers and users

Re: PlatinumFTP 1.0.18 remote DoS

I have spent the last year rewriting the server and it should now Dos free. I have tested against all known vulnerabilities and cant crash the software. Please download from www.platinumftp.com and let me know if you find any more.

MkPortal "All Guests are Admin" Exploit

MkPortal "All Guests are Admin" Exploit Vulnerability discovered and exploited by: Demential Web: http://headburn.altervista.org E-mail: info[at]burnhead[dot]it Mkportal website: http://www.mkportal.it Start Macromedia Flash and create an swf file with this code: var idg:Number =

MkPortal Admin XSS

MkPortal Admin XSS Discovered by: Demential Web: http://headburn.altervista.org E-mail: info[at]burnhead[dot]it Mkportal website: http://www.mkportal.it Go to: /mkportal/admin.php?ind=ad_contents&op=contents_new In both fields write: ">alert(document.cookie) and press save. Alert

MKPortal Full Path Disclosure

MkPortal Full Path Disclosure Vulnerability discovered by: Demential Web: http://headburn.altervista.org E-mail: info[at]burnhead[dot]it Mkportal website: http://www.mkportal.it Tested on MKPortal M1.1 RC1 with PhpBB other versions may also be affected. http://www.victim.com/mkportal/admin.php

phpBB (privmsg.php) XSS Exploit

phpBB (privmsg.php) XSS Exploit By: Demential Web: http://headburn.altervista.org E-mail: [EMAIL PROTECTED] PhpBB website: http://phpbb.com Exploit tested on phpBB 2.0.21 Secunia.com said: Input passed to the form field "Message body" in privmsg.php is not properly sanitised before it is return

Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability

Digital Armaments pre-advisory is 01.10.2007 http://www.digitalarmaments.com/pre2007-00018659.html Digital Armaments realease pre-advisory of vulnerabilties and exploit avaiable only to Platinum Subscriptors. The full-advisory will might be released to the public after 6 months. I. Background

Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability

Digital Armaments advisory is 01.20.2007 http://www.digitalarmaments.com/2007200184936274.html I. Background grsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. It is licensed under the GPL. For further information or detail a

Re: bloofoxCMS 0.2.2 Remote File Include Vulnerabilitiy

variable $content_php is set in php code and should overwrite any user made inserts in url. i think this is not a vulnerability, is it?

CfP Hack.lu 2007

Submissions should also include the following: 1. Presenter, and geographical location (country of origin/passport)and contact info. 2. Employer and/or affiliations. 3. Brief biography, list of publications or papers. 4. Any significant presentation and/or educational experience/background. 5

sunshop v4 >> RFI

vendor : turnkeywebtools.com by : s3rv3r_hack3r ( [EMAIL PROTECTED] ) bugz: include/payment/payflow_pro.php > include $abs_path."/include/payment/payflow_pro/pfpro.class.php"; global.php require_once $abs_path."/libsecure.php"; libsecu

blogsystem 1.4 >> local & remote = -rfi & lfi & -xss

demo: blog23.com by : hackerz.ir userz ! ADMIN/index.php include($category."/".$folder."_".$page.".php"); ADMIN/index.php include($category."/".$action.".php"); ADMIN/login.php include($lngTexts); ADMIN/login.php include($lngConfig); BO/index.phpinclude($category."/".$folder."_".$page.".php");

Re: 12All File Upload Vulnerability

FCKEditor fixed in version 4.54. User needed to be logged in as an ADMIN user to be able to use this vulnerability.

Re: UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability

3.0.16 will be released later today. Simple str_replace to fix in includes/session.inc.php and treatGet function on $_GET['ccUser']. ## remove possible CRLF injection $sessId = str_replace(array('%0d', '%0a'), '', $sessId); Please report any potential security issues directly to us in the futur

Digital Armaments May-June-2007 Hacking Challenge: VMware

Digital Armaments May-June Hacking Challenge: VMware Challenge Publication is 09.05.2007 http://www.digitalarmaments.com/challanges_open.html I. Details Digital Armaments officially announce the launch of May-June hacking challenge. The challenge starts on May 1. For the May-June Challenge, Di

XSS on Juniper JUNOS 11.4 Embedthis Appweb 3.2.3

Vulnerability Type: (XSS) Cross-Site Scripting - Original release date: November 11th, 2013 - Last revised: November 11th, 2013 - Discovered by: Andrea Bodei - A2SECURE - Severity: 4.3/10 (CVSSv2 Base Scored) Products and affected versions: JUNOS up to 11.4 (probably 12.1 and 12.3 vulnerable) Vu

Kerio Control <= 8.3.1 Boolean-based blind SQL Injection

how/76_kerio_control_8_3_1_boolean_based_blind_sql_injection Researcher's Websites: http://fereidani.com http://fereidani.ir http://und3rfl0w.com http://ircrash.com Researcher's Email: info [ a t ] fereidani [ d o t ] com Technical Details: === Kerio Control suffers from a SQL Injection Vulnerabil

myBloggie 2.1.6 SQL-Injection, Advanced INSERT INTO Injection technique

myBloggie 2.1.6 SQL-Injection, Advanced INSERT INTO Injection technique Software: myBloggie 2.1.6 Severity: High Author: Robin Verton Date: Jun. 12 2011 Vendor: http://mybloggie.mywebland.com/ Software Description: "myBloggie is considered one of the most simple, user-friendliest yet packed wi

Cross-Site Scripting (XSS) in Microsoft ReportViewer Controls

== Cross-Site Scripting (XSS) in Microsoft ReportViewer Controls Adam Bixby - Gotham Digital Science (l...@gdssecurity.com) Public Release Date: 8/9/2011 Confirmed Affected Software: Microsoft Report Viewer Redistributable 2005 SP1 and Microsoft V

Re: Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities Are Fixed!

Thanks for the feedback! All of SysAid's web vulnerabilities are fixed. SysAid has already come out with a new release 8.5.08 that addresses all of these security issues—making SysAid 8.5.08 highly secure. We are sorry for the inconvenience, and encourage all our users to upgrade to the most re

AthCon 2013 Rev. Challenge 2013

The Reverse Engineering challenge is now available. The rules are included in the associated zip file. All submissions should be sent to kyre...@athcon.org and the deadline is 30/04/2013. Download Rev. Challenge 2013:http://www.athcon.org/AthCon_2013_RE_Challenge.zip Challenge Creator: Kyriako

  1   2   >