... neuere Einträge
Saturday, 14. January 2012
Google, Facebook - URL redirection Vulnerability
Am Saturday, 14. Jan 2012 im Topic 'Vulnerabilities'
Vulnerability is reported in Google by "Ucha Gobejishvili ( longrifle0x )". This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers.
Url: https://accounts.google.com/o/oauth2/auth?redirect_uri=http://www.something.com

Same vulnerability in Facebook, Discovered by ZeRtOx from Devitel group:
http://www.facebook.com/l.php?h=5AQH8ROsPAQEOTSTw7sgoW1LhviRUBr6iFCcj4C8YmUcC8A&u=www.something.com

Permalink

 


Monday, 2. January 2012
Lilupophilupop - SQL
Am Monday, 2. Jan 2012 im Topic 'Vulnerabilities'
Infections are shows on .com, .de, & .uk as the most affected regions.
If you want to find out if you have a problem just google for



by
Kumar

Permalink

 


Friday, 4. November 2011
AOL Energy - XSS
Am Friday, 4. Nov 2011 im Topic 'Vulnerabilities'
A non-persistent Cross Site Scripting (XSS) vulnerability discovered on AOL Energy website.

xploit url:

http://energy.aol.com/search/?q=%22%3E%3Cscript%3Ealert(%22XSS+by+Vansh+%26+Vaibhuv%22)%3C%2Fscript%3E

by
Vansh & Vaibhuv

Permalink

 


Saturday, 29. October 2011
maxdome.com - SQL
Am Saturday, 29. Oct 2011 im Topic 'Vulnerabilities'
Main
http://www.maxdome.com/
Type: SQL Injection

Comment
Path: /php-bin/functions/home_flash/
File: homeflash.swf
Para: ?id=

by
Vulnerability-Lab

Permalink

 


tagu.com.ar - SQL
Am Saturday, 29. Oct 2011 im Topic 'Vulnerabilities'
Main
http://www.tagu.com.ar
Type: SQL Injection
Exploitable
http://www.tagu.com.ar/ver-post.php?p_id=4271'
Comment
Allow SQL Injection in "p_id" var.

Permalink

 


Monday, 24. October 2011
jara 1.6 - sql injection
Am Monday, 24. Oct 2011 im Topic 'Vulnerabilities'
download
http://sourceforge.net/projects/jara/files/v1.6/jarav16.zip

exploit
http://localhost/jara/view.php?id=[SQL Injection]


by
muuratsalo

Permalink

 


Friday, 21. October 2011
Adobe - Spy On The Webcams of Visitors
Am Friday, 21. Oct 2011 im Topic 'Vulnerabilities'
A slight variation of a previously designed clickjacking attack that used a Adobe Flash vulnerability has once again made it possible for website administrators to surreptitiously spy on their visitors by turning on the user's computer webcam and microphone.



by
Aboukhadijeh

Permalink

 


Wednesday, 19. October 2011
DNS poisoning via Port Exhaustion
Am Wednesday, 19. Oct 2011 im Topic 'Vulnerabilities'
A vulnerability in Java (CVE-2011-3552, CVE-2010-4448) which enables remote DNS poisoning using Java applets. This vulnerability can be triggered when opening a malicious webpage. A successful exploitation of this vulnerability may lead to disclosure and manipulation of cookies and web pages, disclosure of NTLM credentials and clipboard data of the logged-on user, and even firewall bypass.

Download PDF
http://blog.watchfire.com/files/dnsp_port_exhaustion.pdf







Permalink

 


Wednesday, 5. October 2011
WordPress 2.3.3 - hidden link injection
Am Wednesday, 5. Oct 2011 im Topic 'Vulnerabilities'
Google up inurl:wp-content/1/ [Warning: just google it up, don't visit any of the site in the search results. They are full of activeX viruses!].

What you see is a list of sites that were hacked through the latest WordPress Vulnerability that allows to insert spam into your blog.

Source

http://smackdown.blogsblogsblogs.com/2008/03/23/new-wordpress-233-exploitvulnerability-adds-spam-directory-wp-content1/

Permalink

 


Saturday, 1. October 2011
Busting-Windows
Am Saturday, 1. Oct 2011 im Topic 'Vulnerabilities'
Download PDDF
http://dl.packetstormsecurity.net/papers/general/busting-windows.pdf

Permalink

 


... ältere Einträge