RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
===
Product:SlickQuiz
Vendor URL: https://wordpress.org/plugins/slickquiz/
Type: SQL Injection [CWE-74]
Date found: 2019-05-30
Date published: 2019-09-10
CVSSv3 Score: 8.1 (CV
Macintosh; Intel Mac OS X 10.14; rv:68.0)
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 181
DNT: 1
Connection: close
action=save_quiz_score&json={"name&
+ Credits: Maxim Tomashevich
+ Website: https://www.thegrideon.com/quickbooks-forensics.html
+ Details: https://www.thegrideon.com/qb-internals-2017.html
Vendor:
-
www.intuit.com
www.intuit.ca
Product:
-
QuickBooks Desktop
versions: 2017
Vulnerability T
the ISP.
It seems that's some people understood that's the service is not good, and
complained about it online, however I didn't saw a publication concern the
security effect of the issue
I hope this mistake won't happened again
Amitay Dan
CEO at Cybermoon
RiseCON - Rosario Information Security Conference 2014
www.risecon.org
Fechas: 6 y 7 de noviembre de 2014
Locación: Plataforma Lavarden (Av Mendoza 1085) - Rosario, Santa Fe, Argentina
RiseCON es el primer y mayor evento de seguridad informática y hacking
realizado en la ciudad de Rosario, con
how/76_kerio_control_8_3_1_boolean_based_blind_sql_injection
Researcher's Websites: http://fereidani.com http://fereidani.ir
http://und3rfl0w.com http://ircrash.com
Researcher's Email: info [ a t ] fereidani [ d o t ] com
Technical Details:
===
Kerio Control suffers from a SQL Injection Vulnerabil
# Exploit Title: Wordpress Booking System (Booking Calendar) plugin
SQL Injection
# Release Date: 2014-05-21
# Author: maodun
# Contact: Twitter: @conmancm
# Software Link: http://wordpress.org/support/plugin/booking-system
# Affected version: < 1.3
# Google Dork: inurl:/wp-content/plugins/booking-
Vulnerability Type: (XSS) Cross-Site Scripting
- Original release date: November 11th, 2013
- Last revised: November 11th, 2013
- Discovered by: Andrea Bodei - A2SECURE
- Severity: 4.3/10 (CVSSv2 Base Scored)
Products and affected versions:
JUNOS up to 11.4 (probably 12.1 and 12.3 vulnerable)
Vu
n shoud include following details;
- Name, last name and contact details
- Brief bio
- Place of residence
- Presentation topic and description
Submissions should be sent to "info[.at.]nopcon.org" untill the 20th April ,
2013.
[+]CFP Deadline
18th April , 2013
[+]Registration and Ticket
The Reverse Engineering challenge is now available. The rules are included in
the associated zip file. All submissions should be sent to kyre...@athcon.org
and the deadline is 30/04/2013.
Download Rev. Challenge 2013:http://www.athcon.org/AthCon_2013_RE_Challenge.zip
Challenge Creator: Kyriako
Thanks for the feedback! All of SysAid's web vulnerabilities are fixed. SysAid
has already come out with a new release 8.5.08 that addresses all of these
security issuesmaking SysAid 8.5.08 highly secure. We are sorry for the
inconvenience, and encourage all our users to upgrade to the most re
==
Cross-Site Scripting (XSS) in Microsoft ReportViewer Controls
Adam Bixby - Gotham Digital Science (l...@gdssecurity.com)
Public Release Date: 8/9/2011
Confirmed Affected Software: Microsoft Report Viewer Redistributable 2005 SP1
and Microsoft V
myBloggie 2.1.6 SQL-Injection, Advanced INSERT INTO Injection technique
Software: myBloggie 2.1.6
Severity: High
Author: Robin Verton
Date: Jun. 12 2011
Vendor: http://mybloggie.mywebland.com/
Software Description:
"myBloggie is considered one of the most simple, user-friendliest yet packed
wi
Dokeos 1.8.6.2 fixes these 2 security holes. Dokeos 1.8.6.2 has been released
one day after we got informed about this security release.
Download @sourceforge http://bit.ly/dYOvDc
# Microsoft IIS 6 parsing directory Vulnerability
#Discovered by:
Pouya daneshmand
whh_iran[AT]yahoo[DOT]com
http://securitylab.ir/blog
#Introduction:
Using this vuln
#
# Securitylab.ir
#
# Application Info:
# Name: Asan Portal
# Vendor: http://iptech.ir/default.aspx?id=130
#
# Securitylab.ir
#
# Application Info:
# Name: Sigma Portal
# Vendor: http://www.sigma.ir
PoC:
By: Pouya Daneshmand
Advisory:
http://securitylab.ir/Advisories/Firefox%203.6.12%20Denial%20of%20Service%20Vulnerability.txt
stems.
Contact: info (at) itdefence (dot) ru
Russia, Moscow, Bolshaya Bochtovaya st., 26, Business Center
Tel.: +7 (495) 790-16-60
http://itdefence.ru
[STANKOINFORMZASCHITA-10-01] Netbiter® webSCADA  multiple vulnerabilities
Authors: Eugene Salov (eug...@itdefence.ru), Andrej Komarov
(koma...@itdefence.ru)
Product: Netbiter® webSCADA
CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:R/C:C/I:C/A:C)
Impact Subscore: 10.0
Exploitability Subscore: 8.0
A
=
Founded By: Kamran Safaei Tabrizi(k4mr4n_st(at)yahoo(dot)com)
Securitylab Security Research Team
Website: http://www.securitylab.ir
Special Thanks: Mazo shinozuki, BangoDragon
=
===
Flash player 9.exe DLL Hijacking Exploit (schannel.dll)
===
Founded By: Securitylab.ir (Kamran Safaei Tabrizi)
===
include "stdafx.h"
Published by Securitylab.ir
Founder: unknown
/*
#
# Securitylab.ir
#
# Application Info:
# Name: Cherokee Web Server
# Version: 0.5.3
# Download:
http://mirror.aarnet.edu.au/pub/cherokee/windows/Cherokee
Vul in stable versions now isn't work.
Original Advisory:
http://blog.pouya.info/userfiles/vul/NginX.rar
#
# Securitylab.ir
#
# Application Info:
# Name: Nginx
# Tested on nginx 0.8.35
# Nginx 0.8.36 and higher is not vulnerable
Not working , Tested on : XpSp2 , IE6
#
# Securitylab.ir
#
# Application Info:
# Name: Smart Douran CMS
# Vendor: http://smartdouran.ir
#
# Securitylab.ir
#
# Application Info:
# Name: Ziggurat CMS
# Vendor: http://www.farsi-cms.com
#
# Securitylab.ir
#
# Application Info:
# Name: Vana CMS
# Vendor: http://www.vanasoft.com
/cfp/
Submissions should also include the following:
1. Presenter, and geographical location (country of origin/passport)
and contact info.
2. Employer and/or affiliations.
3. Brief biography, list of publications or papers.
4. Any significant presentation and/or educational
experience
#
# Securitylab.ir
#
# Application Info:
# Name: Joomla Component com_xmap
#
# Vulnerability Info:
# Type
#
# Securitylab.ir
#
# Application Info:
# Name: Easy Page
# Vendor: http://easypage.org
#
# Securitylab.ir
#
# Application Info:
# Name: Joomla Component com_weblinks
#
# Vulnerability Info
###
# Securitylab.ir
###
Vul:
function crash() {
var buff = '';
for(i=0;i<=5000;i++) {buff+="AA";}
obje
#
Vulnerability:
http://site.com/phpinfo.php?+alert(011100110110010101100011011101010111001001101001011101000001);+
#
# Discoverd By: Pouya Daneshmand
# Website: http://securitylab.ir
# Contacts: info[at]securitylab.ir & whh_i...@yahoo.com
###
#
# Securitylab.ir
#
# Application Info:
# Name: Official Portal 2007
#
# Vulnerability Info
You right.
it's working at version 1.0 only ;)
# Application Info:
# Name: Joomla (jw_allvideos Plugin)
# >>>>> Version: 1.0 <<<<<
#
# Securitylab.ir
#
# Application Info:
# Name: Pixel Portal
# Vendor: http://www.pixelidea.ir
#
# Securitylab.ir
#
# Application Info:
# Name: Internet Explorer
# Version: 8.0
#
Vulnerability: IE
#
# Securitylab.ir
#
# Application Info:
# Name: Joomla (jw_allvideos Plugin)
# Version: 1.0
#
# Securitylab.ir
#
# Application Info:
# Name: mongoose
# Version: 2.8
# Download: http://code.google.com/p/mongoose/downloads/list
#
# Securitylab.ir
#
# Application Info:
# Name: RaakCms
# Vendor: http://raakcms.com
#
Vulnerability
#
# Securitylab.ir
#
# Application Info:
# Name: eWebeditor
# Version: ASP
#
Vulnerability
#
# Securitylab.ir
#
# Application Info:
# Name: Tavanmand Portal
# version: 1.1
# Vendor: http://www.tavanmand.ir
#
# Securitylab.ir
#
# Application Info:
# Name: Microsoft IE
# Version: 6 & 7
# Tested on : XP(SP1/SP2
#
# Securitylab.ir
#
# Application Info:
# Name: eWebeditor
# Version: all version
#
# Vulnerability Info
###
# QvodPlayer ColorFilter Codec ActiveX Remote Exec
# Download : http://www.qvod.com
###
# Vulnerability:
#
###
#
# Securitylab.ir
#
# Application Info:
# Name: httpdx webserver
# Version: 1.5
# Securitylab.ir
# Application Info:
# Name: DBHCMS Web Content Management System
# Version: 1.1.4
# Download: :(
#
# Discoverd By: Securitylab.ir
# Website: http
About QuahogCon
QuahogCon is a new regional conference for the hacker culture in all forms.
Hardware, Software, Security, Social, Eco Hacking, Zero Impact Living. Like
most hacker cons, it will run Friday to Sunday. We'll have two tracks: one for
InfoSec topics and the other track will be a mi
## Securitylab.ir
# Application Info:
# Name: PSArt
# Version: 1.2
#
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir &am
## Securitylab.ir
# Application Info:
# Name: PHP168
# Version: 6.0
#
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir &am
## Securitylab.ir
# Application Info:
# Name: phpcms 2008
# Version: All
#
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir &am
# Securitylab.ir
# Application Info:
# Name: DEDECMS
# Version: 5.1
#
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir &am
R08-08: Several XSS on Orion Application server 2.0 to 2.0.8
Vulnerability found: May 2008 Revalidated 23 July 2009
Vendor informed: 27th July 09
Vulnerability fixed:
Severity: Medium
Description:
Various Orion application application server example pages are vulnerable to
XSS.
## Securitylab.ir
# Application Info:
# Name: DVBBS (php)
# Version: 2.0
# Vendor: http://p.dvbbs.net
#
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Securitylab.ir
# Application Info:
# Name: Admin News Tools
# Version: 2.5
# Website: http://www.adminnewstools.fr.nf
# Download: http://www.adminnewstools.fr.nf/zip/ANT-2.5.zip
# Securitylab.ir
# Application Info:
# Name: dedecms
# Version: v5.3
# Website: http://dedecms.com
#
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts
# Securitylab.ir
# Application Info:
# Name: Empire Cms
# Version: 5.1
# Download: http://www.phome.net/OpenSource/download/EmpireCMS_5.1os_SC_GBK.zip
#
# Discoverd By
# Securitylab.ir
# Application Info:
# Name: ecshop
# Version: 2.6.2
# Website: http://www.ecshop.com
#
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: i
# Securitylab.ir
# Application Info:
# Name: LxBlog
# Website: http://www.lxblog.net
#
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at
# Securitylab.ir
# Application Info:
# Name: DMXReady Registration Manager
# Version: 1.1
# Website: http://www.dmxready.com
#
# Discoverd By: Securitylab.ir
# Website: http
# Securitylab.ir
# Application Info:
# Name: Namad
# Version: 2.0.0.0
# Website: http://imenafzar.com
#
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts
http://$host$path\r\n";;
$message .= "Accept-Language: zh-cn\r\n";
$message .= "Content-Type: application/x-www-form-urlencoded\r\n";
$message .= "User-Agent: securitylab\r\n";
$message .= "X-Forwarded-For:1.1.1.1\r\n";
$message .= "Host: $host\r\n";
$message .= "Conte
notified of the
result, by electronic means. Abstract is up to 400 words. Submissions
must be sent using the following interface: http://2009.hack.lu/papers/
Submissions should also include the following:
1. Presenter, and geographical location (country of origin/passport)and
contact info.
2. Employer
Find below the details of a vulnerability in the HP Quality Center product
(formely Mercury Quality Center).
Introduction
--
Quality Center (QC) is a web-based QA testing and management tool. It is a
product from HP when they took over Mercury Interactive last year.
The front-e
Digital Armaments October-November Hacking Challenge: 5,000$ Prize - Linux
Local Kernel Vulnerabilities and Exploit
Challenge pubblication is 10.10.2008
http://www.digitalarmaments.com/content/view/47/27/
I. Details
Digital Armaments officially announce the launch of October-November hacking
sent via the
http://www.hack.lu/ website.
Submissions should also include the following:
1. Presenter, and geographical location (country of origin/passport)and
contact info.
2. Employer and/or affiliations.
3. Brief biography, list of publications or papers.
4. Any significant presentation
#!/usr/bin/perl -w
use LWP::UserAgent;
# scripts : SunShop Version 3.5.1 Remote Blind Sql Injection
# scripts site : http://www.turnkeywebtools.com/sunshop/
# Discovered
# By : irvian
# site : http://irvian.cn
# email : [EMAIL PROTECTED]
print "\r\n[+]--
Vulnerability class : Arbitrary file overwrite
Discovery date : 21 April 2008
Remote : Yes
Credits : J. Bachmann & B. Mariani from ilion Research Labs
Vulnerable : Zune software: EncProfile2 Class
An arbitrary file overwrite as been discovered in an ActiveX control installed
with the Zune so
#
##Easy-Clanpage v2.2 ###
# SQL İnjection VuLnerabiLity ##
##
Digital Armaments March-April Hacking Challenge: 5,000$ Prize - Client
Vulnerabilities and Exploit
Pubblication is 03.15.2008
http://digitalarmaments.com//content/view/46/27/
I. Details
Digital Armaments officially announce the launch of March-April hacking
challenge.
The challenge starts
This issue has been resolved since version 1.1.0:
http://livecart.com/news/Major-update-LiveCart-1-1-0.8
Digital Armaments January-February Hacking Challenge: Special 20.000$ Prize -
Windows Vulnerabilities and Exploit
Challenge pubblication is 01.04.2008
http://www.digitalarmaments.com/challenge200801566321.html
I. Details
Digital Armaments officially announce the launch of January-February
Digital Armaments November-December Hacking Challenge: Diffuse Client
Application
Challenge Pubblication 11.29.2007
http://www.digitalarmaments.com/challenge200711849505.html
I. Details
Digital Armaments officially announce the launch of November-December hacking
challenge.
The challenge
VigileCMS 1.4 Multiple Remote Vulnerabilities
---
---
Author : DevilAuron (http://devilsnight.altervista.org)
Vendor : V
New Advisory:
Snewscms Rus
http://www.medconsultation.ru
Summary
Software: SnewsCMS Rus v. 2.1
Sowtware's Web Site: http://www.snewscms.net.ru
Versions: 2.1
Critical Level: Moderate
Type: XSS
Class: Remote
Status: Unpatched
PoC/Exploit: Not
Dear Information Security Freaks,
This is to announce that the line-up of the speakers and their subjects
is finally up in a draft version on hack.lu 2007 (http://www.hack.lu/).
Have a look and register as space is limited and prices go up progressively.
We managed again to have speakers from al
Digital Armaments September-October Hacking Challenge: Symbian
Challenge pubblication 09.04.2007
http://www.digitalarmaments.com/challenge200709362386.html
I. Details
Digital Armaments officially announce the launch of September-October hacking
challenge.
The challenge starts on September 1.
InterWorx 3.0.3 has been released that addresses this problem.
http://interworx.com/forums/showthread.php?t=2501
The issue is not yet secure at http://www.web-app.org
1.) Guests can edit files on the server by:
http://victim-domain/cgi-bin/index.cgi?action=menu
- There are approximately 35 webapporg sites of version 0.9.9.7 defaced with
the issue. So it couldn't possibly be fixed for 0.9.9.7 as claimed abo
this won't work, unless register globals is on, and on almost every webhost
with PHP5, does not have register_globals on.
So what a stupid exploit.
Digital Armaments May-June Hacking Challenge: VMware
Challenge Publication is 09.05.2007
http://www.digitalarmaments.com/challanges_open.html
I. Details
Digital Armaments officially announce the launch of May-June hacking challenge.
The challenge starts on May 1. For the May-June Challenge, Di
3.0.16 will be released later today. Simple str_replace to fix in
includes/session.inc.php and treatGet function on $_GET['ccUser'].
## remove possible CRLF injection
$sessId = str_replace(array('%0d', '%0a'), '', $sessId);
Please report any potential security issues directly to us in the futur
FCKEditor fixed in version 4.54. User needed to be logged in as an ADMIN user
to be able to use this vulnerability.
demo: blog23.com
by : hackerz.ir userz !
ADMIN/index.php include($category."/".$folder."_".$page.".php");
ADMIN/index.php include($category."/".$action.".php");
ADMIN/login.php include($lngTexts);
ADMIN/login.php include($lngConfig);
BO/index.phpinclude($category."/".$folder."_".$page.".php");
vendor : turnkeywebtools.com
by : s3rv3r_hack3r ( [EMAIL PROTECTED] )
bugz:
include/payment/payflow_pro.php >
include $abs_path."/include/payment/payflow_pro/pfpro.class.php";
global.php
require_once $abs_path."/libsecure.php";
libsecu
Submissions should also include the following:
1. Presenter, and geographical location (country of origin/passport)and
contact info.
2. Employer and/or affiliations.
3. Brief biography, list of publications or papers.
4. Any significant presentation and/or educational experience/background.
5
variable $content_php is set in php code and should overwrite any user made
inserts in url. i think this is not a vulnerability, is it?
Digital Armaments advisory is 01.20.2007
http://www.digitalarmaments.com/2007200184936274.html
I. Background
grsecurity is an innovative approach to security utilizing a multi-layered
detection, prevention, and containment model. It is licensed under the GPL.
For further information or detail a
Digital Armaments pre-advisory is 01.10.2007
http://www.digitalarmaments.com/pre2007-00018659.html
Digital Armaments realease pre-advisory of vulnerabilties and exploit avaiable
only to Platinum Subscriptors.
The full-advisory will might be released to the public after 6 months.
I. Background
phpBB (privmsg.php) XSS Exploit
By: Demential
Web: http://headburn.altervista.org
E-mail: [EMAIL PROTECTED]
PhpBB website: http://phpbb.com
Exploit tested on phpBB 2.0.21
Secunia.com said:
Input passed to the form field "Message body" in privmsg.php
is not properly sanitised before it is return
MkPortal Full Path Disclosure
Vulnerability discovered by: Demential
Web: http://headburn.altervista.org
E-mail: info[at]burnhead[dot]it
Mkportal website: http://www.mkportal.it
Tested on MKPortal M1.1 RC1 with PhpBB
other versions may also be affected.
http://www.victim.com/mkportal/admin.php
MkPortal Admin XSS
Discovered by: Demential
Web: http://headburn.altervista.org
E-mail: info[at]burnhead[dot]it
Mkportal website: http://www.mkportal.it
Go to: /mkportal/admin.php?ind=ad_contents&op=contents_new
In both fields write:
">alert(document.cookie)
and press save.
Alert
MkPortal "All Guests are Admin" Exploit
Vulnerability discovered and exploited by: Demential
Web: http://headburn.altervista.org
E-mail: info[at]burnhead[dot]it
Mkportal website: http://www.mkportal.it
Start Macromedia Flash and create an swf file with this code:
var idg:Number =
I have spent the last year rewriting the server and it should now Dos free. I
have tested against all known vulnerabilities and cant crash the software.
Please download from www.platinumftp.com and let me know if you find any more.
MkPortal Urlobox Cross Site Request Forgery
Discovered by: Demential
Web: http://www.burnhead.it
E-mail: [EMAIL PROTECTED]
Mkportal website: http://www.mkportal.it
posting [img]?ind=urlobox&op=delete&idurlo=X[/img] in MkPortal urlobox
where X is an ID of a message,
when administrator opens urlobo
Digital Armaments advisory for Platinum Subcription is 06.20.2006
Digital Armaments public advisory is 12.07.2006
http://www.digitalarmaments.com/2006061285940301.html
I. Background
Yahoo! Inc. is an American computer services company with a mission to "be the
most essential global Internet ser
Challenge pubblication is 11.02.2006
http://www.digitalarmaments.com/challenge200611849937.html
I. Details
Digital Armaments officially announce the launch of November-December hacking
challenge.
The challenge starts on November 1. For the November-December Challenge,
Digital Armaments will g
1 - 100 of 151 matches
Mail list logo