Monthly Archives: January 2015

NVD

CVE-2014-9495

Leave a comment

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16 might allow context-dependent attackers to execute arbitrary code via a “very wide interlaced” PNG image.

Full Disclosure

[Tool] SPARTA 1.0 BETA

Leave a comment

Posted by Antonio Quina on Jan 10

SPARTA is a python GUI application which simplifies network
infrastructure penetration testing by aiding the penetration tester in
the scanning and enumeration phase. It allows the tester to save time by
having point-and-click access to his toolkit and by displaying all tool
output in a convenient way. If little time is spent setting up commands
and tools, more time can be spent focusing on analysing results.

Features:
– Run nmap from SPARTA…

Full Disclosure

CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability

Leave a comment

Posted by Jing Wang on Jan 10

*CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability*

Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter
SQL Injection
Product: SoftBB (mods)
Vendor: Softbb.net
Vulnerable Versions: v0.1.3
Tested Version: v0.1.3
Advisory Publication: Jan 10, 2015
Latest Update: Jan 10, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an
SQL Command (‘SQL Injection’) (CWE-89)
CVE…

Full Disclosure

CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability

Leave a comment

Posted by Jing Wang on Jan 10

CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security
Vulnerability

Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter
XSS
Product: SoftBB (mods)
Vendor: Softbb.net
Vulnerable Versions: v0.1.3
Tested Version: v0.1.3
Advisory Publication: Jan 10, 2015
Latest Update: Jan 10, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9561
Credit: Wang Jing [Mathematics, Nanyang Technological…