This Metasploit module exploits a file upload vulnerability in ProjectSend revisions 100 to 561. The ‘process-upload.php’ file allows unauthenticated users to upload PHP files resulting in remote code execution as the web server user.
THC-IPv6 Attack Tool 2.7
THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.
Incom CMS SQL Injection
Incom CMS suffers from an authentication bypass vulnerability via remote SQL injection.
nullcon HackIM Challenge 9-11 Jan 2015
Posted by nullcon on Dec 29
Namaste Ninjas,
Seasons greetings!
We are back for 6th time in Goa. nullcon 666 welcomes you to the
beastly devilish conference.
As nullcon is getting near, we are excited and ready to announce the
registration for HackIM CTF. Details at http://ctf.nullcon.net This
time HackIM is powered by EMC and we have some really exciting prizes
to be won.
But as Mahatma Gandhi wisely said “Glory lies in the attempt to reach
one’s goal and not in…
Politician's Fingerprint 'Cloned From Photos' By Hacker
Reminder and Extension CanSecWest CFP deadline tomorrow, December 30th.
Posted by Dragos Ruiu on Dec 29
We were trying to push schedules up, but it was too close to Christmas, so
we’ve extended the deadline for the CanSecWest CFP to December 30th (or as
close to there as you can get, conf on March 18-20th).
Cheers, and a Happy New Year,
–dr
CVE-2014-7294 Ex Libris Patron Directory Services (PDS) Open Redirect Security Vulnerability
Posted by Jing Wang on Dec 29
*CVE-2014-7294 Ex Libris Patron Directory Services (PDS) Open Redirect
Security Vulnerability*
Exploit Title: Ex Libris Patron Directory Services (PDS) Logon Page url
Parameter Open Redirect
Product: Ex Libris Patron Directory Services (PDS)
Vendor: Ex Libris
Vulnerable Versions: 2.1 and probability prior
Tested Version: 2.1
Advisory Publication: DEC 29, 2014
Latest Update: DEC 29, 2014
Vulnerability Type: Open Redirect [CWE-601]
CVE Reference:…
CNN cnn.com Travel XSS and ADS Open Redirect Security Vulnerabilities
Posted by Jing Wang on Dec 29
*CNN Travel.cnn.com <http://Travel.cnn.com> XSS and Ads.cnn.com
<http://Ads.cnn.com> Open Redirect Security Vulnerability*
*Domain:*
http://cnn.com
“CNN is sometimes referred to as CNN/U.S. to distinguish the American
channel from its international sister network, CNN International. As of
August 2010, CNN is available in over 100 million U.S. households.
Broadcast coverage of the U.S. channel extends to over 890,000 American…
Debian Security Advisory 3114-1
Debian Linux Security Advisory 3114-1 – Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could allow an attacker to remotely execute arbitrary code.
Debian Security Advisory 3113-1
Debian Linux Security Advisory 3113-1 – Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead to the execution of arbitrary code.