Ascii for Breakfast
  • Home
  • My work
    • My articles
    • My documents
    • Puppet code snippets
    • Cfengine 3 code snippets
    • My self-written tools
    • My self-written exploits
    • My papers about IT security
    • Discovered vulnerabilities
  • Cheat Sheets
    • Simple awk cheat sheet
    • XSS Cheat Sheet
    • RHCSA Cheat Sheet
    • RHCE Cheat Sheet
    • RHEV and RHCVA Cheat Sheet
    • LPIC-1 Cheat Sheet Module 101
    • LPIC-1 Cheat Sheet Module 102
  • Links
  • About me
  • Impressum
  • The (in)security of Omegle – What Omegle users should know, also published on packetstormsecurity.org, Exploit DB and on Docstoc.
  • Lokalisten: identity problems – “Hyjacking” other profiles (is) was so much fun!, something similar happened by the way also to Facebook.
  • The anatomy of an online banking fraud, or: Harvesting bank account data.
  • leaftec cms multiple vulnerabilities, also published on Exploit DB, hack0wn, expbase, secunia, swxz88, bbs.honkwin, 7747, bug-blog.de, cnet.com, sans.org, cwo1f hi.baidu.com, nullbyte.org.il, secuobs, osvdb.org, sebug.net, securityhome.eu, Juniper(2) and packetstormsecurity.org.
  • Devana SQL Injection vulnerability, also published on hack0wn, Exploit DB, expbase, bbs.honkwin, ariko-security,  sebug.net, nullbyte.org.il, osvdb.org, Juniper and packetstormsecurity.org.
  • onepound shop / cms XSS and SQL Injection vulnerabilities, also published on Exploit DB, bbs.honkwin, hack0wn, nullbyte.org.il, Juniper and packetstormsecurity.org.
  • Facebook – Having fun with the search box (XSS), also published on bbs.honkwin and hack0wn.
  • Joomla component jp_jobs SQL Injection vulnerability, also published on hack0wn, Exploit DB, bbs.syue, siomalabs, expbase, hi.baidu.com, packetstormsecurity.org, cnet.com, Security Database, secunia, cwo1f, SecurityReason, 0daynet.com, launchpad.net, cve.mitre.org, hxcode.com, xforce.iss.net, SecurityFocus, nullbyte.org.il, National Vulnerability Database, osvdb.org and Juniper. I worked together with Kim from joomlanetprojects.com in order to fix the vulnerability, he mentions this here, here and in the changelog of the component.
  • ShopSystem SQL Injection vulnerability, also published on Exploit DB, expbase, packetstormsecurity.org, cnet.com, secunia, nullbyte.org.il, bug-blog.de, osvdb.org, securelist.com (Kaspersky), SecurityFocus, Juniper and hack0wn.
  • OnePC mySite Management Software SQL Injection Vulnerability, also published on Exploit DB, ExpBase, cwo1f, nullbyte.org.il, packetstormsecurity.org and hack0wn.
  • Joomla Component Multi-Venue Restaurant Menu Manager SQL Injection Vulnerability, also published on Exploit DB, hack0wn, cwo1f, SecurityReason, secunia, ExpBase, Security Database, Sioma Labs, osvdb.org, SecurityFocus, sebug.net, bug-blog.de, governmentsecurity.org, yesmybi.cn, nullbyte.org.il, securelist.com (Kaspersky), packetstormsecurity.org, and Juniper.
  • Joomla Component QPersonel SQL Injection Vulnerability, also published on hack0wn, SecurityReason, Exploit DB, cwo1f, ExpBase, packetstormsecurity.org, sebug.net, osvdb.org, yesmybi.cn, secunia, SecurityFocus, nullbyte.org.il, Security Database, xforce.iss.net, and Juniper.
  • Joomla Component com_pandafminigames SQL Injection Vulnerabilities, also published on siomalabs, Exploit DB, ExpBase, nullbyte.org.il, cw01f, packetstormsecurity.org, Juniper and hack0wn.
  • Joomla Component com_joltcard SQL Injection Vulnerability, also published on hack0wn, ExpBase, Exploit DB, nullbyte.org.il, osvdb.org, sebug.net, SecurityReason, secunia, Juniper, launchpad.net and packetstormsecurity.org.
  • dl_stats Multiple Vulnerabilities, also published on cwo1f.com, secunia, bug-blog.de,  hack0wn, packetstormsecurity.org, osvdb.org, National Vulnerability Database, Vupen, cnet.com, SecurityReason, sans.org, SecurityFocus, xforce.iss.net, nullbyte.org.il, Juniper, securityspace.com, launchpad.net (2) and Exploit DB.
  • phpGreetCards XSS Vulnerabilities, not published really since I discovered afterwards that someone else has reported this vulnerability before. Anyway, some sites published it: cwo1f, Exploit DB, sebug.net, 0daynet.com, hack0wn, nullbyte.org.il, ExpBase, SecurityReason, SecurityFocus, secunia and packetstormsecurity.org.
  • FlashCard XSS Vulnerbility, also published on SecurityReason, bug-blog.de, hack0wn, SecurityFocus, osvdb.org, secunia, Juniper and packetstormsecurity.org.
  • Guestbook PHP XSS Vulnerability, also published on Exploit DB, bug-blog.de, 0daynet.com, secunia, ExpBase, cwo1f, SecurityFocus, nullbyte.org.il, osvdb.org, packetstormsecurity.org, sans.org, Juniper and siomalabs.
  • Auto-Img-Gallery XSS Vulnerability, also published on hack0wn, cnet.com, SecurityFocus, packetstormsecurity.org, xforce.iss.net, osvdb.org, Security Database, SecurityReason, Juniper, launchpad.net and secunia.
  • Sethi Family Guestbook XSS Vulnerabilities, also published on Exploit DB, osvdb.org, ExpBase, packetstormsecurity.org, secunia, nullbyte.org.il, SecurityFocus, cnet.com, Juniper and SecurityReason.
  • chCounter indirect SQL Injection and XSS Vulnerabilities, also published on Exploit DB, packetstormsecurity.org, ExpBase, cwo1f, hack0wn, SecurityReason, nullbyte.org.il, xforce.iss.net, entwickler.de, secunia, SecurityFocus and Juniper.
  • Rad User Manager XSS Vulnerabilities, also published on packetstormsecurity.org and hack0wn.
  • Joomla Component Card View JX XSS Vulnerabilities, also published on Exploit DB, cwo1f, ExpBase, hack0wn, packetstormsecurity.org, nullbyte.org.il, secunia and VUPEN.
  • Joomla Component Table JX XSS Vulnerabilities, also published on cwo1f, 0daynet.com, packetstormsecurity.org, osvdb.org, bug-blog.de, nullbyte.org.il, Vupen, SecurityFocus cve.mitre.org, National Vulnerability Database, xforce.iss.net, secunia and Exploit DB.
  • damianov.net Shoutbox XSS Vulnerability, also published on hack0wn, ExpBase, SecurityReason, nullbyte.org.il, packetstormsecurity.org and Exploit DB.
  • Joomla Component JE Ajax Event Calendar Local File Inclusion Vulnerability, also published on packetstormsecurity.org, hack0wn, secunia, Juniper, SecurityFocus, National Vulnerability Database, nullbyte.org.il, xforce.iss.net, cve.mitre.org, Security Database, osvdb.org, us-cert.gov, China Information Technology Security Vulnerability Database and Exploit DB.
  • Joomla Component JE Job Local File Inclusion Vulnerability, also published on packetstormsecurity.org, hack0wn, secunia, Juniper, SecurityFocus, securelist.com (Kaspersky), forum.joomla.it, bugsearch.net, nullbyte.org.il and Exploit DB.
  • Joomla Component ActiveHelper LiveHelp XSS Vulnerabilities, also published on packetstormsecurity.org, cnet.com, sebug.net, SecurityReason, hack0wn, osvdb.org, National Vulnerability Database, Security Database, SecurityFocus, cve.mitre.org, Juniper, us-cert.gov and secunia.
  • Joomla Component My Car Multiple Vulnerabilities, also published on Exploit DB, packetstormsecurity.org, hack0wn, ExpBase,  secunia, SecurityFocus, SecurityReason, osvdb.org, Vupen, National Vulnerability Database, nullbyte.org.il, xforce.iss.net(2), Juniper and us-cert.gov.
  • Joomla Component Reservations XSS Vulnerability, also published on Exploit DB, packetstormsecurity.org, hack0wn, SecurityFocus, SecurityReason and Juniper.
  • Joomla Component BF Quiz SQL Injection Vulnerability, also published on Exploit DB, ExpBase, secunia, SecurityFocus, SecurityReason, nullbyte.org.il, packetstormsecurity.org, 0daynet.com, osvdb.org, VUPEN, and Juniper.
  • Dijitals CMS XSS Vulnerabilities, also published on hack0wn, bug-blog.de, bugsearch.net, osvdb.org(2), SecurityFocus, packetstormsecurity.org, SecurityReason, net-security.org, securelist.com (Kaspersky), VUPEN, Juniper and Secunia.
  • Lyrics Script SQL Injection and Cross-Site Scripting Vulnerabilities, also posted on hack0wn, packetstormsecurity.org, secunia, nullbyte.org.il, VUPEN and Exploit DB.
  • E-Book Store SQL Injection Vulnerability, also published on hack0wn, 0daynet.com, packetstormsecurity.org, secunia, securelist.com (Kaspersky), bug-blog.de, sans.org, ExpBase, Juniper, osvdb.org, SecurityReason, theglider.org, VUPEN, net-security.org, Hacking Expose, SecurityFocus and Exploit DB.
  • Joke Website Script SQL Injection and Cross-Site Scripting Vulnerabilities, also published on hack0wn, packetstormsecurity.org, secunia, osvdb.org(2), bug-blog.de, SecurityReason, VUPEN, SecurityFocus, nullbyte.org.il, Juniper, lists.virus.org, bugsearch.net, 0daynet.com and Exploit DB.
  • Daily Inspirational Quotes Script SQL Injection Vulnerability, also published on hack0wn, secunia, packetstormsecurity.org, SecurityFocus, osvdb.org, Juniper, ExpBase, SecurityReason, bugsearch.net, xforce.iss.net, nullbyte.org.il, VUPEN and Exploit DB.
  • Membership Site Script SQL Injection Vulnerability, also published on hack0wn, secunia, packetstormsecurity.org, SecurityReason, ExpBase, bugsearch.net, xforce.iss.net, VUPEN, SecurityFocus, osvdb.org, nullbyte.org.il, securelist.com (Kaspersky), Juniper and Exploit DB.
  • Joomla Component com_golfcourseguide SQL Injection Vulnerability, also published on Exploit DB, packetstormsecurity.org, SecurityReason, ExpBase, netcopsecurity.com, worksnet.net, xforce.iss.net, SecurityFocus, cve.mitre.org, National Vulnerability Database, securityhome.eu, nullbyte.org.il and osvdb.org.
  • GaleriaSHQIP SQL Injection Vulnerability, also published on Exploit-DB, ExpBase, bugsearch.net, worksnet.net, launchpad.net, SecurityReason, secunia, packetstormsecurity.org, osvdb.org, National Vulnerability Database, xforce.iss.net, cve.mitre.org, SecurityFocus, Security Database and cvedetails.com.
  • Mechbunny Porn Tube Search Script Multiple Vulnerabilities, also published on securityhome.eu, bugsearch.net, SecurityReason and packetstormsecurity.org.
  • Mechbunny PaysiteReviewCMS Permanent XSS Vulnerabilities, also published on securityhome.eu, bugsearch.net, securelist.com (Ksaypersky), SecurityReason, secunia, osvdb.org (2), xforce.iss.net and packetstormsecurity.org.
  • Joomla Component com_nkc SQL Injection Vulnerability, also published on securityhome.eu, bugsearch.net, SecurityReason and packetstormsecurity.org.
  • Joomla Component com_restaurantguide Multiple Vulnerabilities, also published on bugsearch.net, packetstormsecurity.org, ExpBase, SecurityReason, SecurityFocus and Exploit-DB.
  • VideoDB Multiple Vulnerabilities, also published on Exploit-DB, allinfosec.com, secunia, packetstormsecurity.org. ExpBase, Securityhome.eu, SecurityReason and bugsearch.net.
  • Zeeways Adserver Multiple Vulnerabilities, also published on bugsearch.net, bug.haik8.com, ExpBase, SecurityReason, packetstormsecurity.org and Exploit-DB.
  • Joomla Component com_jsupport Critical XSS Vulnerability, also published on bugsearch.net, Exploit-DB, SecurityReason, cnet.com, secunia, securelist.com (Kaspersky), ExpBase, Hungary Cert, osvdb.org and on packetstormsecurity.org.
  • Joomla Component com_jsupport SQL Injection Vulnerability, also published on bugsearch.net, Exploit-DB, SecurityReason, cnet.com, secunia, ExpBase, Hungary Cert, osvdb.org and on packetstormsecurity.org.
  • OneOrZero AIMS v2.6.0 Members Edition Multiple Vulnerabilities, also published on packetstormsecurity.org, secunia, ExpBase, bugsearch.net, SecurityFocus (2), osvdb.org, SecurityReason, secday.com and on Exploit-DB.
  • South Korean UTW CMS Multiple Vulnerabilities, also published on packetstormsecurity.org, SecurityReason, SecurityFocus, xforce.iss.net (2) (3) and on bugsearch.net.
  • The Joomla Hacking Compendium, also posted on Exploit-DB, phpcamp.net, Xing, SecurityReason, Twitter, governmentsecurity.org, packetstormsecurity.org and mentioned by the Joomla! co-founder Brian Teeman. Also published in the issue April/2013 of the Hackers5 magazine (India).
  • Joomla Component com_jmsfileseller Local File Inclusion Vulnerability, also published on Exploit-DB, securityhome.eu, packetstormsecurity.org, Juniper, secunia, SecurityFocus, SecurityReason, osvdb.org and bugsearch.net.
  • Register here
    Blog about Xen, IT-Security, Linux and other stuff by Valentin Höbel.

    hacker emblem
    valentin@xenuser.org
    xenuser@Twitter
  • Recent posts
    • Two more cheat sheets added
    • Performing simple Backups with Cfengine 3
    • Configuring sshd with Puppet
    • Running shell commands with Puppet
    • Managing APT sources.lists with Puppet
  • Blogroll
    • Bionix' Blog
    • Jonas
    • MarsDominion
    • Official Xen Blog
    • Only4 StartUps: Tips and tricks
    • RTFM (romanian blog)
    • Thilos little website
  • Archives
    • March 2013
    • February 2013
    • January 2013
    • November 2012
    • October 2012
    • September 2012
    • August 2012
    • July 2012
    • June 2012
    • May 2012
    • April 2012
    • March 2012
    • November 2011
    • October 2011
    • September 2011
    • August 2011
    • July 2011
    • June 2011
    • May 2011
    • April 2011
    • March 2011
    • February 2011
    • January 2011
    • December 2010
    • November 2010
    • October 2010
    • September 2010
    • August 2010
    • July 2010
    • June 2010
    • May 2010
    • April 2010
    • March 2010
  • Tag cloud
    advisories advisory Android blog cfengine cfengine3 cfengine 3 code sample code snippet Cross-Site Scripting Debian download example exploit Exploits facebook html code injection Joomla component Linux linux mint local file inclusion manifest mint monitoring Penetration Testing promise Puppet Python sample scanner script Security Security Assessment sql injection tool Tutorial Ubuntu variable vulnerabilities vulnerability Vulnerability Research vulnerability scanner Xen xen.org XSS
  • RSS Unknown Feed
  • RSS Exploit-DB updates
    • [webapps] - WordPress ProPlayer Plugin 4.7.9.1 - SQL Injection
    • [dos] - win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase
    • [papers] - GAME ENGINES: A 0-DAY’S TALE
    • [remote] - Linksys WRT160nv2 apply.cgi Remote Command Injection
    • [remote] - D-Link DIR615h OS Command Injection
    • [webapps] - Kimai 0.9.2.1306-3 - SQL Injection Vulnerability
    • [local] - Ophcrack 3.5.0 - Local Code Execution BOF
    • [webapps] - ZPanel templateparser.class.php Crafted Template Remote Command Execution
    • [webapps] - Exponent CMS 2.2.0 beta 3 - Multiple Vulnerabilities
    • [remote] - Mutiny 5 Arbitrary File Upload
  • RSS blog.xen.org
    • Bringing Xen on the Chromebook and the Arndale Board: the journey so far
    • Xen 4.3.0-RC2 Available and Xen TestDay Tomorrow
    • Transition from xen.org to xenproject.org
    • Welcome Home: Xen moves to a new home built by CloudAccess.net
    • Xen Project Governance Changes for Review and Vote
    • Why Use Xen?
    • Xen 4.3.0-RC1 is out!
    • Leveraging CentOS and Xen for the GoDaddy private cloud
    • Xen 4.1.5 & 4.2.2, Xen Document and Xen 4.3 Test Days
    • Xen 4.3 update: Code Freeze started
  • 18 feed subscribers
  • Author Links
    Secunia
    Link

    Exploit DB
    Link 1, link 2 and link 3

    Security Focus
    Link 1 and link 2

    Packetstorm Security
    Link

    OSVDB
    Link

    Security Reason
    Link

    Launchpad
    Link

No copyright message here. Who cares anyway?