am4ss Support System 1.2 PHP Code Injection Exploit
>> TAG: #exploit
am4ss Support System 1.2 PHP Code Injection Exploit
Secunia Security Advisory – Multiple vulnerabilities have been reported in Apple Safari for Mac OS X, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose sensitive information, bypass certain security restrictions, and compromise a user’s system.
This is a MobileSubstrate extension to disable certificate validation within NSURLConnection in order to facilitate black-box testing of iOS Apps. Once installed on a jailbroken device, iOS SSL Kill Switch patches NSURLConnection to override and disable the system’s default certificate validation as well as any kind of custom certificate validation (such as certificate pinning).
Symantec Web Gateway 5.0.3.18 pbcontrol.php ROOT RCE Exploit
Photodex ProShow Producer v5.0.3256 Local Buffer Overflow Exploit
Continued here: [webapps / 0day] – VamCart v0.9 CMS – persistent XSS Vulnerabilities
More: [dos / poc] – Telnet Ftp Server <= Memory Corruption PoC
Zero Day Initiative Advisory 12-125 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
See the original article here: [webapps / 0day] – Reserve Logic v1.2 Booking CMS Multiple Vulnerabilities
This article explains the technical procedure and challenges involved in extracting data and artifacts from iPhone backups.