Inicio

Security Information

Security Issues

Unsafe Parameters

Null Code Services


Null Code Services CEH ACFE CISSP OSSTMM


CVE

Database Security Helix

Security Issues 0Days

Vulnerabilities reported to differents vendors.

      Auditing Code.....

 

31-07-2010 " itunes.apple.com ITUNES 9 " Successfull exploitation allows execution of Cross-site scripting (XSS)  ATTACKs!   APPLE.COM - ITUNES 9 last version and old version EXPLOITABLE

 http://www.nullcode.com.ar/crash/Apple-Itunes9.txt

http://packetstorm.linuxsecurity.com/1008-exploits/itunes-xss.txt 

 

03-07-2010 " NTSOFT  BBS E-Market Professional " Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution ATTACKs! 2009-2010

http://www.securityfocus.com/bid/41401

http://securityreason.com/wlb_show/WLB-2010070034

http://seclists.org/bugtraq/2010/Jul/28

http://xforce.iss.net/xforce/xfdb/60152

 

20-06-2010 " AtMail  Webmail client 1.03  " Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution ATTACKs!     

http://www.nullcode.com.ar/crash/AtMail%20%20open%20Source%20Webmail.txt

http://packetstormsecurity.org/1006-exploits/atmail-xssexeclfi.txt

 

25-05-2010 " Copyright  2008 HostFriendz.com " Successfull exploitation allows execution of SQL INJECTION ATTACKs!

http://www.nullcode.com.ar/crash/Copyright%202008%20HostFriendz.com.txt.txt

 

13-05-2010 "© 2006–2010 Badoo Services Limited" , Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution ATTACKs! 65.874.522 users Affected!!!!

http://inj3ct0r.com/exploits/11591

http://packetstormsecurity.org/filedesc/badoo-xss.txt.html

http://www.secnews.co.uk/article/27486/badoo_services_limited__xss_vulnerabilities

http://www.triviasecurity.net/exploits/Badoo-Services-Online-Community-XSS-vulnerabilities/2044

 

29-07-2009 " NTSOFT  BBS E-Market Professional " , Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution Attacks.

http://packetstormsecurity.org/0907-exploits/ntsoft-xss.txt

http://www.securityfocus.com/bid/35893

http://securityreason.com/securityalert/6454

 

20-02-2009 " Microsoft  Calc.exe Version 5.1 XP sP3  " "Access Violation Exception" 

 Download Information and proof:
-----------------------------------------

http://www.nullcode.com.ar/crash/calc.htm        ---->(video-crash step by step)
http://www.nullcode.com.ar/crash/logs.zip    ---->(Dump,Log,Ida)

 

10-02-2009 " Novell -QuickServer " , Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution Attacks.

 http://securitytracker.com/alerts/2009/Feb/1021695.html

http://www.securityfocus.com/archive/1/500825

http://packetstormsecurity.org/0902-exploits/nqfs-xss.txt

http://www.governmentsecurity.org/aggregator/categories/4

http://www.buslab.org/index2.php?option=com_content&do_pdf=1&id=294347

http://seclists.org/bugtraq/2009/Feb/0078.html

http://secunia.com/Advisories/33886/

16-01-2009 "Copyright 2008 Future US " , Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution Attacks.

http://packetstormsecurity.org/0901-exploits/copyright-xss.txt

A lot of sites affected.

 

MovieBlips - Your daily movie news 

MMABlips - News to fight for
RacingBlips - News built for speed
CyclingNews - The world centre of cycling
WallStreetBlips - Show me the money
BeltwayBlips - All politics, all the time
EarthBlips - Re-imagine the planet 



 

ShowHype - Biggest stories, best fans
TVBlips - For TV aficionados only
42Blips - For science fiction fans
ComicsBlips - Excelsior! Comics news galore!
TotalFilm - Welcome to the movies!
BallHype - Best stories, biggest fans
ActionSportsBlips - Surf, Skate, Ski, Snowboard
BikeRadar - The world is for riding


 

12-01-2009 "Ovidentia" , Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution Attacks.

http://www.packetstormsecurity.org/0901-exploits/ovidentia-portalxss.txt

http://www.securityfocus.com/bid/33230/info


14-10-2008   "ActivePortail® CMS  Copyright AGIIR Network 2008  ",Successful exploitation allows execution of XSS and Remote Java Inclusion Attacks

http://packetstormsecurity.org/0810-exploits/activeportail-xss.txt

04-10-2008   "Kewego",Successful exploitation allows execution of Cross-site scripting (XSS)  Attacks

all version affected (www.kewego.-) , and a lot sites affected.(TV Broadcast, Newspaper and Magazine publishing and Web Sites)

http://www.nullcode.com.ar/ncs/crash/XSS-Kewego.txt      VU#954428.

 01-10-2008   "Developed by orbamic",Successful exploitation allows execution of XSS and Remote Java Inclusion Attacks

http://packetstormsecurity.org/0810-exploits/orbamic-xss.txt

Sites Affected:

 

Arts London University Students Union
Buck's New University Students' Union
Bradford University Students' Union
De Montfort Students Union
Edge Hill Students Union
Gloucestershire Students' Union
Hull University Students' Union


 

Liverpool University Guild of Students
Plymouth University Students' Union
Sussex University Students' Union University of London Union
Westminster University Students' Union
Worcester University Students' Union
Salford University Students' Union


14-09-2008   Turba Contact Manager ,Successful exploitation allows execution of XSS and Remote Java Inclusion Attacks

http://packetstormsecurity.org/0809-exploits/turba-xss.txt

http://www.securityfocus.com/bid/31168/info

 

06-09-2008   MS Organization Chat 2.0  Successful exploitation allows execution of arbitrary code

http://www.nullcode.com.ar/ncs/crash/orgchart.htm

http://www.nullcode.com.ar/ncs/crash/proof.rar   ---->(proof.opx)

http://www.securityfocus.com/bid/31059/info

http://web.nvd.nist.gov/view/vuln/detail;jsessionid=9459368150cb95bb1e850723a525?execution=e1s1

http://osvdb.org/show/osvdb/48000

 

27-08-2008   MercadoLibre.com   over SSL Security Compromised and  Successful exploitation Phishing -XSS- RFI flaw

 (High Impact)

http://packetstormsecurity.org/0808-exploits/mercadolibre-xssrfi.txt

 

24-08-2008  Deremate.com  Security Compromised and  Successful exploitation XSS RFI flaw

 (High Impact)

http://packetstormsecurity.org/0808-exploits/deremate-xssrfi.txt

 

09-08-2008 Microsoft Windows APP : Nslookup  allows execution of arbitrary code

Download video of Poc:


http://www.nullcode.com.ar/ncs/crash/nsloo.htm

http://www.securityfocus.com/bid/30636/references 

http://cyberinsecure.com/zero-day-microsoft-windows-nslookupexe-vulnerability-exploited-in-the-wild/

http://blogs.zdnet.com/security/?p=1721

http://packetstormsecurity.org/0808-advisories/Nslookup-Crash.txt

 

26-06-2008  Linkara Free comunity all version  Multiple Cross-Site Scripting Vulnerabilities (www.linkara.com)

http://packetstormsecurity.org/0806-exploits/linkara-xss.txt  

 

24-06-2008  Power By Trabajando.com  Multiple Cross-Site Scripting Vulnerabilities

Cientos de sitios Chilenos afectados por dicha vulnerabilidad,(vendor notificado) 

http://www.securityfocus.com/bid/29887/info 

http://packetstormsecurity.org/0806-exploits/trabajando-xss.txt

 

20-06-2008  Microsoft WordPad 5.1 Successful exploitation

http://packetstormsecurity.org/0806-exploits/wordpad-crash.tgz 

 

18-06-2008 Microsoft Word  Successful exploitation allows execution of arbitrary code

http://www.securityfocus.com/bid/29769 

http://packetstormsecurity.org/0806-exploits/msword-crash.tgz

http://blogs.zdnet.com/security/?p=1324

http://www.symantec.com/security_response/vulnerability.jsp?bid=29769

http://blogs.technet.com/b/srd/archive/2009/04/14/ms09-010-reducing-the-text-converter-attack-surface.aspx

(High Impact)


02-06-2008 Oracle Corporation BEA WebLogic Portal   Multiple Remote Vulnerabilities

(High Impact)

http://www.packetstormsecurity.org/0806-exploits/bea-xss.txt

 

23/05/2008  Horde  Kronolith Calendar (XSS - RFI) Multiple Remote Vulnerabilities

http://www.packetstormsecurity.org/filedesc/hordekrono-xss.txt.html

http://www.securityfocus.com/bid/29365/info

 

15/05/2008 -  Horde Turba Contact Manager 2.1.7 (XSS - RFI) Multiple Remote Vulnerabilities

http://www.securityfocus.com/bid/29213

http://packetstormsecurity.org/0805-exploits/hordeturba-xss.txt

http://securitydot.net/vuln/exploits/vulnerabilities/articles/24860/vuln.html 

 

01/05/2008 - Zent Cart 2008 SQL Injection  Remote Vulnerabilities

http://packetstormsecurity.org/0805-exploits/zencart-sql.txt

http://www.securityfocus.com/bid/29020

 

26/03/2008 - GeeCarts (XSS - RFI) Multiple Remote Vulnerabilities

http://www.packetstormsecurity.org/filedesc/geocarts-xssrfi.txt.html

http://www.securityfocus.com/bid/28470

 

24/02/2008 - MWhois (Matt's Whois Lookup) (XSS - RFI) Multiple Remote Vulnerabilities

http://packetstormsecurity.org/0802-exploits/mattswhois-xss.txt
http://secunia.com/advisories/29093/

http://www.securityfocus.com/bid/27974

http://xforce.iss.net/xforce/xfdb/40825

http://nvd.nist.gov/nvd.cfm 

http://osvdb.org/ 

 

12/02/2008 - Job Board Software all versions    (XSS - RFI) Multiple Remote Vulnerabilities

http://packetstormsecurity.org/0802-exploits/jobboard-xssrfi.txt

http://secunia.com/advisories/28908/

http://www.packetstormsecurity.org/filedesc/jobboard-xssrfi.txt.html

http://www.securityfocus.com/bid/27743
 

21/01/2008 - WebEditor <= 1.0.4 XSS & RFI Multiple Remote Vulnerabilities

http://packetstormsecurity.org/0801-exploits/webeditor-xssrfi.txt 

21/01/2008 - WebSTAR Mail <= 4.4.1 XSS & RFI Multiple Remote Vulnerabilities

http://packetstormsecurity.org/0801-exploits/webstar-xssrfi.txt

 

02/11/2007 - Helios Calendar <=1.2.1 Beta (XSS) Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/26312 

19/10/2007 - SocketMail <=2.2.1 (XSS) Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/26138

19/10/2007 - SocketKB <=1.1.5 (XSS) Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/26136

16/10/2007 - BlaB! Chat < 3.3 (XSS) Multiple Remote Vulnerabilities
http://packetstormsecurity.org/0710-exploits/blabchat-xss.txt

05/10/2007 - MailBee WebMail Pro <=3.4 (XSS) Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/25942

http://www.xssed.com/advisory/100/MailBee_WebMail_XSS_Vulnerabilities/

03/10/2007 - UebiMiau <=2.7.x  (XSS) Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/25912


 

 

 

 

 

 

 


CECF CECF GCFA