Archive for January, 2010

Security Richtext editors – vulnerable sample files

0 Comments

January 18th, 2010 by admin

FCKeditor

- http://victim.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html
- http://victim.com/FCKeditor/editor/filemanager/connectors/test.html
- http://victim.com/FCKeditor/upload/test.html
- http://victim.com/FCKeditor/_samples/samplelist.html
- http://victim.com/FCKeditor/_samples/default.html

CHeditor

- http://victim.com/cheditor/insert_image.html
- http://victim.com/cheditor/example/basic.html

gmEditor

- http://victim.com/gmEditor/demo.php
- http://victim.com/gmEditor/upfile.php
- http://victim.com/gmEditor/upfile.htm

Seditor (Smart Editor)

- http://victim.com/SEditor/imgupload.aspx
- http://victim.com/SEditor/imgupload.html

Zeditor

- http://victim.com/zEditor/zEditor.html

cmEditor

- http://victim.com/cmEditor/Editor.html

Source: http://moriper.egloos.com/3516630

FreeBSD FreeBSD 8.0 released

0 Comments

January 10th, 2010 by admin

http://www.freebsd.org

The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 8.0-RELEASE. This release starts off the new 8-STABLE branch which improves on the functionality of FreeBSD 7.X and introduces many new features. Some of the highlights:

  • Xen Dom-U, VirtualBox guest and host, hierarchical jails.
  • NFSv3 GSSAPI support, experimental NFSv4 client and server.
  • 802.11s D3.03 wireless mesh networking and Virtual Access Point support.
  • ZFS is no longer in experimental status.
  • Ground-up rewrite of USB, including USB target support.
  • Continued SMP scalability improvements in many areas, especially VFS.
  • Revised network link layer subsystem.
  • Experimental MIPS architecture support.

Security WebCruiser0.8

0 Comments

January 10th, 2010 by admin

Functions:
* Crawler(Site Directories And Files);
* Vulnerability Scanner(SQL Injection, Cross Site Scripting);
* POC(Proof of Concept): SQL Injection and Cross Site Scripting;
* GET/Post/Cookie Injection;
* SQL Server PlainText/FieldEcho(Union)/Blind Injection;
* MySQL FieldEcho(Union)/Blind Injection;
* Oracle FieldEcho(Union)/Blind Injection;
* DB2 FieldEcho(Union)/Blind Injection;
* Password Hash of SQL Server/MySQL/Oracle Administrator;
* Time Delay For Search Injection;
* Auto Get Cookie From Web Browser For Authentication;
* Auto Check Database Type;
* Auto Get KeyWord;
* Multi-Thread;
* Adcanced:Proxy,Escape Filter.

http://sec4app.com/download/WebCruiser.rar

http://sec4app.com/download/WebCruiserUserGuide.rar

Security Offensive Security Exploit Database

0 Comments

January 10th, 2010 by admin

http://www.exploit-db.com/

Security RainbowCrack 1.4 released

0 Comments

January 4th, 2010 by admin

RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. It cracks hashes with rainbow tables.


RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. It cracks hashes with rainbow tables.