VIEWGOOD VOD视频点播系统 (WebVOD)
漏洞产生于文件/webmedia/oemui/user/guest.asp，访问这个页面需要注册

感谢 ′&廢.的投递

大家好，我是无名

今天发布个discuz旗下产品 "视频播客 SupeV 1.0.1" 0day

We searched far and wide collecting as many Web Hacking Techniques published in 2008 as possible -- ~70 in all. These new and innovative techniques were analyzed and ranked based upon their novelty, impact, and pervasiveness. The 2008 competition was exceptionally fierce and our panel of judges (Rich Mogull, Chris Hoff, H D Moore, and Jeff Forristal) had their work cut out for them. For any researcher, or "breaker" if you prefer, simply the act of creating something unique enough to appear on the list is no small feat. That much should be considered an achievement. In the end, ten Web hacking techniques rose head and shoulders above.

转载自黑客防线

原文作者是Cschii

所谓补丁或者更新，一直以来是研发方为更新产品安全问题、增加新功能或提高运行效率而发布的。但对于安全研究人员来讲，补丁或者更新一直以来也被认为是漏洞挖掘的“指南针”，就类似微软发布更新的星期二，就被很多安全研究人员喻为“Black tuesday”，为什么这样讲呢？因为很多安全研究人员可以根据补丁逆向分析出问题所在，从而再次触发漏洞，迅速编写漏洞溢出代码，通常情况下这种漏洞代码不被认为是0day，但是在大的范围内造成的影响丝毫不比0day差。

this Exploit is based on N/A PoC in Milw0rm but The PoC was really simple to
exploit this PoC can be exploit on DEP-Enabled System As well using .Net
Shellcode trick or etc mayve i write Dep-Enabled version too And also
i should notice , this code can modify to be more reliable ..

Feel free to visit us at : www.Abyssec.com
to contact me directly use : admin@abyssec.com

MS09_002 Memory Corruption Exploit

4images - Image Gallery Management System  V1.7.6  Local Inclusion Vulnerability

sql_2005_inj 0.2 Final Coded By kook1991

This will give us an immediate (probably remote) root shell.
This exploit is only verified on a FreeBSD 7.0-RELEASE fresh install
with telnetd enabled. Other version of FreeBSD may also be affected,
OpenBSD and NetBSD where not tested but MAY contain the same bug because
of historic reasons

彩虹表新版本（RainbowCrack 1.3），向下兼容。

此漏洞存在于Example\NewsSystem目录下的delete.asp文件中，这是ewebeditor的测试页面，无须登陆可以直接进入

最近重装了下系统，安装了所有驱动之后发现"Audio Device On high DefinitIon Audio Bus"前面还是一个大问
号，百度了半天也没找到真正有效的方法，自己摸索了下，成功搞定。记录一下，希望能给同样被这个问题困扰的
朋友带来一点帮助。

Metasploit Auxiliary module for Oracle FTP Script Write/Binary Download/Execute via Oracle Packages.

As DBA (yea for SQLI) we use UTL_FILE to write out our FTP download script, using DBMS_SCHEDULER we create a job to run the script to download our binary and create a 2nd job to execute our binary and get our meterpreter shell. Oracle...Unbreakable.

Multiple Kaspersky Products 'klim5.sys' Local Privilege Escalation Vulnerability