All posts by 007admin


D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.

Read More


The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

Read More


EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.

Read More


The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.

Read More


The BlackBerry World app before on BlackBerry 10 OS 10.2.0, before on BlackBerry 10 OS 10.2.1, and before on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream.

Read More

Yourls XSS Stored

Posted by Alvaro Diaz on Oct 25

Hello, I found a xss stored vulnerability in Yourls 1.7 script (latest

The attacker can steal the admin’s cookies and login in the admin panel.

Note: Only the admin can see this.

Steps to perform the vulnerability:

1. Create a new url to shorten –> In the inputs you need write this
payload –> anything”><img src=x onerror=prompt(1)>*

* Javascript code to inject.

2. Click in the button “Shorten”…

Read more