Inj3ct0r Team has hacked ExploitHub.com

EDB-ID:

42897

CVE:

N/A


Author:

Inj3ct0r

Type:

papers


Platform:

eZine

Date:

2012-12-11


###
# Title  : Inj3ct0r Team has hacked ExploitHub.com
# Inj3ct0r-zine : http://priv8.1337day.com/exploitHUB.txt
# Proof: http://priv8.1337day.com/proof_exploit_list.sql
# Home   : 1337Day Exploits Market
# Web    : 1337day.com .net .org
# Fb     : http://fb.me/inj3ct0rs
# Tw     : https://twitter.com/inj3ct0r

# <3 <3 Greetings t0 Inj3ct0r Members <3 <3
# Greetings To r4dc0re, Kingcope, CrosS, SeeMe, KedAns-Dz, DaOne, NuxbieCyber, Tibit, Sammy FORGIT, D4NB4R, neutr0n, D4RK CR1PT3R, Mark (Mko)! Angel Injection you chicken :P
# F-ck HaCking ExploitHub, Lov3 Explo8ting!

                       .-"``"-.
                      /______; \
                     {_______}\|
                     (/ a a \)(_)
                     (.-.).-.)
        _______ooo__(    ^    )____________
       /             '-.___.-'             \
      | Inj3ct0r Team hacked ExploitHub.com |
      |   1337Day w0rms member the best     |
      |     1337day.com  / inj3ct0rs.com    |
      |      1337day.net \  1337day.org     |
      \________________________ooo________/
                     |_  |  _|
                     \___|___/
                     {___|___}
                      |_ | _|
                      /-'Y'-\
                     (__/ \__)

What's new ?
*-...________________...-*

Today (December 11th), the Inj3ct0r Team has hacked http://exploithub.com and we like to add a small line here " This is for Educational Purpose Only "
Inj3ct0r Team stole private exploits worth $242333 (i ll calculate) from Exploithub


                                                       Z Where to sell my 0day exploits..
                                                   Z
                                   .,.,        z
                       ((((())    z
                               ((('_  _`) '
    _______________________    ((G   \ |)      ___________________
                              (((`   " ,
                               .((\.:~:          .--------------.
   Do you want to buy       __.| `"'.__      | \              |
                            .''   `---'   `.    |  .             :
        or sell            /                `   |   `-.__________)
                          |             ~       |  :             :
       exploits?          |                     |  :  |
                          |    _                |     |   [ ##   
     1337day.com           \    `--.        ____|  ,   oo_______.'
                           `_   ( \) _____/     `--___
         is                 | `--)  ) `-.   `---   ( - a:f -
                            |   '///`  | `-.
    a good solution         |     | |  |    `-.
                            |     | |  |       `-.
                            |     | |\ |
                            |     | | \|
                             `-.  | |  |
                                `-| '

-----------------------Reason-------------------------------------------

We hacked http://exploithub.com because the people who publish private exploits on http://exploithub.com 
need know that the ExploitHub Admins are lamers and can not provide them with adequate security.



Where   _     ,,,,
 Proof?   \   /   '
             /.. /
            ( c  D
             \- '\_
              `-'\)\
                 |_ \
                 |U \\
                (__,//
                |. \/
                LL__I
                 |||
                 |||
              ,,-``'\


I show a piece of the database:


"product_name",	"product_price",   "created_date",   "author_id",  "author_username"


CA Total Defense Suite deleteReportFilter Stored Procedure SQL Injection,100.0000,2012-01-02 14:45:13,"60",Mario
Novell iPrint Client ActiveX Control debug Buffer Overflow,50.0000,2012-01-02 14:45:43,"60",Mario
Trend Micro Internet Security Pro 2010 ActiveX Control Buffer Overflow,50.0000,2012-01-02 14:46:06,"60",Mario
Oracle ABORT_TABLE_INSTANTIATION Buffer Overflow,1000.0000,2011-03-18 16:30:27,"60",Mario
Oracle CREATE_DATABASE_LINK Buffer Overflow,1100.0000,2011-03-18 16:32:00,"60",Mario
Oracle DELETE_REFRESH_OPERATIONS Buffer Overflow,1000.0000,2011-03-18 16:32:48,"60",Mario
Oracle DIFFERENCES Buffer Overflow,1000.0000,2011-03-18 16:33:52,"60",Mario
Oracle DISABLE_RECEIVER_TRACE Buffer Overflow,1000.0000,2011-03-18 16:35:10,"60",Mario
Oracle FROM_TZ() Buffer Overflow,1000.0000,2011-03-18 16:36:02,"60",Mario
Oracle GENERATESCHEMA Buffer Overflow.,1500.0000,2011-03-22 21:01:02,"60",Mario
Oracle GET_FULL_FILENAME Buffer Overflow.,1000.0000,2011-03-22 20:57:40,"60",Mario
Oracle9i INSTANTIATE_OFFLINE Buffer Overflow,1000.0000,2011-03-18 16:39:18,"60",Mario
Oracle9i KSDWRT Buffer Overflow,1000.0000,2011-03-18 16:39:57,"60",Mario
Oracle NUMTODSINTERVAL() Buffer Overflow.,1500.0000,2011-03-22 21:03:58,"60",Mario
Oracle NUMTOYMINTERVAL() Buffer Overflow,1000.0000,2011-03-18 16:41:57,"60",Mario
Oracle PARALLEL_PUSH_RECOVERY Buffer Overflow,1000.0000,2011-03-18 16:42:39,"60",Mario
Oracle10g PITRIG_DROP Buffer Overflow,1000.0000,2011-03-18 16:43:36,"60",Mario
Oracle10g PITRIG_DROPMETADATA Buffer Overflow,1200.0000,2011-03-18 16:44:16,"60",Mario
Oracle10g PITRIG_TRUNCATE Buffer Overflow,1000.0000,2011-03-18 16:44:58,"60",Mario
Oracle SYS.LTUTIL Buffer Overflow,1200.0000,2011-03-18 16:45:55,"60",Mario
Oracle9i REGISTER_USER_REPGROUP Buffer Overflow,1000.0000,2011-03-18 16:47:21,"60",Mario
Oracle SDO_CODE_SIZE Buffer Overflow,1000.0000,2011-03-18 16:48:09,"60",Mario
Oracle SET TIME_ZONE Buffer Overflow,1000.0000,2011-03-18 16:48:54,"60",Mario
Oracle CTX_OUTPUT() Buffer Overflow,1000.0000,2011-03-18 16:49:51,"60",Mario
Oracle TO_TIMESTAMP_TZ() Buffer Overflow,1000.0000,2011-03-18 16:50:28,"60",Mario
Oracle TZ_OFFSET() Buffer Overflow,1000.0000,2011-03-18 16:51:11,"60",Mario
Oracle DBMS_AQADM Buffer Overflow,1000.0000,2011-03-18 16:52:03,"60",Mario
DBMS_JVM_EXP_PERMS Escalation,500.0000,2011-03-18 16:53:19,"60",Mario
Oracle extjob.exe Command Execution Vulnerability,200.0000,2011-10-06 10:42:28,"60",Mario
CTXSYS.DRILOAD SQL Injection,125.0000,2011-01-26 15:37:30,"60",Mario
SET_OUTPUT_TO_JAVA SQL Injection,1000.0000,2011-03-18 16:55:44,"60",Mario
Symantec Alert Management System ModemString Buffer Overflow,200.0000,2012-06-14 11:39:16,"60",Mario
Symantec Alert Management System PinNumber Buffer Overflow,200.0000,2011-11-27 14:41:35,"60",Mario
KingView 6.53 SCADA HMI HistorySvr Heap Overflow,250.0000,2011-03-23 13:31:14,"84",Ian
IGSS IGSSdataServer.exe opcode 0xd overflow,500.0000,2011-06-15 10:55:12,"89",hal
Opera Browser 10.62 border-radius (SVG handler) Memory Corruption,100.0000,2011-06-17 08:51:49,"184",Ss3c
FactoryLink vrn.exe opcode 9 overflow,500.0000,2011-06-15 10:55:23,"89",hal
Lotus Domino iCalendar Stack Overflow,1500.0000,2011-06-14 15:43:49,"209",jgrusko
IBM Lotus Domino 8.5.2 WebAdmin.nsf Cross-Site Scripting Vulnerability,0.0000,2011-07-10 05:59:42,"126",r0i
Site License,0.0000,2011-07-20 02:29:53,"",
Adobe Flash Player newfunction rop 2,200.0000,2011-07-30 15:43:45,"62",NSSLabs
Adobe Flash Player newfunction rop 3,200.0000,2011-07-30 15:43:23,"62",NSSLabs
Adobe Flash Player newfunction rop 4,200.0000,2011-07-30 15:44:57,"62",NSSLabs
ms11_003_ie_css_import_stackpivot_rop_1,250.0000,2011-07-30 15:59:44,"62",NSSLabs
ms11_003_ie_css_import_stackpivot_rop_2,250.0000,2011-07-30 16:00:52,"62",NSSLabs
ms11_003_ie_css_import_stackpivot_rop_3,250.0000,2011-07-30 16:03:21,"62",NSSLabs
ms11_003_ie_css_import_stackpivot_rop_4,250.0000,2011-07-30 16:02:59,"62",NSSLabs
ms11_003_ie_css_import_stackpivot_rop_5,250.0000,2011-07-30 16:04:04,"62",NSSLabs
ms11_003_ie_css_import_stackpivot_rop_6,250.0000,2011-07-30 16:04:50,"62",NSSLabs
ms11_003_ie_css_import_stackpivot_rop_7,250.0000,2011-07-30 16:06:55,"62",NSSLabs
ms11_003_ie_css_import_stackpivot_rop_8,250.0000,2011-07-30 16:08:37,"62",NSSLabs
ms11_003_ie_css_import_stackpivot_rop_9,250.0000,2011-07-30 16:09:20,"62",NSSLabs
ms11_003_ie_css_import_stackpivot_rop_10,250.0000,2011-07-30 16:10:06,"62",NSSLabs
ms11_003_ie_css_import_stackpivot_rop_11,250.0000,2011-07-30 16:10:54,"62",NSSLabs
ms11_003_ie_css_import_stackpivot_rop_12,250.0000,2011-07-30 16:11:44,"62",NSSLabs
ms11_003_ie_css_import_stackpivot_rop_13,250.0000,2011-07-30 16:12:31,"62",NSSLabs
ms11_003_ie_css_import_stackpivot_rop_14,250.0000,2011-07-30 16:13:22,"62",NSSLabs
ms11_003_ie_css_import_stackpivot_rop_15,250.0000,2011-07-30 16:14:04,"62",NSSLabs
Adobe Flash Player newfunction rop 1,200.0000,2011-08-01 15:24:09,"62",NSSLabs
Adobe CoolType SING Table winxp rop 1,250.0000,2011-08-01 18:13:29,"62",NSSLabs
Adobe CoolType SING Table win7 rop 1,250.0000,2011-08-01 18:16:19,"62",NSSLabs
Citrix Systems Provisioning Services 5.6 Buffer Overflow Module,300.0000,2011-08-01 18:18:19,"62",NSSLabs
Avaya WinPMD UniteHostRouter Buffer Overflow,200.0000,2011-08-07 09:42:10,"60",Mario
Oracle TO_CHAR() Buffer Overflow.,1000.0000,2011-08-08 14:55:39,"60",Mario
Oracle DBMS_JAVA_TEST Buffer Overflow.,1000.0000,2011-08-08 15:08:45,"60",Mario
Oracle Database and Enterprise Manager Grid Control Remote Code Execution,500.0000,2011-08-14 16:26:04,"60",Mario
Oracle Outside In CDR Buffer Overflow,200.0000,2011-08-13 18:27:08,"60",Mario
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability,500.0000,2011-08-14 16:29:35,"60",Mario
Firefox sensor.dll Insecure Library Loading,100.0000,2011-12-10 13:50:42,"60",Mario
IBM Lotus Forms Viewer Insecure Library Loading,100.0000,2012-07-20 21:15:05,"60",Mario
Wireshark Insecure Script Loading,50.0000,2012-01-02 14:51:16,"60",Mario
PcVue v5.52 (SVUIGrd.ocx) ActiveX Control Remote Code Execution,500.0000,2011-10-04 00:45:50,"288",^rwX
DATAC RealWin SCADA Server On_FC_BINFILE_FCS_FILE (0a) Buffer Overflow,100.0000,2011-10-06 00:57:57,"60",Mario
DATAC RealWin SCADA Server On_FC_CGETTAG_FCS_GETTELEMETRY Buffer Overflow,100.0000,2011-10-06 14:42:46,"60",Mario
DATAC RealWin SCADA Server On_FC_CGETTAG_FCS_SETTELEMETRY Buffer Overflow,100.0000,2011-10-06 14:45:22,"60",Mario
DATAC RealWin SCADA Server On_FC_SCRIPT_FCS_STARTPROG Buffer Overflow,100.0000,2011-10-06 14:46:42,"60",Mario
DATAC RealWin SCADA Server On_FC_CGETTAG_FCS_SETCHANNELTELEMETRY Buffer Overflow,100.0000,2011-10-06 14:55:38,"60",Mario
DATAC RealWin SCADA Server On_FC_CGETTAG_FCS_GETCHANNELTELEMETRY Buffer Overflow,100.0000,2011-10-06 15:03:19,"60",Mario
Tunnelblick (Mac OS X third-party software) Privilege Escalation,300.0000,2011-10-06 16:35:13,"238",subreption
OpenVPN Trusted Path Privilege Escalation,50.0000,2011-10-07 16:52:01,"60",Mario
ACDSee FotoSlate Int Buffer Overflow,100.0000,2011-10-10 16:57:47,"60",Mario
Safari SVGPathSegList Use-After-Free,500.0000,2012-08-10 14:57:52,"200",dput
IBM Lotus Domino Web Server If-Modified-Since Remote Buffer Overflow,100.0000,2011-10-11 01:14:32,"60",Mario
DATAC RealWin FCS_ADDTAGMS Buffer Overflow,100.0000,2011-10-12 20:02:43,"280",James
DATAC RealWin FCS_CADDTAG Buffer Overflow,100.0000,2011-10-12 20:04:53,"280",James
DATAC RealWin FCS_CDELTAG Buffer Overflow,100.0000,2011-10-12 20:06:31,"280",James
DATAC RealWin On_FC_BINFILE_FCS_FILE_D Buffer Overflow DEP Bypass,150.0000,2011-10-12 20:08:35,"280",James
DATAC RealWin On_FC_BINFILE_FCS_FILE_B Buffer Overflow,100.0000,2011-10-12 20:10:58,"280",James
DATAC RealWin On_FC_BINFILE_FCS_FILE_C Buffer Overflow,100.0000,2011-10-12 20:12:16,"280",James
DATAC RealWin On_FC_BINFILE_FCS_FILE_E Buffer Overflow,100.0000,2011-10-12 20:13:47,"280",James
DATAC RealWin On_FC_BINFILE_FCS_FILE_F Buffer Overflow,100.0000,2011-10-12 20:15:00,"280",James
HP iNode Management Center iNodeMngChecker Buffer Overflow,100.0000,2011-10-17 11:59:20,"60",Mario
Microsoft Office Uninitialized Object Pointer Vulnerability,250.0000,2012-11-01 04:03:46,"354",xBoy
ACDSee XBM Variable Name Buffer Overflow,50.0000,2012-04-14 11:31:11,"60",Mario
Cytel Studio LogXact USE Buffer Overflow,50.0000,2011-11-03 20:49:38,"60",Mario
EMC Autostart Domain Name Logging Buffer Overflow,100.0000,2011-12-05 07:11:26,"60",Mario
Oracle SDO_CS.TRANSFORM_LAYER Buffer Overflow,500.0000,2011-12-13 19:29:17,"60",Mario
Oracle DBLINK_INFO Buffer Overflow.,400.0000,2011-12-13 20:25:48,"60",Mario
Oracle DBMS_AQJMS_INTERNAL.AQ$_REGISTER Buffer Overflow,300.0000,2011-12-13 23:12:53,"60",Mario
Oracle DBMS_AQJMS_INTERNAL.AQ$_UNREGISTER Buffer Overflow,300.0000,2011-12-13 23:15:24,"60",Mario
DameWare Mini Remote Control NTLMSSP Buffer Overflow,100.0000,2011-12-14 23:33:58,"60",Mario
DameWare Mini Remote Control USERNAME Buffer Overflow,100.0000,2011-12-14 23:35:49,"60",Mario
eSignal WinSig.exe long StyleTemplate Buffer Overflow,100.0000,2011-12-19 23:11:21,"60",Mario
NetDecision TFTP Server Directory Traversal,50.0000,2011-12-21 23:52:31,"60",Mario
CA Total Defense Suite UNC Management Console deleteReportTemplate Store d Procedure SQL Injection,100.0000,2011-12-22 00:57:42,"60",Mario
Sunway Force Control <= 6.1 httpsvr.exe,100.0000,2011-12-24 02:11:26,"280",James
HP Managed Printing Admistration jobAcct Arbitrary File Creation,25.0000,2011-12-24 16:31:21,"60",Mario
HP Managed Printing Admistration jobDelivery Arbitrary File Creation,25.0000,2011-12-24 16:33:05,"60",Mario
FreeBSD telnetd Buffer Overflow,75.0000,2011-12-28 00:37:45,"60",Mario
ESTsoft ALZip MIM File Buffer Overflow,100.0000,2011-12-28 21:49:06,"280",James
Novell iPrint Client ActiveX Control GetDriverFile Buffer Overflow,100.0000,2011-12-29 00:12:11,"60",Mario
Novell iPrint Client ActiveX Control GetDriverSettings Buffer Overflow,100.0000,2011-12-29 23:08:59,"60",Mario
HastyMail rsargs[] Arbitrary Command Injection,100.0000,2012-01-02 18:01:39,"60",Mario
Trend Micro InterScan Web Security Suite Local Privilege Escalation,50.0000,2012-01-06 15:09:35,"60",Mario
Citrix Provisioning Services streamprocess.exe 0x40020000 Buffer Overflow,100.0000,2012-03-27 20:39:42,"60",Mario
Citrix Provisioning Services streamprocess.exe 0x40020002 Buffer Overflow,100.0000,2012-03-27 20:40:18,"60",Mario
Citrix Provisioning Services streamprocess.exe 0x40020004 Buffer Overflow,100.0000,2012-03-27 20:40:43,"60",Mario
Citrix Provisioning Services streamprocess.exe 0x40020006 Buffer Overflow,100.0000,2012-03-27 20:41:01,"60",Mario
SolarWinds Storage Manager Server SQL Injection Authentication Bypass And Command Execution,100.0000,2012-03-27 20:41:25,"60",Mario
Sunway Forcecontrol <= 6.1 sp3 SNMP NetDBServer.exe,100.0000,2012-01-30 17:04:26,"280",James
Motorola Netopia netOctopus SDCS Buffer Overflow,100.0000,2012-03-27 20:41:46,"60",Mario
CA Total Defense Suite deleteReportFilter Stored Procedure SQL Injection,100.0000,2012-04-17 17:30:46,"60",Mario
Exploit-builder for CVE-2011-0611,500.0000,2012-03-15 15:11:07,"417",Excoriot
Cisco VPN Client Arbitrary Command Injection,50.0000,2012-02-29 20:24:56,"60",Mario
TheGreenBow IPSec VPN Client Arbitrary Command Injection,50.0000,2012-03-01 15:12:26,"60",Mario
Trend Micro ServerProtect 5.58 CMON_ActiveRollback Buffer Overflow,100.0000,2012-03-06 15:47:47,"60",Mario
Trend Micro ServerProtect 5.58 CMON_ActiveUpdate Buffer Overflow,100.0000,2012-03-06 15:48:59,"60",Mario
Trend Micro ServerProtect 5.58 SetSvcImpersonateUser Buffer Overflow,100.0000,2012-03-06 16:17:54,"60",Mario
Trend Micro ServerProtect 5.58 RPCFN_ENG_AddTaskExportLogItem Buffer Overflow,100.0000,2012-03-06 19:46:03,"60",Mario
Trend Micro ServerProtect 5.58 SetPagerNotifyConfig Buffer Overflow,100.0000,2012-03-06 19:45:29,"60",Mario
Trend Micro ServerProtect 5.58 ENG_SENDMAIL Buffer Overflow,100.0000,2012-03-06 20:52:24,"60",Mario
Trend Micro ServerProtect 5.58 CMON_NetTestConnection Buffer Overflow,100.0000,2012-03-07 14:01:24,"60",Mario
Computer Associates Alert Notification 0x15 Buffer Overflow,100.0000,2012-03-08 16:57:25,"60",Mario
Computer Associates Alert Notification 0x17 Buffer Overflow,100.0000,2012-03-08 16:58:50,"60",Mario
NETGEAR SafeNet SoftRemote IKE Service Buffer Overflow,100.0000,2012-03-10 14:57:36,"60",Mario
freeSSHD 1.2.1 FXP_OPENDIR Buffer Overflow,100.0000,2012-03-12 14:13:19,"60",Mario
freeSSHD 1.2.1 FXP_RENAME Buffer Overflow,100.0000,2012-03-12 14:14:32,"60",Mario
GoodTech SSH FXP_OPEN Buffer Overflow,100.0000,2012-03-12 15:00:07,"60",Mario
MPlayer SAMI Subtitle File Buffer Overflow,100.0000,2012-03-16 17:09:27,"60",Mario
Internet Explorer 8 Insecure Library Loading Client-Side Remote Code Execution,300.0000,2012-03-22 18:17:19,"422",41.w4r10r
Novell ZENworks CM Preboot Service Opcode 6 Buffer Overflow,100.0000,2012-03-26 21:26:02,"60",Mario
Elastix PBX 2.2.0 callme_page.php Remote Command Execution with Local Privilege Escalation,1100.0000,2012-04-22 22:02:07,"423",aisg-001
Novell ZENworks CM Preboot Service Opcode 21 Buffer Overflow,100.0000,2012-03-27 01:57:07,"60",Mario
CA Total Defense Suite exportReport Stored Procedu re SQL Injection,100.0000,2012-03-28 12:19:24,"60",Mario
PEiD PE Import Directory Buffer Overflow,100.0000,2012-03-30 18:52:33,"60",Mario
Novell ZENworks CM Preboot Service Opcode 4C Buffer Overflow,100.0000,2012-04-04 11:47:52,"60",Mario
LANDesk Lenovo ThinkManagement Console ServerSetup Command Execution,100.0000,2012-04-04 13:12:02,"60",Mario
Disk Pulse Server GetServerInfo Buffer Overflow,100.0000,2012-04-10 14:39:53,"60",Mario
Rabox WinLPD Buffer Overflow,100.0000,2012-04-11 22:18:00,"60",Mario
Quest Big Brother Remote File Creation,100.0000,2012-04-12 16:28:25,"60",Mario
SGI Infosrch.cgi fname Command Execution,50.0000,2012-06-13 11:32:36,"60",Mario
Nucleus Kernel Recovery for Novell Buffer Overflow,100.0000,2012-04-15 14:15:04,"60",Mario
HP OmniInet.exe Opcode 17 Buffer Overflow,100.0000,2012-04-20 15:17:42,"60",Mario
HP OmniInet.exe Opcode 35 Buffer Overflow,100.0000,2012-04-21 11:45:56,"60",Mario
HP OmniInet.exe Opcode 46 Buffer Overflow,100.0000,2012-04-22 12:08:27,"60",Mario
magicdoc.py,200.0000,2012-12-09 18:10:40,"471",n0ne
CVE-2011-3402 (MS11-087),1000.0000,2012-07-30 01:12:47,"483",Ling Chuan Lee
Safari SVGPointList Use-After-Free,500.0000,2012-08-10 14:56:46,"200",dput
CVE-2005-0750 - Linux Kernel bluetooth integer underflow,500.0000,2012-06-13 08:24:26,"200",dput
CA BrightStor ARCserve Backup caloggerd Arbitrary File Writing Exploit,500.0000,2012-06-13 08:33:40,"200",dput
CA BrightStor ARCserve Backup XDR Parsing Buffer Overflow Exploit,500.0000,2012-06-13 08:37:13,"200",dput
ZABBIX Server node_process_command() Command Execution,50.0000,2012-06-13 12:55:29,"60",Mario
GlobalSCAPE CuteZIP Buffer Overflow,50.0000,2012-06-13 12:55:29,"60",Mario
Blue Coat Reporter Directory Traversal Scanner,100.0000,2012-06-16 18:25:44,"114",bannedit
VMware Workstation VMNC Codec Parsing Remote Code Execution Vulnerability,300.0000,2012-06-24 18:47:21,"490",exodusintel
WordPress plugin Asset manager upload.php Arbitrary Code Execution,25.0000,2012-06-27 12:37:03,"491",Sooraj
WordPress plugin WP-Property uploadify.php Arbitrary Code Execution,25.0000,2012-06-27 12:44:25,"491",Sooraj
GoodTech SSH Server 6.5 Stack Buffer Overflow,100.0000,2012-07-13 14:00:02,"280",James
PEiD <= 0.92 Stack Buffer Overflow,100.0000,2012-07-13 14:02:52,"280",James
Cisco Linksys PlayerPT SetSource() ActiveX Buffer Overflow,25.0000,2012-07-20 14:47:20,"60",Mario
IBM Cognos tm1admsd.exe Buffer Overflow,50.0000,2012-07-23 15:50:37,"60",Mario
IBM Cognos tm1admsd.exe Buffer Overflow,50.0000,2012-07-23 15:53:19,"60",Mario
Novell ZENworks Asset Management Remote Code Execution,100.0000,2012-07-27 21:13:03,"60",Mario
ACDSee Photo Editor 2008 XBM Variable Name Buffer Overflow,100.0000,2012-07-29 19:31:30,"280",James
Cytel Studio 9.0 (CYB File) Stack Buffer Overflow,100.0000,2012-07-29 19:33:49,"280",James
Disk Pulse Server 'GetServerInfo' Buffer Overflow,100.0000,2012-07-29 19:36:04,"280",James
eSignal Pro <= 10.6.2425.1208 (QUO File) Buffer Overflow,100.0000,2012-07-30 02:34:47,"280",James
FreeSSHD <= 1.2.1 FXP_OPENDIR,100.0000,2012-07-29 19:39:39,"280",James
FreeSSHD <= 1.2.1 FXP_RENAME,100.0000,2012-07-29 19:41:32,"280",James
R4 winamp plugin ,100.0000,2012-09-05 14:49:43,"280",James
Solarwinds <= 5.1.2 LoginServlet Auth Bypass SQLi,100.0000,2012-07-29 19:48:49,"280",James
Winamp 5.55 (MAKI script) Stack Buffer Overflow,50.0000,2012-07-29 19:50:30,"280",James
Internet Explorer <=9 Remote Code Execution,700.0000,2012-08-03 15:47:02,"422",41.w4r10r
IBM Lotus Quickr QP2 ActiveX Import_Times Buffer Overflow,25.0000,2012-08-04 15:52:19,"60",Mario
IBM Lotus Quickr QP2 ActiveX Attachment_Times Buffer Overflow,25.0000,2012-08-04 15:54:25,"60",Mario
Oracle Jinitiator beans.ocx ActiveX Control Stack Overflow,150.0000,2012-08-23 08:49:42,"495",aushack
Oracle Business Transaction Management FlashTunnelService WriteToFile Code Execution,50.0000,2012-08-28 11:34:34,"60",Mario
HP SiteScope SOAP getFileInternal Arbitrary File Read,25.0000,2012-09-05 17:25:12,"60",Mario
HP SiteScope SOAP loadFileContent Arbitrary File Read,25.0000,2012-09-05 17:27:32,"60",Mario
Oracle Outside In XPM Buffer Overflow,25.0000,2012-09-14 17:19:19,"60",Mario
Oracle Solaris Privilege Escalation,100.0000,2012-10-24 00:00:09,"517",unSecurityResearch
Novell GroupWise Client 8.0.0 - 2012 - LWP Attachment Buffer Overflow,270.0000,2012-11-04 12:57:57,"79",alino
IBM Informix Dynamic Server Password Buffer Overflow,50.0000,2012-10-19 22:31:49,"60",Mario
MySQL on Windows Remote system Exploit post-auth,1500.0000,2012-11-30 19:59:49,"58",Kingcope
Webmin Status Remote Perl Command/Library Execution,500.0000,2012-11-01 03:32:45,"423",aisg-001
Webmin Show CGI Remote Command Execution,500.0000,2012-11-01 03:47:37,"423",aisg-001
Cisco Prime Data Center Network Manager Remote Command Execution,25.0000,2012-11-05 17:24:01,"60",Mario
McAfee Web Reporter File Upload and Execute,25.0000,2012-11-06 19:47:19,"60",Mario
SGI infosrch.cgi fname Command Execution,0.0000,2012-11-16 19:28:32,"528",test
Secure Computing SmartFilter File Upload and Execute,25.0000,2012-11-12 14:21:23,"60",Mario
supplementary,0.0000,2012-11-17 14:35:35,"528",test
Site License Plus,0.0000,2012-11-19 13:33:35,"",
TEST_LIVE,0.0000,2012-11-19 20:20:39,"528",test
Test Product Live #999,150.0000,2012-11-21 21:59:16,"528",test
XAMPP mssql_connect() Buffer Overflow,25.0000,2012-11-26 15:37:20,"60",Mario
Test Product Live #888,80.0000,2012-11-25 21:11:43,"528",test
Test Product Live #887,70.0000,2012-11-25 17:27:00,"528",test
Test Product Live #885,69.0000,2012-11-25 18:29:47,"528",test
jose_test,0.0000,2012-12-07 20:01:08,"528",test
Mobile Rifatron DVR web version Authentication-free hack,0.0000,2012-12-09 22:16:28,"593",Renard
MsOfficeWord2010,200.0000,2012-12-09 18:27:37,"471",n0ne



                  .-'''/.\
How to hack??    (_.--'  |
                  |  ==  |
             o-._ .--..--. _.-o    [+] System Linux web 2.6.35-22-server #33-Ubuntu SMP Sun Sep 19 20:48:58 UTC 2010 x86_64
                 |   ||   |        [+] MYSQL Client API library version 5.1.49 
                  ;--|`--:         [+] Apache Version Apache/2.2.16 (Ubuntu) 
                  |. |   |         [+] Hostname:Port web.lab.nsslabs.com:443 
                  |  ;_ .|         [+] Host www.exploithub.com 
                  |_____ |         [+] X-Powered-By PHP/5.3.3-1ubuntu9.3 
                 /|     '|\
                 //`----'\\
                ////|  |  \\
                /   |  |    \
                   /|  |\
                  / \  / \
                 /   \/   \
                /          \
                |          |
               ||    /\    ||
               ||   ,  .   ||

-----------------------------------------------------------

I am very much surprised when he learned of Magento eCommerce Software and search /install/ 

1) We scan server and site
2) We reinstall Magento CMS https://www.exploithub.com/install/  <= We reinstall Magento CMS
3) Upload shell and phpinfo https://www.exploithub.com/phpinfo.php
4) backup all files and database.
5) Upload piece of the database https://www.exploithub.com/export/
6) Increased privileges and use root


We have exploithub.com private database and FTP files)

               \'/
             -= * =-
               {.}
              {.-'}
             {`_.-'}
            {-` _.-'}
             `":=:"`
              `---`

--------------------------------------------------------------------------------------
                                   Be safe, / r0073r
								   
    Who is involved in a conspiracy against liberty, must be destroyed.
                         _==_ _
                       _,(",)|_|
                        \/. \-|
                      __( :  )|___
-------Th3 END----------------------Merry Christmas-------------------------------------