35 matches found
New Jigsaw Hacking Tool Spotted in Attacks
If you’ve run an internal phishing exercise, chances are you may have used Jigsaw, an open source penetration testing tool that enables security teams to automatically generate email address combinations from a minimal amount of public information. As with other open source security and networkin...
USN-1656-1: Libxml2 vulnerability
It was discovered that libxml2 had a heap-based buffer underflow when parsing entities. If a user or automated system were tricked into processing a specially crafted XML document, applications linked against libxml2 could be made to crash or possibly execute arbitrary code...
Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : poppler vulnerabilities (USN-1005-1)
It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the progra...
Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : libgdiplus vulnerability (USN-993-1)
Stefan Cornelius discovered that libgdiplus incorrectly handled certain image files. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program...
iDevSpot Text Ads 2.08 SQL Injection
Title:idevspot Text ads 2.08 sqli vulnerability Author: Sid3^effects Published: 2010-06-06 price:$147 email:[email protected] vendor: idevspot url : http://www.idevspot.com/TextAds2.php google dork : Powered by TextAds 2.08 ooooo .oooooo. oooooo oooooo oooo 888' d8P' Y8b 888. 888. .8' 888 888 88...
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : dpkg vulnerability (USN-909-1)
William Grant discovered that dpkg-source did not safely apply diffs when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of...
Gumblar: New Generation of Self-Building Botnets
We’ve been looking at the infrastructure of the Gumblar malware and found some curious facts on how Gumblar operates which we would like to share to make hosting owners aware of the Gumblar threat. Analysis of some infected websites showed that the only way to inject the infection of Gumblar was ...
Ubuntu: Security Advisory (USN-746-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Patchlink Detection
The remote host has a patch management software installed on it. Description : This script uses Windows credentials to detect whether the remote host is running Patchlink and extracts the version number if so. Patchlink is a fully Internet-based, automated, cross-platform, security patch manageme...
GLSA-200801-20 : libxml2: Denial of Service
The remote host is affected by the vulnerability described in GLSA-200801-20 libxml2: Denial of Service Brad Fitzpatrick reported that the xmlCurrentChar function does not properly handle some UTF-8 multibyte encodings. Impact : A remote attacker could entice a user to open a specially crafted XM...
GLSA-200708-03 : libarchive (formerly named as bsdtar): Multiple PaX Extension Header Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200708-03 libarchive formerly named as bsdtar: Multiple PaX Extension Header Vulnerabilities CPNI, CERT-FI, Tim Kientzle, and Colin Percival reported a buffer overflow CVE-2007-3641, an infinite loop CVE-2007-3644, and a NULL...
Move easy latest use method-vulnerability warning-the black bar safety net
Approximate method: 1. Register for a das. asp user name will be the system to automatically build a user name for the name of the directory 2. Pass pictures of horses Mainly use the 0 3 for. asp directory support, 0 3. asp directory of the characteristics caused. Official also the existence of...
[USN-210-1] netpbm vulnerability
=========================================================== Ubuntu Security Notice USN-210-1 October 18, 2005 netpbm-free vulnerability CAN-2005-2978 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 Warty Warthog Ubunt...
FreeBSD : gnupg -- OpenPGP symmetric encryption vulnerability (8375a73f-01bf-11da-bc08-0001020eed82)
Serge Mister and Robert Zuccherato reports that the OpenPGP protocol is vulnerable to a cryptographic attack when using symmetric encryption in an automated way. David Shaw reports about the impact : This attack, while very significant from a cryptographic point of view, is not generally effectiv...
gnupg -- OpenPGP symmetric encryption vulnerability
Serge Mister and Robert Zuccherato reports that the OpenPGP protocol is vulnerable to a cryptographic attack when using symmetric encryption in an automated way. David Shaw reports about the impact: This attack, while very significant from a cryptographic point of view, is not generally effective...