smack: incorrect X.509 certificate validation

It was found that the ServerTrustManager in the Smack XMPP API did not verify basicConstraints and nameConstraints in X.509 certificate chains. A man-in-the-middle attacker could use this flaw to spoof servers and obtain sensitive information...

USN-2253-1 libreoffice vulnerability

It was discovered that LibreOffice unconditionally executed certain VBA macros, contrary to user expectations...

UBUNTU-CVE-2014-0247

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx...

MS14-036: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (2967487)

The version of Microsoft's Graphics Component installed on the remote host is affected by code execution vulnerabilities due to the way GDI+ handles image record types in specially crafted files. A remote, unauthenticated attacker could exploit these issues by tricking a user into viewing content...

Design/Logic Flaw

Unspecified vulnerability in IBM API Management 3.0.0.0, when basic authentication is used for APIs, allows remote attackers to bypass intended restrictions on topology access, and obtain sensitive information, via unknown vectors...

AoA Audio Extractor Basic 2.3.7 - ActiveX

nse="\xEB\x06\xff\xff"; seh="\x58\xE4\x04\x10"; nops="\x90"; while nops.length10 nops+="\x90"; shellcode = "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"+ "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"+...

Respondly: No Bruteforce Protection

Hi, Your Basic Authentication at http://o1.m.respond.ly:8080/ has no bruteforce protection using hydra or some other tool it can be bruteforced...

Microsoft Visual Basic FlexGrid ActiveX Control Rows Parameter Memory Corruption - Ver2 (CVE-2008-4254)

A memory corruption vulnerability has been reported in Microsoft Visual Basic. An attacker could exploit this vulnerability crafted Rows and Cols properties to the ExpandAll and CollapseAll methods, related to access of incorrectly initialized objects and corruption of the system state. Successfu...

EAP6: Plain text password logging during security audit

It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...

EAP6: Plain text password logging during security audit

It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...

XSRF Protection Disables Basic URL Rest Authorization

According to this REST page: https://developer.atlassian.com/display/BAMBOODEV/Using+the+Bamboo+REST+APIs You should be able to login to REST via a URL request by using the following scheme: "http://host:8085/rest/api/latest/plan?osauthType=basic&osusername=&ospassword=" This worked fine for us...

AutoCAD vulnerable to arbitrary VBScript execution

Overview AutoCAD provided by Autodesk, Inc. is an application for comuputer-aided design CAD. AutoCAD loads specific FAS files when opening files. AutoCAD contains an issue with the FAS file search path, which may lead to arbitrary VBScript code execution. kaito834 reported this vulnerability to...

Fedora Update for rootfiles FEDORA-2013-22722

Check for the Version of rootfiles OpenVAS Vulnerability Test Fedora Update for rootfiles FEDORA-2013-22722 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

ASUS RT-N56U - Remote Root Shell Buffer Overflow (ROP)

ASUS RT-N56U remote root shell buffer overflow exploit. !/usr/bin/env python from time import sleep from sys import exit import urllib2, signal, struct, base64, socket, ssl Title: ASUS RT-N56U Remote Root Shell Exploit - appsname Discovered and Reported: October 2013 Discovered/Exploited By: Jaco...

ASUS RT-N56U - Remote Buffer Overflow (ROP)

ASUS RT-N56U - Remote Buffer Overflow ROP !/usr/bin/env python from time import sleep from sys import exit import urllib2, signal, struct, base64, socket, ssl Title: ASUS RT-N56U Remote Root Shell Exploit - appsname Discovered and Reported: October 2013 Discovered/Exploited By: Jacob Holcomb/Gimp...

NETGEAR WNR1000v3 Password Recovery Vulnerability

Description: Newer firmware versions of the NETGEAR N150 WNR1000v3 wireless router are affected by a password recovery vulnerability. Exploiting this vulnerability allows an attacker to recover the router's plaintext Administrator credentials and subsequently gain full access to the device. This...

[Router Password Kracker] Router Password Recovery Software

Router Password Kracker is a free software to recover the lost password of your Router. It can also be used to recover password from your internet Modem or Web sites which are protected by HTTP BASIC Authentication. Generally Routers or Modems control their access by using HTTP BASIC authenticati...

[SECURITY] Fedora 20 Update: rootfiles-8.1-16.fc20

The rootfiles package contains basic required files that are placed in the root user's account. These files are basically the same as those in /etc/skel, which are placed in regular users' home directories...

[Cansina] Web Content Discovery Application

It takes general available lists of common path and files used by web applications and make URL requests looking back to the server response code. Cansina stores the information in a sqlite database omitting 404 responses. One for every new url think this as a kind of projects feature and the sam...

Asus RT-N66U 3.0.0.4.374_720 - CSRF Vulnerability

Exploit for hardware platform in category web applications Exploit Title: CSRF Asus RT-N66U Arbitrary Command Execution Google Dork: N.A. Date: 30 September 2013 Exploit Author: cgcai https://www.qxcg.net/arbitrary-command-execution-on-an-asus-rtn66u.html Vendor Homepage:...