NIST Recommends SMS Two-Factor Authentication Deprecation

A U.S. government agency said the end is nigh for SMS-based two-factor authentication, citing a lack of security around the feature. The latest draft version of the Digital Authentication Guideline issued this week by the U.S. National Institute for Standards and Technology NIST said the practice...

PHPads 213607 - Authentication Bypass / Password Change

PHPads Authentication Bypass Exploit PHPads Authentication Bypass / Administrator Password Change Exploit Target : " size="70" / '1', 'newlogin' = $username, 'newpass' = "htlover"; $ch = curlinit; curlsetopt$ch, CURLOPTURL,$target; curlsetopt$ch, CURLOPTRETURNTRANSFER,1; curlsetopt$ch,...

wordpress infusionsoft 1.5.10 /wp-content/plugins/infusionsoft/Infusionsoft/utilities/code_generator.php 文件上传漏洞

No description provided by source...

WordPress Plugin InfusionSoft - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress InfusionSoft Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the wordpress...

Wordpress InfusionSoft Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress InfusionSoft Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the wordpress...

Maligno - Penetration Testing Tool that Serves Metasploit Payloads

Maligno is an open source penetration testing tool that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission. Changelog: Metasploit multi-host support, socks4a server...

samba: Multiple heap-based buffer overflows in memory management based on NDR marshalling code output

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call...

Mandriva Update for samba MDVSA-2012:055 (samba)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Facebook Issues Security Updates for Mobile App

The Facebook security team is adding some new security features to the social network’s mobile applications, including upgrades to the login mechanism and account recovery options. The first addition is an update to Facebook’s existing login approval mechanism, which they are calling ‘code...

Input validation

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call...

CVE-2012-1182

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call...

CVE-2012-1182

The CVE-2012-1182 issue in Samba stems from the PIDL-based DCE/RPC code generator not validating array lengths during RPC handling, creating an out-of-bounds/heap-overflow condition that enables remote code execution. Affected branches include Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6...

CVE-2012-1182

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call...

QRcode Perl CGI & PHP script vulnerable to denial of service attack

Overview QRcode Perl CGI & PHP script, a QR code image generation tool, contains a vulnerability that may cause excessive consumption of server resources. Upon a specific request, resources of a server could be excessively comsumed until the server becomes unable to respond to requests from...