[SECURITY] Fedora 20 Update: openstack-ceilometer-2013.2.3-2.fc20

OpenStack ceilometer provides services to measure and collect metrics from OpenStack components...

BT Voyager 2000 Wireless ADSL Router SNMP Community String Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10589/info BT Voyager 2000 Wireless ADSL Router is reported prone to a sensitive information disclosure vulnerability. It is reported that 'public' SNMP MIB community strings which, are world readable by default contain...

SGI IRIX <= 6.2 fsdump Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/355/info A number of vulnerabilities exist in the fsdump program included with Silicon Graphics Inc's IRIX operating system. Each of these holes can be used to obtain root privlilege. Variant 1: irix% /var/rfindd/fsdump...

my-colex 1.4.2 (ab/xss/sql) Multiple Vulnerabilities

No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! --...

impleo music collection 2.0 (sql/xss) Multiple Vulnerabilities

No description provided by source. + Impleo Music Collection 2.0 SQL/XSS Multiple Remote Vulnerabilities + Download: http://sappy.dk/impleo/download-impleo + Discovered By SirGod + www.mortal-team.org + SQL Injection Auth Bypass - Requirements : magicquotesgpc = off - Vulnerable code in...

New Data Shows FBI Issued More Than 19k National Security Letters in 2013

The United States federal government issued more than 19,000 National Security Letters–perhaps its most powerful tool for domestic intelligence collection–in 2013, and those NSLs contained more than 38,000 individual requests for information. The new data was released by the Office of the Directo...

QQ group played a window, QQXSS new vulnerability alerts-a vulnerability alert-the black bar safety net

Preface Estimates of engage security of the students this morning, landing QQ, open the QQ group message, is a bunch of pop-UPS playing the depressed, due to a QQ group storage typeXSS. Network sharp knives team mango classmates yesterday found this QQ group storageXSS, and also submitted a TSRC,...

openSUSE Security Update : seamonkey (seamonkey-4074)

Mozilla SeaMonkey was updated to version 2.0.12, fixing various security issues. Following security issues were fixed: MFSA 2011-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed...

openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-4073)

Mozilla XULRunner 1.9.1 was updated to version 1.9.1.17, fixing various security issues. Following security issues were fixed: MFSA 2010-74 / CVE-2010-3777: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products...

Facebook Set to Let Users Edit Own Advertising Info

Facebook announced today it will soon be rolling out a new feature to give users more control when it comes to the types of advertisements they see on the site. If users are tired of getting barraged with ads for shoes, video games or discount plane tickets, they’ll not only be able to stop the...

ntop Cross Site Scripting

Exploit Title : ntop, Web-based Traffic Analysis and Flow Collection tool reflected xss vulnerability Author : Manish Kishan Tanwar Vendor : httphttp://www.ntop.org Date : 10/06/2014 Discovered @ : INDISHELL Lab Love to : zero cool,Team indishell,Hardeep Singh email : [email protected]...

MongoDB NoSQL Collection Enumeration Via Injection

This module can exploit NoSQL injections on MongoDB versions less than 2.4 and enumerate the collections available in the data via boolean injections. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

齐博CMS任意文件读取(鸡肋，需注册)

简要描述： RT 详细说明： 漏洞一:鸡肋的getshell需注册并能发布文章,需配合apache、iis6解析漏洞 文件 /inc/articfunction.php //采集外部图片 function getoutpic$str,$fid=0,$getpic=1 global $webdb,$lfjuid; if!$getpic return $str; pregmatchall"/http://^ '"+.gif|jpg|png/is",$str,$array; $filedb=$array0; foreach $filedb AS $key=$value if...

Ex-NSA Director Admits 'We Kill People Based On Metadata' with Drone Strike

We All now know about the existence of the extensive metadata collection program by U.S National Security Agency NSA, which creates an intimate repository of our lives -- whom we love, whom we’re friends with, where we work, whom we call, when we you, how long we talk over the calls, and how ofte...

Judiciary Committee Approves Bill Limiting NSA Surveillance

The House Judiciary Committee met yesterday in a hearing to discuss, amend and approve the USA FREEDOM Act, which aims to rein in the National Security Agency’s surveillance powers and place new limits on authority granted under the USA PATRIOT Act and the Foreign Intelligence Surveillance Act...

Memory corruption

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and heap memory...

UBUNTU-CVE-2014-1525

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and heap memory...

How To Export Windows Event Logs

Purpose When submitting a support case for technical assistance, it is sometimes necessary to upload relevant Windows event logs in addition to the Veeam logs. Event logs exported using default settings can be missing important information. This article describes three different methods of...

Firefox Gather History from Privileged Javascript Shell

This module allows collection of the entire browser history from a Firefox Privileged Javascript Shell. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'json' class MetasploitModule 'Firefox Gather History fro...

With a Warning FTC Approves WhatsApp, Facebook Union

Facebook’s acquisition of messaging application WhatsApp was approved by the Federal Trade Commission late last week, but not without a stern notice from the agency, which warned that it would be keeping a watchful eye on the two companies going forward. In a letter addressed to officials at...