Mandriva Linux Security Advisory : backuppc (MDVSA-2013:062)

Updated backuppc packages fix security vulnerabilities : Cross-site scripting XSS vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to inject arbitrary web script or HTML via the share parameter in a RestoreFile action to index.c...

[DynDNS Password Decryptor] Free Desktop Tool to Recover DynDNS Password

DynDNS Password Decryptor is a free desktop tool to instantly decode and recover DynDNS password. DynDNS - a popuar Dynamic DNS management solution offering enterprise-level DNS performance and reliability. This tool automatically detects locally installed 'DynDNS Updater Client' and displays the...

Design/Logic Flaw

Untrusted search path vulnerability in the perfconfig function in tools/perf/util/config.c in perf, as distributed in the Linux kernel before 3.1, allows local users to overwrite arbitrary files via a crafted config file in the current working directory...

Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability

========================================================================================== Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability ==========================================================================================...

Site Builder RumahWeb File Disclosure

========================================================================================== Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability ==========================================================================================...

Mandriva Update for java-1.6.0-openjdk MDVSA-2012:169 (java-1.6.0-openjdk)

Check for the Version of java-1.6.0-openjdk OpenVAS Vulnerability Test Mandriva Update for java-1.6.0-openjdk MDVSA-2012:169 java-1.6.0-openjdk Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

PT-2012-5154 · Tridium · Tridium Niagara Ax Framework

Name of the Vulnerable Software and Affected Versions: Tridium Niagara AX Framework affected versions not specified Description: The issue allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions. This can be demonstrated by...

Symantec Web Gateway 5.0.2.8 Multiple Vulnerabilities

Exploit for linux platform in category web applications Software: Symantec Web Gateway Current Software Version: 5.0.2.8 Product homepage: www.symantec.com Author: S2 Crew Hungary CVE: CVE-2012-0297, CVE-2012-0298, ??? File include:...

Fedora 17 : java-1.7.0-openjdk-1.7.0.3-2.2.1.fc17.8 (2012-9590)

S7079902, CVE-2012-1711: Refine CORBA data models S7110720: Issue with vm config file loadingIssue with vm config file loading S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. S7143614, CVE-2012-1716: SynthLookAndFeel stability improveme...

Family Connections 2.9 Php Code Execution

Exploit for php platform in category web applications Exploit Title: Family Connections 2.9 Php COde Execution Date: 28/mar/2012 Author: L3b-r1'z Vendor or Software Link: http://sourceforge.net/projects/fam-connections/files/Family%20Connections/ Version: 2.9 Category: webapps Google dork:...

PT-2012-1989 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.3.1 and earlier Description: The installation component in WordPress does not ensure that the specified MySQL database service is appropriate, allowing remote attackers to configure an arbitrary database via the dbhost an...

Pragyan CMS v 3.0 remote file disclosure-vulnerability warning-the black bar safety net

Title: Pragyan CMS v 3.0 = Remote File Disclosure Author Or4nG. M4n Download address http://space.dl.sourceforge.net/project/pragyan/pragyan/3.0/PragyanCMS-v3.0-beta.tar.bz2 The location of the defect download.lib.php line 1 6 index.php line 2 3 4 $GET'fileget' Test http://www.xxx.com /Pragyan/?...

TFTP Attack - Cisco Router Config File Obtained via TFTP

Binary data 6213.prm...

kernel: perf tools: may parse user-controlled configuration file

Untrusted search path vulnerability in the perfconfig function in tools/perf/util/config.c in perf, as distributed in the Linux kernel before 3.1, allows local users to overwrite arbitrary files via a crafted config file in the current working directory...

CiscoKits 1.0 - TFTP Server Directory Traversal

CiscoKits 1.0 - TFTP Server Directory Traversal !/usr/bin/python Title : CiscoKits TFTP Server Directory Traversal Vulnerability Author : Antu Sanadi from SecPod Technologies www.secpod.com Vendor : http://www.certificationkits.com/cisco-ccna-tftp-server/ Advisory : http://secpod.org/blog/?p=301...

Nmap NSE net: smb-psexec

This script implements remote process execution similar to the Sysinternals' psexec tool, allowing a user to run a series of programs on a remote machine and read the output. This is great for gathering information about servers, running the same tool on a range of system, or even installing a...

Gimp: Stack-based buffer overflow in Gfig plug-in

Stack-based buffer overflow in the gfigreadparametergimprgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a long Foreground field in a plugin...

DEBIAN-CVE-2011-1500

PreferencesPithosDialog.py in Pithos 0.3.7 does not properly restrict permissions for the .config/pithos.ini file in a user's home directory, which allows local users to obtain Pandora credentials by reading this file...

Hosting company Hostkey.ru got Compromised !

Hosting company Hostkey.ru got Compromised ! A hacked Hacked Into Hosting company Hostkey.ru, some Proof of hacks are here : 1. Cms Hacked 2. PhpMyAdmin Hacked 3. Shell on Server 4. Config File https://pastebin.com/VbuD0acE 5. Server Rooted https://pastebin.com/h5RW3w6c Full compromise step-by-st...

CVE-2011-0635

Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter FTP-Server field to the sicore/updates/optionssav operation for index.php...