MelOn Player 1.0.11.x - Denial of Service (PoC)

MelOn Player 1.0.11.x - Denial of Service PoC Exploit Title: MelOn Player 1.0.11.x Denial of Service POC Date: 09/09/2011 Author: modpr0be Software Link: http://www.melon.co.id/cs/guide/download/player.do Vulnerable version: 1.0.11.x Tested on: Windows XP SP3 VirtualBox 4.1.0 r73009 CVE : N/A...

FLV Player Content Spoofing / Cross Site Scripting

Hello list! I want to warn you about Content Spoofing and Cross-Site Scripting vulnerabilities in FLV Player. ------------------------- Affected products: ------------------------- Vulnerable are different versions of FLV Player MINI, NORMAL, MAXI and MULTI. Note, that version NORMAL occurs under...

NetSaro Enterprise Messenger Server Administration Console Weak Cryptographic Password Storage Vulnerability

NetSaro Enterprise Messenger Server Administration Console Weak Cryptographic Password Storage Vulnerability CVSS Risk Rating: 4.6 Medium Product: NetSaro Enterprise Messenger Server Application Vendor: SEM Software Vendor URL: http://www.netsaro.com/ Public disclosure date: 8/15/2011 Discovered...

Linux Kernel 'perf'工具本地特权提升漏洞

Bugtraq ID: 49140 CVE ID：CVE-2011-2905 Linux是一款开放源代码的操作系统。 perf工具从当前目录装载配置文件存在缺陷，构建用户在包含恶意配置文件中的目录中执行perf工具，可提升特权。 Linux kernel 2.6.x 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息： http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=aba8d056078e47350d85b06a9cabd5afcc4b72ea...

Safenet Sentinel and 7-T Input Sanitization Vulnerability

Overview ICS-CERT originally released advisory ICSA-11-314-01P on the US-CERT secure portal on November 14, 2011. This web page release was delayed to allow users time to download and install the update. Security researcher Carlos Mario Penagos Hollman of Synapse-labs has identified an input...

CentOS Update for exim CESA-2011:0153 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Oracle Java Runtime Environment Insecure File Loading

Added: 08/08/2011 OSVDB: 74330 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java...

Oracle Java Runtime Environment Insecure File Loading

Added: 08/08/2011 OSVDB: 74330 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java...

CA security finds Android Trojan which records phone calls

CA security finds Android Trojan which records phone calls A new Android Trojan is capable of recording phone conversations, according to a CA security researcher. The trojan is triggered when the Android device places or receives a phone call. It saves the audio file and related information to t...

Design/Logic Flaw

EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file...

CVE-2011-1742

EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file...

VulnCheck KEV: CVE-2009-1151

Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

CVE-2011-2957

Unspecified vulnerability in Rockwell Automation FactoryTalk Diagnostics Viewer before V2.30.00 CPR9 SR3 allows local users to execute arbitrary code via a crafted FactoryTalk Diagnostics Viewer .ftd configuration file, which triggers memory corruption...

CVE-2011-2957

Unspecified vulnerability in Rockwell Automation FactoryTalk Diagnostics Viewer before V2.30.00 CPR9 SR3 allows local users to execute arbitrary code via a crafted FactoryTalk Diagnostics Viewer .ftd configuration file, which triggers memory corruption...

[PT-2011-08] Multiple vulnerabilities in Dlink DPH 150SE/E/F1

---------------------------------------------------------------------- PT-2011-08 Positive Technologies Security Advisory Multiple vulnerabilities in Dlink DPH 150SE/E/F1 ---------------------------------------------------------------------- --- Vulnerable platform Dlink DPH 150s IP Phone Firmwar...

http-axis2-dir-traversal NSE Script

Exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by sending a specially crafted request to the parameter xsd BID 40343. By default it will try to retrieve the configuration file of the Axis2 service '/conf/axis2.xml' using the path '/axis2/services/' to return the userna...

phpMyAdmin3. X Remote Code Execution exploit-vulnerability warning-the black bar safety net

Use Conditions: 1. a "config" file must be writable or can be created 2. In PHP. ini to session. autostart = 1 Tasteless: PHP. ini in session. autostart default is 0 python EXP:http://dl.dbank.com/c060w98buu PhpMyAdmin of 3. x Swekey remote code injection vulnerability PHP EXP: THE ? php echo...

phpMyAdmin Prior to 3.3.10.2 and 3.4.3.1 多个远程漏洞

phpMyAdmin是容易发生多个远程漏洞，包括PHP代码执行和本地文件包含漏洞。 成功的攻击可能会危及受影响的应用程序和可能底层的计算机。 phpMyAdmin版本3.3.10.2和3.4.3.1是脆弱的。 Typo3 phpMyAdmin 4.11.1 phpMyAdmin phpMyAdmin 3.4.3 phpMyAdmin phpMyAdmin 3.3.8 phpMyAdmin phpMyAdmin 3.3.7 phpMyAdmin phpMyAdmin 3.3.6 phpMyAdmin phpMyAdmin 3.4.1 phpMyAdmin phpMyAdmin 3.3.9....

MITKRB5-SA-2011-005 FTP daemon fails to set effective group ID [CVE-2011-1526]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2011-005 MIT krb5 Security Advisory 2011-005 Original release: 2011-07-05 Topic: FTP daemon fails to set effective group ID CVE-2011-1526 CVSSv2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:O/RC:C CVSSv2 Base Score: 6.5 Access Vector: Network...

PT-2011-08: Multiple vulnerabilities in Dlink DPH 150SE/E/F1

Positive Research Center has discovered multiple vulnerabilities in Dlink DPH 150SE/E/F1 IP phone. 1. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to obtain device configuration file with all the settings including administrator's...