Advanced Electron Forum 1.0.9 - Remote File Inclusion / Cross-Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AEF-RFI.txt Vendor: ============================= www.anelectron.com/downloads/ Product: ================================ Advanced Electron Forum v1.0.9 AEF Exploit patched current version...

Schneider Electric ProClima Application Detection

Binary data 9048.prm...

KLA10711 Multiple vulnerabilities in Adobe Flash Player

Multiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions or execute arbitrary code. Below is a complete list of vulnerabilities 1. An unknown vulnerability can be exploited remote...

多款NVIDIA GPU显卡驱动非引用Windows搜索路径漏洞

安装了nvidia的显卡驱动包后，在控制面板会有nvidia的图标，点击该图标会运行 nvSmartMaxApp.exe，并显示显卡配置界面。该主程序在加载其它子程序时，调用createprocessa API时，第一个参数没有使用双引号来闭合包含有空格的子进程路径。造成攻击者可以在C盘根目录下 存放c:\program.exe的恶意程序，并会被nvSmartMaxApp.exe加载。 但是在WIN7中默认C盘根目录是不能写的。同时该漏洞需要用户交互。...

How to Activate GodMode in Windows 10

Microsoft's Windows 10, the latest version of Windows Operating System, has been creating waves since it rolled out, and reached to 110 million devices within just 2 months. If you are a long-time Windows user, you may remember a trick called, 'God Mode'. God Mode is an inbuilt, but hidden featur...

Design/Logic Flaw

vzctl before 4.9.4 determines the virtual environment VE layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container CT root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the...

CVE-2015-6927

vzctl before 4.9.4 determines the virtual environment VE layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container CT root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the...

Security update for icedtea-web (important)

The icedtea-web java plugin was updated to 1.6.1. Changes included: Enabled Entry-Point attribute check permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. fixed DownloadService comments in deployment.properties now should...

DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities

Exploit for php platform in category web applications ============================================================================= + Exploit Title : DirectAdmin Web Control Panel CSRF/XSS vulnerability + Exploit Author : Ashiyane Digital Security Team + Date : 1.483 + Version : 2015/09/08 + Test...

DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities

DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities ============================================================================= + Exploit Title : DirectAdmin Web Control Panel CSRF/XSS vulnerability + Exploit Author : Ashiyane Digital Security Team + Date : 1.483 + Version : 2015/09/...

DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities

============================================================================= + Exploit Title : DirectAdmin Web Control Panel CSRF/XSS vulnerability + Exploit Author : Ashiyane Digital Security Team + Date : 1.483 + Version : 2015/09/08 + Tested on : Elementary Os + Vendor Homepage :...

Just Like Windows 10, Windows 7 and 8 Also Spy on You – Here’s How to Stop Them

No plan to install Windows 10 due to Microsoft's controversial data mining and privacy invasions within the operating system? Well, Windows 7 and Windows 8 OS users should also be worried as Windows 10 spying is now headed their way too… Microsoft has been caught installing latest updates onto...

FruityWifi v2.2 - Wireless Network Auditing Tool

FruityWifi is an open source tool to audit wireless networks. It allows the user to deploy advanced attacks by directly using the web interface or by sending messages to it. Initialy the application was created to be used with the Raspberry-Pi, but it can be installed on any Debian based system...

Authentication flaw

Rational Test Control Panel in IBM Rational Test Workbench and Rational Test Virtualization Server 8.0.0.x before 8.0.0.5, 8.0.1.x before 8.0.1.6, 8.5.0.x before 8.5.0.4, 8.5.1.x before 8.5.1.5, 8.6.0.x before 8.6.0.4, and 8.7.0.x before 8.7.0.2 uses the MD5 algorithm for password hashing, which...

Searches for Pirated Content Lead to Pain and Little Gain

People love to try and get something for nothing, especially on the Internet where there’s all kinds of things available for nothing. But a lot of those free things are illegal and attackers have become very adept at taking advantage of users’ desire for free episodes of Gilmore Girls or bonus...

Vesta Control Panel Cross-Site Request Forgery Vulnerability (CNVD-2015-04122)

Vesta Control Panel is an open source web hosting control panel. Vesta Control Panel versions prior to 0.9.8-14 suffer from a cross-site request forgery vulnerability that allows remote attackers to hijack the authentication of arbitrary user identities...

Vesta Control Panel 0.9.8 - OS Command Injection

Vesta Control Panel 0.9.8 - OS Command Injection Advisory ID: HTB23261 Product: Vesta Control Panel Vendor: http://vestacp.com Vulnerable Versions: 0.9.8 and probably prior Tested Version: 0.9.8 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor...

Vesta Control Panel 0.9.8 - OS Command Injection

Advisory ID: HTB23261 Product: Vesta Control Panel Vendor: http://vestacp.com Vulnerable Versions: 0.9.8 and probably prior Tested Version: 0.9.8 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor Patch: June 3, 2015 Public Disclosure: June 17,...

Vesta Control Panel 0.9.8 OS Command Injection Vulnerability

Vesta Control Panel version 0.9.8 suffers from an OS command injection vulnerability. Product: Vesta Control Panel Vendor: http://vestacp.com Vulnerable Versions: 0.9.8 and probably prior Tested Version: 0.9.8 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 2...

OS Command Injection in Vesta Control Panel

Advisory ID: HTB23261 Product: Vesta Control Panel Vendor: http://vestacp.com Vulnerable Versions: 0.9.8 and probably prior Tested Version: 0.9.8 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor Patch: June 3, 2015 Public Disclosure: June 17,...