SmarterMail 7.2.3925 - LDAP Injection

SmarterMail 7.2.3925 - LDAP Injection Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.2 Bug : LDAP Injection + Cross Site Scripting STORED Test...

[SECURITY] Fedora 14 Update: Django-1.2.3-1.fc14

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

SiteEngine CMS 5.1.0 file upload vulnerability-vulnerability warning-the black bar safety net

Website engineSiteEngine,name: Boca website, the engine management system, The Beijing Boca vanguard Software Development Co., Ltd. in 2 0 0 2-year independent research and development, with intellectual property rights of a marketing type website construction management class software. At the sa...

Fedora Update for Django FEDORA-2010-14430

Check for the Version of Django OpenVAS Vulnerability Test Fedora Update for Django FEDORA-2010-14430 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

[SECURITY] Fedora 13 Update: Django-1.2.2-1.fc13

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 12 Update: Django-1.2.2-1.fc12

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

New Jailbreak Could Defy Patching on iPhones, iPads

Code that allows Apple customers to circumvent that company’s exclusive content protection features was released on Wednesday, with security researchers warning that the hack could be impossible for Apple to fix on devices that have already been manufactured. The Chronic Development Team, a group...

HP Snags Application Testing Firm Fortify

The drumbeat for more secure application development picked up pace on Tuesday, with news that software giant HP had acquired privately funded Fortify Software, a maker of static code analysis tools, for an undisclosed amount. HP said that Fortify’s static analysis tools will complement its dynam...

Mthree Development MP3 To Wav Decoder Denial Of Service

Exploit Title: Mthree Development MP3 to WAV Decoder .mp3 DoS Date: 10 / 8 / 2010 Author: Oh Yaw Theng Credit : ZAC0034m!n Software Link: http://www.mthreedev.com/setupmp3towav.exe Tested on: Windows XP SP 2 CVE : N / A Description : Create the malicious .mp3 file , open up using Mthree , after...

Mthree Development MP3 to WAV Decoder Denial of Service

Exploit for windows platform in category dos / poc ======================================================= Mthree Development MP3 to WAV Decoder Denial of Service ======================================================= Exploit Title: Mthree Development MP3 to WAV Decoder .mp3 DoS Date: 10 / 8 /...

Mthree Development MP3 to WAV Decoder - Denial of Service

Mthree Development MP3 to WAV Decoder - Denial of Service Exploit Title: Mthree Development MP3 to WAV Decoder .mp3 DoS Date: 10 / 8 / 2010 Author: Oh Yaw Theng Credit : ZAC0034m!n Software Link: http://www.mthreedev.com/setupmp3towav.exe Tested on: Windows XP SP 2 CVE : N / A Description : Creat...

Mthree Development MP3 to WAV Decoder - Denial of Service

Exploit Title: Mthree Development MP3 to WAV Decoder .mp3 DoS Date: 10 / 8 / 2010 Author: Oh Yaw Theng Credit : ZAC0034m!n Software Link: http://www.mthreedev.com/setupmp3towav.exe Tested on: Windows XP SP 2 CVE : N / A Description : Create the malicious .mp3 file , open up using Mthree , after...

Sun Java Runtime Environment JPEGImageReader Heap Overflow

Java Technology is a programing platform developed by Sun Microsystems which aims to provide a system for developing and deploying cross-platform applications. Java is used in a wide variety programs that are deployed on personal computers as well as embedded devices and cell phones. Java...

MDVA-2010:110 : dbus

This update makes the debug package for dbus available to be used by gdb on x86-64 and allows parallel installation of the development packages for both x86 and x86-64 architectures. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a securi...

Enable Web Sudo to work with other single-sign-on solutions

Customers with some of the unsupported single sign-on solutions|http://confluence.atlassian.com/display/DEV/Single+Sign-on+Integration+with+JIRA+and+Confluence can't easily upgrade to Confluence 3.3 because WebSudo doesn't handle external SSO solutions. See this example:...

Enable Web Sudo to work with other single-sign-on solutions

Customers with some of the unsupported single sign-on solutions|http://confluence.atlassian.com/display/DEV/Single+Sign-on+Integration+with+JIRA+and+Confluence can't easily upgrade to Confluence 3.3 because WebSudo doesn't handle external SSO solutions. See this example:...

SOL11795 - Pre-logon sequence vulnerability to Cross-Site Scripting

Cross-site scripting XSS vulnerabilities exist in the FirePass pre-logon pages, which are accessible prior to authentication. The affected FirePass pages fail to fully sanitize HTTP request input before the web page content is sent to the browser. By altering the HTTP request input via the posted...

Fedora Update for kvirc FEDORA-2010-10522

Check for the Version of kvirc OpenVAS Vulnerability Test Fedora Update for kvirc FEDORA-2010-10522 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

PHP pack()函数中断处理信息泄露漏洞

CVE ID: CVE-2010-2191 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的pack函数中存在信息泄露漏洞： PHPFUNCTIONunpack char format, input, formatarg, inputarg; int formatlen, formatarglen, inputarglen; int inputpos, inputlen, i; if zendparseparametersZENDNUMARGS TSRMLSCC, "ss", &formatarg, &formatarglen, &inputarg...

PHP unpack()函数中断处理信息泄露漏洞

CVE ID: CVE-2010-2191 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的unpack函数中存在信息泄露漏洞： char format, input, formatarg, inputarg; int formatlen, formatarglen, inputarglen; int inputpos, inputlen, i; if zendparseparametersZENDNUMARGS TSRMLSCC, "ss", &formatarg, &formatarglen, &inputarg, &inputarglen =...