Duqu Analysis and Detection Tool by NSS Labs

Duqu Analysis and Detection Tool by NSS Labs NSS Labs has built a new, free tool that detects known and newly created Duqu drivers that have infiltrated systems, thus allowing security experts to further analyze the "functionality, capabilities and ultimate purpose of DuQu. ". The Tool is availab...

CVE-2010-5035

Cross-site scripting XSS vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter aka the search field. NOTE: some of these details are obtained from third party information...

Moderate: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

PYSEC-2011-2

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...

GateOne Beta - Terminal emulator for HTML5 web browsers

GateOne Beta - Terminal emulator for HTML5 web browsers The software makes use of WebSockets to connect a server backend written in Python and a frontend written for modern browsers in JavaScript, HTML5 and CSS. The frontend doesn't require any browser plug-ins to be installed.Gate One also...

CVE-2011-2491

The Network Lock Manager NLM protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service system hang via a LOCKUN flock system call...

Firefox Java update ready to stop BEAST attacks

Firefox Java update ready to stop BEAST attacks Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework. Johnath, the...

CVE-2011-2937

Cross-site scripting XSS vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the mbox parameter to the default URI...

CVE-2011-2937

Cross-site scripting XSS vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the mbox parameter to the default URI...

JAKCMS PRO <= 2.2.5 Remote Arbitrary File Upload Exploit

Exploit for php platform in category web applications Exploit Title: JAKCMS PRO = 2.2.5 Remote Arbitrary File Upload Exploit Google Dork: "Powered By JAKCMS" Date: 21/09/2011 Author: EgiX Software Link: http://www.jakcms.com/ Version: 2.2.5 Tested on: Windows 7 and Debian 6.0.2 ?php /...

2011 DDoS Botnet Landscape

Botnets have been a problem for more than a decade now, but in recent years they’ve become a serious security threat, delivering exploit kits, malware and mass Web site injections. In this video, Jose Nazario of Arbor Networks discusses the current botnet landscape and the adoption of new modular...

CVE-2011-0543

Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack...

CVE-2011-0543

Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack...

CVE-2011-0543

CVE-2011-0543 affects fusermount in Fuse (versions 2.8.5 and earlier) where, if util-linux does not support the --no-canonicalize option, a local attacker could bypass access restrictions and unmount arbitrary directories via a symlink attack. This describes a local, privilege-safe concern with p...

INSECT Pro 2.7 - Penetration testing tool download

INSECT Pro 2.7 - Penetration testing tool download INSECT Pro 2.7 - Ultimate is here! This penetration security auditing and testing software solutionis designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities and implement active...

How to manually test hotadd functionality

Purpose This article documents the procedure for manually performing hotadd to test whether a Veeam Backup Proxy can attach a VM's base disks. Solution Requirements and Limitations Before testing, review Virtual Appliance HOTADD Requirements and Limitations Review KB1054:Appliance Mode Hotadd...

CVE-2011-2358

Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension...

CVE-2011-2791

The International Components for Unicode ICU functionality in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write...

Design/Logic Flaw

Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension...

Design/Logic Flaw

Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension...