CVE-2011-4053

Untrusted search path vulnerability in 7-Technologies 7T Interactive Graphical SCADA System IGSS before 9.0.0.11291 allows local users to gain privileges via a Trojan horse DLL in the current working directory...

[SECURITY] Fedora 15 Update: plib-1.8.5-5.fc15

This is a set of OpenSource LGPL libraries that will permit programmers to write games and other realtime interactive applications that are 100% portable across a wide range of hardware and operating systems. Here is what you need - it's all free and available with LGPL'ed source code on the web...

Telnetd encrypt_keyid: Remote Root function pointer overwrite

Exploit for linux platform in category remote exploits / telnetd-encryptkeyid.c Mon Dec 26 20:37:05 CET 2011 Copyright 2011 Jaime Penalba Estebanez NighterMan email protected - email protected Credits to batchdrake as always / / // / / / // /\ \ / / / / / \ / / / / / / // / / / / // / / / //,///...

Dhost Interactive SQL Injection

. . . | | | / || | | / \ / | / \ / \ / \ / /| |\ \ | || | / // | | | \ / \ \ | | / \ |||| /\ | / || / \ / || / / / / / / / =========================================================================== Title : Dhost Interactive SQL Injection Vulnerability Vendor Link: : http://www.dhost.hk/...

OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability

OpenSSH sshd with ChallengeResponseAuthentication enabled is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Sqlninja 0.2.6 is now available

Sqlninja 0.2.6 is now available Sqlninja's goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv3.There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on...

Sqlninja 0.2.6 is now available

Sqlninja 0.2.6 is now available Sqlninja's goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv3.There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on...

Oracle Hyperion Enterprise Performance Management arsqls24.dll缓冲区溢出漏洞

Oracle Hyperion Enterprise Performance Management是性能管理软件。 Oracle Hyperion Enterprise Performance Management在实现上存在安全漏洞，可被恶意用户利用控制用户系统。 在解析数据库连接字符串时，arsqls24.dll中存在边界错误。通过诱使用户打开特制的Hyperion Interactive Reporting Studio .oce文件造成栈缓冲区溢出。 Oracle Hyperion Enterprise Performance Management EPM 11.x 厂商补丁：...

Oracle DataDirect ODBC Drivers - HOST Attribute arsqls24.dll Stack Buffer Overflow (PoC)

Oracle DataDirect ODBC Drivers - HOST Attribute arsqls24.dll Stack Buffer Overflow PoC g 208.152c: Access violation - code c0000005 first chance First chance exceptions are reported before any exception ha...

Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Buffer Overflow (PoC)

g 208.152c: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This exception may be expected and handled...

Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based

Exploit for windows platform in category dos / poc g 208.152c: Access violation - code c0000005 first chance First chance exceptions are reported before any exception hand...

Apple QuickTime 7.7.1之前版本TKHD 元素处理远程代码执行漏洞

BUGTRAQ ID: 50403 CVE ID: CVE-2011-3251 QuickTime是由苹果电脑所开发的一种多媒体架构，能够处理许多的数字视频、媒体段落、音效、文字、动画、音乐格式，以及交互式全景影像的数项类型。 Apple QuickTime 7.7.1之前版本在处理特制视频文件时存在远程代码执行漏洞，攻击者可利用此漏洞以当前用户权限执行任意代码，导致应用意外终止。此漏洞不影响Mac OS X系统。 Apple QuickTime Player 7.x 厂商补丁： Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Cisco - file Directory Traversal

Cisco - file Directory Traversal source: https://www.securityfocus.com/bid/50372/info Multiple Cisco products are prone to a directory-traversal vulnerability. Exploiting this issue will allow an attacker to read arbitrary files from locations outside of the application's current directory. This...

Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability

Description Oracle Java SE is prone to a remote code-execution vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'Scripting' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6...

[SECURITY] Fedora 16 Update: kig-4.7.1-2.fc16

Interactive Geometry...

Official websites of 7 major Syrian city hacked by Anonymous for #OpSyria

Official websites of 7 major Syrian city hacked by Anonymous for OpSyria Official websites of 7 major Syrian city hacked by Anonymous hackers as part of hacktivists Anonymous' Operation Syria OpSyria . Anonymous has replaced the home pages of official Syrian websites with an interactive map of...

7-Technologies Interactive Graphical SCADA

Overview ICS-CERT originally released Advisory ICSA-11-353-01P on the US-CERT secure portal on December 19, 2011. This web page release was delayed to allow users time to download and install the update. Researcher Kuang-Chun Hung of Security Research and Service Institute--Information and...

QR Tags Can Hide Malicious Links, Experts Warn

QR tags have become the next big thing in interactive marketing. But as smart phone users flock to the trendy, postage-stamp sized bar codes, researchers are warning that they could be used to hijack mobile phones by directing them to malicious Web pages. In a post on the mobile security blog...

[SECURITY] Fedora 15 Update: apache-commons-daemon-1.0.7-1.fc15

The scope of this package is to define an API in line with the current Java Platform APIs to support an alternative invocation mechanism which could be used instead of the public static void mainString method. This specification covers the behavior and life cycle of what we define as Java daemons...

[SECURITY] Fedora 16 Update: apache-commons-daemon-1.0.7-1.fc16

The scope of this package is to define an API in line with the current Java Platform APIs to support an alternative invocation mechanism which could be used instead of the public static void mainString method. This specification covers the behavior and life cycle of what we define as Java daemons...