CVE-2014-1645

CVE-2014-1645 is an SQL injection flaw in Symantec LiveUpdate Administrator (LUA) 2.x up to version 2.3.2.110, affecting the management GUI via forcepasswd.do and related password-recovery paths. The vulnerability allows remote attackers to execute arbitrary SQL commands, potentially exfiltrating...

Symantec LiveUpdate Administrator Unauthenticated/Unauthorized Account Access Modification and SQL i

SUMMARY The management GUI for Symantec LiveUpdate Administrator does not properly protect the forgotten password functionality of the web interface. An unauthorized individual with knowledge of the email address for an authorized LUA user can potentially force an arbitrary password reset leading...

GLSA-201402-07 : Freeciv: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201402-07 Freeciv: User-assisted execution of arbitrary code The Lua component of Freeciv does not restrict which modules may be loaded by scenario scripts. Impact : A remote attacker could entice a user to open a specially crafte...

Freeciv: User-assisted execution of arbitrary code

Background Freeciv is an open-source empire building strategy game. Description The Lua component of Freeciv does not restrict which modules may be loaded by scenario scripts. Impact A remote attacker could entice a user to open a specially crafted scenario file, possibly resulting in execution o...

[Sandcat Browser 4.4] The fastest web browser combined with the fastest scripting language packed with features for pen-testers

Sandcat Browser is the fastest web browser combined with the fastest scripting language packed with features for pen-testers. Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team. The Sandcat Browser is built on top...

Fedora Update for libguestfs FEDORA-2013-19492

Check for the Version of libguestfs OpenVAS Vulnerability Test Fedora Update for libguestfs FEDORA-2013-19492 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Fedora Update for libguestfs FEDORA-2013-19452

Check for the Version of libguestfs OpenVAS Vulnerability Test Fedora Update for libguestfs FEDORA-2013-19452 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

[SECURITY] Fedora 19 Update: libguestfs-1.22.7-1.fc19

Libguestfs is a library for accessing and modifying guest disk images. Amongst the things this is good for: making batch configuration changes to guests, getting disk used/free statistics see also: virt-df, migrating between virtualization systems see also: virt-p2v, performing partial backups,...

[Syhunt Sandcat Browser v4.1] A Penetration-oriented browser (extented to Web Application Assessment)

Sandcat Browser 4 brings unique features that are useful for pen-testers and web developers. Sandcat is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua programming language to provide extensions and scripting support. Features Live HTTP Headers —...

Unix Command Shell, Reverse TCP (via Lua)

Creates an interactive shell via Lua This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 224 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def initializeinfo ...

Windows Command Shell, Reverse TCP (via Lua)

Creates an interactive shell via Lua This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 224 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def initializeinfo ...

Unix Command Shell, Bind TCP (via Lua)

Listen for a connection and spawn a command shell via Lua This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 218 include Msf::Payload::Single include Msf::Sessions::CommandShellOption...

Windows Command Shell, Bind TCP (via Lua)

Listen for a connection and spawn a command shell via Lua This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 218 include Msf::Payload::Single include Msf::Sessions::CommandShellOption...

NetEase Lua-Programming Language for iOS任意文件上传漏洞

NetEase Lua-Programming Language for iOS是一款ios perl应用，允许用户学习，运行，共享perl脚本 NetEase Lua-Programming Language for iOS HTTP服务器文件上传实现存在安全漏洞，允许远程攻击者利用漏洞上传任意文件并执行 0 NetEase Ruby Programming Language for iOS 1.6 厂商解决方案 目前没有详细解决方案提供：...

Lua-Programming Language 1.6 File Upload

TITLE: Unauthenticated Remote File Upload via HTTP for lua-Programming language 1.6 on iOS Date: 8/1/2013 Author: Larry W. Cashdollar, @larry0 Download: https://itunes.apple.com/us/app/lua-programming-language/id505972017?mt=8&ls=1 http://www.tayutec.com/indexen.html Description: "Please download...

Fedora 18 : mediawiki-1.19.5-1.fc18 (2013-6171)

An internal review discovered that specially crafted Lua function names could lead to XSS. https://bugzilla.wikimedia.org/showbug.cgi?id=46084 Daniel Franke reported that during SVG parsing, MediaWiki failed to prevent XML external entity XXE processing. This could lead to local file disclosure, ...

Fedora 19 : mediawiki-1.20.4-1.fc19 (2013-5874)

An internal review discovered that specially crafted Lua function names could lead to XSS. https://bugzilla.wikimedia.org/showbug.cgi?id=46084 - Daniel Franke reported that during SVG parsing, MediaWiki failed to prevent XML external entity XXE processing. This could lead to local file...

Nmap NSE 6.01: smb-psexec

Implements remote process execution similar to the Sysinternals' psexec tool, allowing a user to run a series of programs on a remote machine and read the output. This is great for gathering information about servers, running the same tool on a range of system, or even installing a backdoor on a...

Mandriva Linux Security Advisory : wireshark (MDVSA-2011:138)

This advisory updates wireshark to the latest version 1.6.2, fixing several security issues : The prototreeadditem function in Wireshark 1.6.1, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service infinite loop via vectors involving a...

Setuid Nmap Exploit

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...