[SECURITY] [DSA 3012-1] eglibc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3012-1 [email protected] http://www.debian.org/security/ Florian Weimer August 27, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3012-1 (eglibc - security update)

Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve...

CVE-2014-5119

Off-by-one error in the gconvtranslitfind function in gconvtrans.c in GNU C Library aka glibc allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules...

DSA-3012-1 eglibc - security update

Bulletin has no description...

[SECURITY] Fedora 20 Update: ansible-1.6.10-1.fc20

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 19 Update: ansible-1.6.10-1.fc19

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Bing Dork Scanner - Tool to extract urls from a bing search

This is a simple script with GUI, to extract urls from a bing search. Support only HTTP proxy. Required Perl Modules: LWP Gtk2 Glib uft8 threads threads::shared URI::Escape Download Bing Dork Scanner...

CVE-2014-2362

The CVE-2014-2362 entry concerns OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, which rely on the time64() value from the C library as entropy for the site security key. This cryptographic weakness can allow an unauthenticated or remote attacker to predict the site key and po...

NoVirusThanks File Governor - Unlock locked files and folders

NoVirusThanks File Governor is an advanced program which allows for files and folders within the system to be unlocked so that normal file I/O operations can be completed when normally they would not be able to be due to operating system restrictions for files currently in use. Once a file or...

[SECURITY] Fedora 19 Update: ansible-1.6.6-1.fc19

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 20 Update: ansible-1.6.6-1.fc20

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

WebCalendar 0.9.x week.php user XSS

No description provided by source. source: http://www.securityfocus.com/bid/8539/info It has been reported that WebCalendar is prone to multiple cross-site scripting vulnerabilites in various modules. The issues exist in includes/js/colors.php, week.php, day.php, month.php, weekdetails.php,...

CORE FORCE Firewall 0.95.167 and Registry Modules Multiple Local Kernel Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/27341/info CORE FORCE Firewall and Registry modules are prone to multiple local kernel buffer-overflow vulnerabilities because the software fails to adequately verify user-supplied input. Local attackers can exploit these...

PostNuke Modules Factory Subjects Module 2.0 - SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11148/info Reportedly the PostNuke Modules Factory Subjects module is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI parameters. ...

AJA Modules Rapidshare 1.0.0 - Remote Shell Upload Vulnerability

No description provided by source. AJA Modules Rapidshare 1.0.0 Remote Shell Upload Vulnerability AUTHOR : Hussin X Home : WwW.IQ-TY.CoM & WwW.TrYaG.cc Mail : [email protected] script : http://www.magtrb.com/en/modules.php?name=Downloads&op=getit&lid=6 exploit : 1. Change Type Shell from...

bcoos 1.0.10 /myalbum/ratephoto.php lid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/26629/info The 'bcoos' program is prone to multiple input-validation vulnerabilities, including SQL-injection issues and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. These...

Ossigeno CMS 2.2_pre1 upload/xax/admin/modules/install_module.php level Parameter Remote File Inclusion

No description provided by source...

VirtuaSystems VirtuaNews 1.0.x Multiple Module Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/9812/info It has been reported that the VirtuaNews non-default modules 'Files' and 'Vulns' are prone to multiple cross-site scripting vulnerabilities. These problems surround the application's failure to properly validate...

RoseOnlineCMS <= 3 B1 (admin) Local File Inclusion

漏洞出现在modules/admincp.php中 Click here to go back home'; obendflush; ? $admin直接通过GET方式获取 没有经过过滤 后面直接用include包含了 所以在PHP5.3的情况下 可以 通过%00截断 达到任意文件包含 payload http://0.0.0.0/modules/admincp.php?admin=LFI%00 '/ -.- --------------------oOO------OOo------------------- | RoseOnlineCMS = 3 B1 admin Local Fil...

KimsQ 040109 Multiple Remote File Include Vulnerability

No description provided by source. \|/// \ - - // @ @ ----oOOo---oOOo-------------------------------------------------- KimsQ 040109 Multiple Remote File Include Vulnerability Script: http://kimsq.googlecode.com/files/kimsqv040109.zip Author: mat Mail: [email protected]...