Sun Solaris <= 2.5.1 PAM & unix_scheme Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/201/info There is a buffer overflow condition on arguments in Pluggable Authentication Modules PAM and unixscheme 5.4 and 5.3. Therefore, an unauthorized user could exploit this vulnerability via the passwd program to gai...

Content-Builder (CMS) <= 0.7.2 - Multiple Include Vulnerabilities

No description provided by source. $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ ContentBuilder = 0.7.2 Remote File Include Vulnerability $$ script site: http://www.content-builder.net/ $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$ Find by: Kacpe...

ImpressPages CMS 3.6 - manage() Function Remote Code Execution Exploit

No description provided by source. ?!/usr/bin/python ImpressPages CMS v3.6 manage Function Remote Code Execution Exploit Vendor: ImpressPages UAB Product web page: http://www.impresspages.org Affected version: 3.6, 3.5 and 3.1 Summary: ImpressPages CMS is an open source web content management...

Sofi WebGui <= 0.6.3 PRE (mod_dir) Remote File Inclusion Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ dunatstrcpy.pl Sofi WebGui = 0.6.3 PRE Remote File Inclusion Vulnerability Script site:...

RunCMS 1.1/1.2 NewBB_Plus and Messages Modules Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14631/info RunCMS is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation...

Network Tool 0.2 PHPNuke Addon Metacharacter Filtering Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3552/info Network Tool is a PHPNuke addon, written and maintained by Rick Fournier. It is designed to offer network features such as nmap, traceroute, and ping from a web interface. A problem with the package has been...

ExBB 1.9.1 Home_Path Parameter Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/19787/info ExBB is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing...

SuSE 11.3 Security Update : compat-wireless, compat-wireless-debuginfo, etc (SAT Patch Number 9414)

This update for the compat-wireless kernel modules provides many fixes and enhancements : - Fix potential crash problem in ath9k. CVE-2014-2672, bnc871148 - Fix improper updates of MAC addresses in ath9khtc. bnc851426, CVE-2013-4579 - Fix stability issues in iwlwifi. bnc865475 - Improve support f...

Versatility of Zeus Framework Encourages Criminal Innovation

A new report on the Zeus trojan’s evolution shows that the malware was moved from harvesting online banking credentials to controlling botnets and launching distributed denial of service attacks attributes the evolution to the highly customized and incredibly versatile framework Zeus is today...

Mandriva Linux Security Advisory : python-django (MDVSA-2014:113)

Multiple vulnerabilities has been discovered and corrected in python-django : Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the 1 Vary: Cookie or 2 Cache-Control header in responses, which allows remote attackers to obtain sensitive...

kesako /modules/event.php SQL注入漏洞

No description provided by source...

FreeBSD-SA-14:13.pam

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:13.pam Security Advisory The FreeBSD Project Topic: Incorrect error handling in PAM policy parser Category: contrib Module: pam Announced: 2014-06-03 Credits...

[SECURITY] Fedora 19 Update: python-fedora-0.3.34-1.fc19

Python modules that help with building Fedora Services. The client module included here can be used to build programs that communicate with many of Fedora Infrastructure's Applications such as Bodhi, PackageDB, MirrorManage r, and FAS2...

Microsoft Giving .NET Users The Option to Shed RC4

Microsoft didn’t beat around the bush when it warned customers to stay away from the deprecated RC4 algorithm last fall. Now it’s giving those who use its .NET software framework an option to disable the cipher in Transport Layer Security TLS as well. In a security advisory issued on its Security...

MS KB2962824: Update Rollup of Revoked Non-Compliant UEFI Modules

The remote host is missing Microsoft KB2962824, an update that revokes the digital signatures of four third-party Unified Extensible Firmware Interface UEFI modules. This update prevents the modules from being loaded on systems where UEFI Secure Boot is enabled. C Tenable Network Security, Inc...

Fedora Update for python-fedora FEDORA-2014-5962

Check for the Version of python-fedora OpenVAS Vulnerability Test Fedora Update for python-fedora FEDORA-2014-5962 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

[SECURITY] Fedora 19 Update: ansible-1.5.5-1.fc19

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 20 Update: ansible-1.5.5-1.fc20

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Web application Advanced Security: IronWASP

Web application Advanced Security: IronWASP IronWASP Iron Web application Advanced Security testing Platform is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Thou...

DEBIAN-CVE-2014-0472

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...