Apache 2.4 Comes Out, Major update after 6 years

Apache 2.4 Comes Out, Major update after 6 years The Apache Software Foundation officially released the Apache 2.4 today as the first major update to this leading open-source web-server in more than a half-decade. Apache 2.4 is slated to deliver superior performance to its 2.2 predecessor and...

PHP 5.2.x Remote Code Execution Vulnerability

Release Date: 17 February 2012 Affected Versions: 5.2.0 - 5.2.17 unsupported version ------------------------------------------------------------------------------------------ Description: If PHP bails out in startup stage before setting PGmodulesactivated to 1, the filterglobals struct is not...

[USN-1364-1] Linux kernel (OMAP4) vulnerabilities

========================================================================== Ubuntu Security Notice USN-1364-1 February 13, 2012 linux-ti-omap4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2012:0052 Updated kernel packages that fix one security issue and three bugs are now available for for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring...

CVE-2012-0040

Cross-site scripting XSS vulnerability in modules/core/www/nocookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter...

SA-CONTRIB-2012-006 XSS and CSRF in Multiple Modules - Supercron, Taxotouch, Admin:hover, Taxonomy Navigator no longer supported

CVE: CVE-2012-1628 SuperCron is a complete replacement for Drupal's built-in Cron functionality. The module is vulnerable to Cross Site Scripting. The vulnerability is mitigated by an attacker needing to gain an account with "access administration pages" permission. CVE: CVE-2012-1629 Taxotouch...

Plone and Zope Remote CMD Injection Exploit

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Plone and Zope...

FreeBSD -- pam_ssh() does not validate service names

Problem Description: Some third-party applications, including KDE's kcheckpass command, allow the user to specify the name of the policy on the command line. Since OpenPAM treats the policy name as a path relative to /etc/pam.d or /usr/local/etc/pam.d, users who are permitted to run such an...

Fedora Update for perl-PAR FEDORA-2011-16859

Check for the Version of perl-PAR OpenVAS Vulnerability Test Fedora Update for perl-PAR FEDORA-2011-16859 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 15 Update: perl-PAR-1.002-4.fc15

This module lets you use special zip files, called Perl Archives, as libraries from which Perl modules can be loaded...

Plone Request Parsing Remote Command Execution

The version of Plone hosted on the remote web server has a flaw that allows arbitrary access to Python modules. Using a specially crafted URL, this can allow an unauthenticated, remote attacker the ability to run arbitrary commands on the system through the Python 'os' module in the context of th...

Multiple Vulnerabilities Haunt Long List of PLC Modules

A long list of industrial-control modules manufactured by Schneider Electric and used to control operations at various industrial facilities contain multiple weaknesses and vulnerabilities that could allow an attacker to modify the firmware, login remotely and run arbitrary code on the vulnerable...

Fedora Update for pam FEDORA-2011-16365

Check for the Version of pam OpenVAS Vulnerability Test Fedora Update for pam FEDORA-2011-16365 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

BeEF 0.4.2.12 alpha Browser Exploitation Framework Released

BeEF 0.4.2.12 alpha Browser Exploitation Framework Released The Browser Exploitation Framework BeEF is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks,...

BeEF 0.4.2.12 alpha Browser Exploitation Framework Released

BeEF 0.4.2.12 alpha Browser Exploitation Framework Released The Browser Exploitation Framework BeEF is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks,...

OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability

OpenSSH sshd with ChallengeResponseAuthentication enabled is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Directory traversal

Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 set or 2 module parameter to a OM/Core/Site/Admin/Application/templatesmodules/pages/info.php, b...

CVE-2011-4543

Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 set or 2 module parameter to a OM/Core/Site/Admin/Application/templatesmodules/pages/info.php, b...

CVE-2011-4544

Multiple cross-site scripting XSS vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the 1 address or 2 relativbasedir parameter to modules/mondialrelay/googlemap.php; the 3 relativbasedir, 4 Pays, 5 Ville, 6 CP, 7 Poids, 8 Action, or 9 num...

Cross site scripting

Cross-site scripting XSS vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains...