Ubuntu 14.04 LTS : Django vulnerabilities (USN-2169-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2169-1 advisory. Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse function. An attacker could use this issue to cause...

[SECURITY] Fedora 19 Update: cacti-0.8.8b-5.fc19

Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also...

Sendy 1.1.9.1 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Sendy 1.1.9.1 - SQL Injection Vulnerability Date: 2014-04-10 Exploit Author: marduk369 Vendor Homepage: http://sendy.co/ Software Link: http://sendy.co/ Version: 1.1.9.1 email protected: sqlmap -u 'http://server1/send-to?i=1&c=1...

InterWorx 5.0.13 Build 574 SQL Injection Vulnerability

InterWorx Web Control Panel version 5.0.13 build 574 suffers from a remote SQL injection vulnerability. ================================================= Title: SQL injection in InterWorx Control Panel Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.13 build 574...

InterWorx 5.0.13 Build 574 SQL Injection

================================================= Title: SQL injection in InterWorx Control Panel Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.13 build 574 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2014-2531 Solution Status: Fixed in Version...

[bWAPP] an extremely buggy web application!

bWAPP, or a buggy web application, is a deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so uniqu...

RedHat Update for mysql55-mysql RHSA-2014:0186-01

Check for the Version of mysql55-mysql OpenVAS Vulnerability Test RedHat Update for mysql55-mysql RHSA-2014:0186-01 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Oracle Linux 5 : mysql55-mysql (ELSA-2014-0186)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0186 advisory. - Fix CVE-2014-0001 Related: 1055875 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Moderate: Red Hat Security Advisory: mysql55-mysql security update

Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

CentOS Update for mysql CESA-2014:0164 centos6

Check for the Version of mysql OpenVAS Vulnerability Test CentOS Update for mysql CESA-2014:0164 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

DSA-2845-1 mysql-5.1 - several

Bulletin has no description...

[Xplico 1.1.0] Open Source Network Forensic Analysis Tool (NFAT)

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email POP, IMAP, and SMTP protocols, all HTTP contents, each VoIP call SIP, FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is ...

Horizon QCMS "/lib/functions/d-load.php"目录遍历漏洞

CVE ID:CVE-2013-7138 Horizon QCMS是支持PHP与MySQL的开放源码的Horizon快速内容管理系统。 该漏洞的存在是由于传递到"/lib/functions/d-load.php"脚本的"start" HTTP GET参数"fopen"方法中被使用前没有足够过滤，远程攻击者可以以Web服务器的权限在目标系统上读取任意文件内容。 0 Horizon QCMS=4.0 厂商补丁： Horizon ----- Horizon 4.0版本以修复此漏洞，建议用户下载使用：...

Tajikistan Domain Registrar hacked; Google, Yahoo, Twitter, Amazon also defaced

Google’s primary search domain for Tajikistan had seemingly been hacked yesterday, along with other high profile domains including Yahoo, Twitter, Amazon -- redirected to a defaced page. Actually neither Google, nor Twitter servers have been hacked, rather website of Tajikistan's Domain registrar...

Multiple Vulnerabilities in Horizon QCMS

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Horizon QCMS, which can be exploited to read contents of arbitrary files and perform SQL Injection attacks. 1 Path Traversal in Horizon QCMS: CVE-2013-7138 The vulnerability exists due to insufficient filtration of...

Debian Announces End of Security Support for IceApe

Developers at Debian today informed users still clinging to Iceape – an Internet suite modeled on old Mozilla code – that they are cutting the cord and will stop supplying the software with security updates. Iceape is more or less a Debian-branded hybrid of several community-driven entities,...

Kimai v0.9.2 'db_restore.php' SQL Injection Vulnerability

Exploit for php platform in category remote exploits require 'msf/core' class Metasploit3 "Kimai v0.9.2 'dbrestore.php' SQL Injection", 'Description' = %q This module exploits a SQL injection vulnerability in Kimai version 0.9.2.x. The 'dbrestore.php' file allows unauthenticated users to execute...

Debian Security Advisory DSA 2780-1 (mysql-5.1 - several vulnerabilities)

This DSA updates the MySQL database to 5.1.72. This fixes multiple unspecified security problems in the Optimizer component: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html OpenVAS Vulnerability Test $Id: deb2780.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated...

XAMPP 1.8.1 Local Write Access Vulnerability

============================================= INTERNET SECURITY AUDITORS ALERT 2013-007 - Original release date: March 14th, 2013 - Last revised: March 19th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 6,8/10 CVSS Base Score - CVE-ID: CVE-2013-2586...

XAMPP 1.8.1 Local Write Access Vulnerability

XAMPP version 1.8.1 allows an unprivileged user the ability to write to the local disk. It has been detected than an unprivileged user can write in the local disk and the local file "lang.tmp" can be modified in the remote machine. The injection is done through the page "/xampp/lang.php"...