IBM General Parallel File System OpenSSL Security Bypass (Windows)

A version of IBM General Parallel File System GPFS 3.5.0.11 or later but prior to 3.5.0.18 is installed on the remote host. It is, therefore, affected by an unspecified error that could allow an attacker to cause usage of weak keying material, leading to simplified man-in-the-middle attacks. C...

S.u.S.E 6.4/7.0/7.1/7.2 Berkeley Parallel Make Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3573/info Parallel Make pmake is a freely available version of the make program, originally distributed with Berkeley Unix. It is designed to execute Makefiles and build programs. pmake is not typically setuid root,...

IBM Informix Dynamic Server 9.40/Informix Extended Parallel Server 8.40 Multiple Vulnerabilities (2)

No description provided by source. source: http://www.securityfocus.com/bid/9512/info IBM Informix Dynamic Server and IBM Informix Extended Parallel Server have been reported prone to multiple vulnerabilities. The first issue exists in the onedcu binary. Specifically, when the binary is invoked a...

S.u.S.E 6.4/7.0/7.1/7.2 Berkeley Parallel Make Shell Definition Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3572/info Parallel Make pmake is a freely available version of the make program, originally distributed with Berkeley Unix. It is designed to execute Makefiles and build programs. pmake is not typically setuid root,...

IBM DB2 9.8 <= Fix Pack 5 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 running on the remote host is version 9.8 prior or equal to Fix Pack 5. It is, therefore, affected by one or more of the following vulnerabilities : - An unspecified error exists in the GSKit component when initiating SSL/TLS connections due t...

IBM General Parallel File System 3.5 < 3.5.0.17 Multiple OpenSSL Vulnerabilities (Heartbleed)

A version of IBM General Parallel File System GPFS prior to 3.5.0.17 is installed on the remote host. It is, therefore, affected by multiple vulnerabilities related to OpenSSL: - An information disclosure vulnerability exists due to a flaw in the OpenSSL library, due to an implementation error in...

CmsEasy_5.5_UTF-8_20140420 存在存储型xss 可打管理员和平行用户

简要描述： CmsEasy5.5UTF-820140420 存在存储型xss 可打管理员和平行用户 详细说明： 第一种情况（攻击管理员）: 注册用户后，然后访问/CmsEasy5.5UTF-820140420/uploads/bbs/add-archive.php?cid=1 进行发帖，其中主题填写： " oninput=alert1 然后登陆管理员，如图所示: 点击"操作"底下的编辑，然后，让管理员发现问题的时候，对其内容进行删除修改时候，抽发xss 如图所示： 第二种情况（攻击平行用户）:...

MacOSX 10.9.2/XNU HFS Hard Linking

MacOSX/XNU HFS Multiple Vulnerabilities Maksymilian Arciemowicz http://cxsecurity.com/ http://cifrex.org/ =================== On November 8th, I've reported vulnerability in hard links for HFS+ CVE-2013-6799 http://cxsecurity.com/issue/WLB-2013110059 The HFS+ file system does not apply strict...

IBM General Parallel File System Detection

Binary data ibmgpfsinstalled.nbin...

IBM General Parallel File System 3.4 < 3.4.0.27 / 3.5 < 3.5.0.16 DoS (Debian)

A version of IBM General Parallel File System GPFS prior to 3.4.0.27 / 3.5.0.16 is installed on the remote host. It is, therefore, affected by a denial of service vulnerability. An authenticated, non-root attacker can exploit this vulnerability by passing certain arguments to 'setuid' commands,...

IBM General Parallel File System 3.4 < 3.4.0.27 / 3.5 < 3.5.0.16 DoS (RHEL)

A version of IBM General Parallel File System GPFS prior to 3.4.0.27 / 3.5.0.16 is installed on the remote host. It is, therefore, affected by a denial of service vulnerability. An authenticated, non-root attacker can exploit this vulnerability by passing certain arguments to 'setuid' commands,...

IBM General Parallel File System 3.4 < 3.4.0.27 / 3.5 < 3.5.0.16 DoS (SLES)

A version of IBM General Parallel File System GPFS prior to 3.4.0.27 / 3.5.0.16 is installed on the remote host. It is, therefore, affected by a denial of service vulnerability. An authenticated, non-root attacker can exploit this vulnerability by passing certain arguments to 'setuid' commands,...

ThinkSNS某功能平行权限3

简要描述： ThinkSNS某功能多处平行权限 详细说明： 这次是另外的文件了！ 代码apps\weiba\LogAction.class.php 这个文件的所有操作都没有权限判断 / 执行编辑微吧 @return void / public function doWeibaEdit / 设置微吧成员等级 @return void / public function editLevel / 移出成员 @return void / public function moveOut / 修改公告 @return void / public function doNotify 漏洞证明： 测试修...

ThinkSNS某功能平行权限2

简要描述： ThinkSNS某功能多处平行权限 详细说明： 继续平行权限 还是刚才的文件 本打算补充一下的 结果已经过了审核了！所以就在提交一个！ 问题发生在微吧模块 代码apps\weiba\index.action.php 行652 / 删除帖子 @return void / public function postDel $weibaid = D'weibapost'-where'postid='.intval$POST'postid'-getField'weibaid'; if !CheckWeibaPermission '' , $weibaid , 'weibadel' if...

[THC-Hydra 7.5] Fast Parallel Network Logon Cracker

Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast. Features IPv6 Support Graphic User Interface Internationalized support RFC 4013 HTTP proxy support SOCKS proxy support The tool suppor...

[Doona] Network Protocol Fuzzer

Doona is a fork of the Bruteforce Exploit Detector, it was renamed to avoid confusion as it has a large number of of changes. You should get a copy from github if you want to try it: https://github.com/wireghoul/doona. It's currently a little short on documentation, so I will let the changelog...

GLSA-201310-11 : Perl Parallel-ForkManager Module: Insecure temporary file usage

The remote host is affected by the vulnerability described in GLSA-201310-11 Perl Parallel-ForkManager Module: Insecure temporary file usage The Perl Parallel-ForkManager module does not handle temporary files securely. Impact : A local attacker could perform symlink attacks to overwrite arbitrar...

Perl Parallel-ForkManager Module: Insecure temporary file usage

Background Parallel-ForkManager is a simple parallel processing fork manager for Perl. Description The Perl Parallel-ForkManager module does not handle temporary files securely. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user...

[SECURITY] Fedora 18 Update: nodejs-vows-0.7.0-6.fc18

Vows is an asynchronous behavior-driven development BDD framework for Node.js. Vows was built from the ground up to test asynchronous code. It executes your tests in parallel when it makes sense, and sequentially when there are dependencies. Emphasis was put on speed of execution, clarity and use...

WPA Cluster Cracker: Moscrack

Moscrack WPA Cluster Cracker Moscrack facilitates the use of a WPA cracker on a cluster. Currently it works with Mosix clustering software, SSH, RSH and Pyrit. It works by reading a word list from STDIN or a file, breaking it into chunks and passing those chunks off to seperate processes that run...