Apple Patches Quicktime, Fixes 17 Vulnerabilities

Apple continued its recent parade of patches by releasing an update for Quicktime yesterday, fixing 17 different security vulnerabilities, several which could lead to remote code execution. The update, Quicktime 7.7.2, addresses critical issues in Quicktime for Windows 7, Vista and Windows XP SP2...

Adobe Releases Patch for Flash Bug Being Used in Targeted Attacks

Adobe has released a patch for a serious Flash vulnerability that is being used in targeted attacks right now. The updates fix the vulnerability in Windows, Mac, Linux and Android systems. There is an exploit in the wild that is targeting systems running vulnerable versions of Flash on Windows in...

Firefox 12 Debuts With Silent Update Mechanism

Mozilla has released version 12 of Firefox and the big change in the popular browser is the inclusion of a new update mechanism that will allow users to enable automatic updates that won’t require user interaction. The mechanism is similar to what Google Chrome has and is part of a trend toward...

Samba remote code execution vulnerability, Patch Released !

Samba remote code execution vulnerability, Patch Released ! Samba is an award-winning free software file, print and authentication server suite for Windows clients. The project was begun by Australian Andrew Tridgell. There is a serious remotely exploitable vulnerability in the Samba open-source...

New Java Exploits boosts BlackHole exploit kit

New Java Exploits boosts BlackHole exploit kit A widely disseminated exploit kit popular with hackers has been updated to take advantage of a recently discovered Java vulnerability. Researchers at Microsoft reported last week that it had observed this vulnerability being exploited in the wild. Th...

Struts2 and Webwork remote command execution vulnerability analysis-vulnerability warning-the black bar safety net

The vulnerability discovered by the publisher of the POC, and can not affect the xwork 2.1.2 prior to some versionthis version before some of the versions below will be collectively referred to as the old version, then called the new version, such as struts 2.0.14that is, the struts patch A N...

Secunia PSI 3.0 : Automatic Patching Of Insecure Applications

Secunia PSI 3.0 : Automatic Patching Of Insecure Applications Secunia Personal Software Inspector PSI is a free program that scans the system for programs that are installed in an outdated version.The developers have just released the first beta version of Secunia PSI 3.0 for Windows. A new versi...

SQL-Injection (Error-Patching) - Basic Lesson #1

Document Title: =============== SQL-Injection Error-Patching - Basic Lesson 1 References: =========== Download: http://www.vulnerability-lab.com/resources/videos/446.wmv View: http://www.youtube.com/watch?v=Yd6fu0X9epQ Release Date: ============= 2012-02-26 Vulnerability Laboratory ID VL-ID:...

SQL-Injection (Error-Patching) - Basic Lesson #1

Document Title: =============== SQL-Injection Error-Patching - Basic Lesson 1 References: =========== Download: http://www.vulnerability-lab.com/resources/videos/446.wmv View: http://www.youtube.com/watch?v=Yd6fu0X9epQ Release Date: ============= 2012-02-26 Vulnerability Laboratory ID VL-ID:...

Fedora 15 : java-1.6.0-openjdk-1.6.0.0-63.1.10.6.fc15 (2012-1721)

The update contains the following security fixes : - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700,...

State of SCADA Security 'Laughable', Researchers Say

CANCUN–For people who follow the developments in the security and research communities, it’s easy to get discouraged by the current state of affairs, given the rash of serious hacks on certificate authorities, military networks and companies such as RSA and VeriSign. But, if you think things are...

Market Fail: Regulations May Be Only Hope For Securing Critical Infrastructure

Threatpost’s exclusive interview with Ralph Langner continues, as our conversation shifts from the legacy of the Stuxnet worm to larger issues facing the critical infrastructure sector including mounting attacks, tensions between vendors and security researchers over responsible disclosure, and...

Zimbra Desktop 7.1.2 Script Injection

Title: ====== Zimbra Desktop v7.1.2 - Persistent Software Vulnerability Date: ===== 2012-01-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=378 VL-ID: ===== 378 Introduction: ============= The Zimbra offline client also Zimbra Desktop for Microsoft Windows, Apple Mac...

ColdFusion Zero day vulnerability : Remote File Disclosure of Password Hashes

ColdFusion Zero day vulnerability : Remote File Disclosure of Password Hashes Yesterday Blackhatacademy Released Fully automated MySQL5 boolean based enumeration tool. Today Another post expose the most critical ColdFusion vulnerability affects about a tenth of all ColdFusion servers at the...

OrderSys <= 1.6.4 Sql Injection Vulnerabilities

Dear All, I have found multiple sql injection vulnerabilities in OrderSys = 1.6.4. The vendor knows the vulnerabilities and he is fixing them as stated in the enclosed advisory. See also http://www.bioinformatics.org/phplabware/labwiki/index.php?page=releasenotes Since the developer is currently...

Apple To Fix iPad 2 Smart Cover Flaw with iOS 5.0.1

Apple will fix an iPad 2 security flaw with the upcoming 5.0.1 build of its iOS operating system, it’s been reported. The fix should solve a problem publicized last month with the device’s locking feature that could’ve let someone access the iPad by bypassing its Smart Cover. According to...

Concrete5 5.4.2.1 Cross Site Scripting / SQL Injection

Exploit Title: Concrete5 = 5.4.2.1 SQL Injection and XSS Vulnerabilities Date: 2011-10-04 Author: Ryan Dewhurst ryandewhurst at gmail @ethicalhack3r www.ethicalhack3r.co.uk Software Link: http://sourceforge.net/projects/concretecms/files/concrete5/5.4.2.1/ Version: 5.4.2.1 tested 1.Vulnerability...

Concrete5 CMS < 5.4.2.1 - Multiple Vulnerabilities

Exploit Title: Concrete5 = 5.4.2.1 SQL Injection and XSS Vulnerabilities Date: 2011-10-04 Author: Ryan Dewhurst ryandewhurst at gmail @ethicalhack3r www.ethicalhack3r.co.uk Software Link: http://sourceforge.net/projects/concretecms/files/concrete5/5.4.2.1/ Version: 5.4.2.1 tested 1.Vulnerability...

JagoanStore CMS Arbitary file upload vulnerability

Software: JagoanStore CMS Vendor: www.jagoanstore.com Price: Rp.900.000 IDR Vuln Type: Arbitary file upload Author: eidelweiss contact: eidelweissatwindowslivedotcom Home: www.eidelweiss-advisories.blogspot.com Gratz: Devilzc0de, YOGYACARDERLINK, and YOU !!! References:...

Planeteria Design ASP SQL Injection

+------------------------------------------------------------------------------------------+ |------------------ Planeteria Design ASP MsSQL Injection Vulnerability -----------------| +------------------------------------------------------------------------------------------+ + Google Dork :...