2294 matches found
FTGate 2009 Build 6.4.00 - Multiple Vulnerabilities
Exploit for php platform in category web applications Vendor: ================================ www.ftgate.com Product: ======================================== FTGate 2009 SR3 May 13 2010 Build 6.4.00 Vulnerability Type: ================================= Cross site request forgery CSRF CVE...
Kirby CMS 2.1.0 - CSRF Content Upload and PHP Script Execution Vulnerability
Exploit for php platform in category web applications ============================================= - Release date: 14.09.2015 - Discovered by: Dawid Golunski - Severity: High ============================================= I. VULNERABILITY ------------------------- Kirby CMS = 2.1.0 CSRF Content...
F5 BIG-IP - OpenSSL vulnerability CVE-2015-1791
The remote host is missing a security patch. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if description...
Analysis of the latest firefox 0day attack-vulnerability warning-the black bar safety net
! /Article/UploadPic/2015-8/2015813114114594.jpg The Mozilla Foundation in the 8 May 6, as Firefox released a security update to fix the Firefox embedded PDF reader pdf. js in the cve-2 0 1 5-4 4 9 5 vulnerability. The vulnerability allows an attacker to bypass the same origin policy,in the local...
dhcpcd Denial of Service Vulnerability
dhcpcd is an RFC2131 and RFC1541 compliant DHCP client daemon for automatic configuration of IPv4 networks. A denial of service vulnerability exists in dhcpcd that allows a remote DHCP server to execute arbitrary code or cause a denial of service via a crafted message...
phpLiteAdmin v1.1 CSRF & XSS Vulnerabilities
Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPLITEADMIN0705.txt Vendor: ================================ bitbucket.org/phpliteadmin Product: ================================ phpLiteAdmin v1.1 Advisory Information:...
Desktop Client: Improper validation of certificates when using self-signed certificates
The ownCloud Desktop Client was vulnerable against MITM attacks until version 1.8.2 in combination with self-signed certificates. To be exploitable the following conditions have to be met: The connection to the remote ownCloud server must be secured using a self-signed certificate which the user...
Ruby Web Applications Vulnerability Scanner: Yasuo
Ruby Web Applications Vulnerability Scanner Yasuo is a ruby script that scans for vulnerable 3rd-party web applications While working on a network security assessment internal, external, redteam gigs etc., we often come across vulnerable 3rd-party web applications or web front-ends that allow us ...
YASUO - Scans for Vulnerable & Exploitable 3rd-party Web Applications
Yasuo is a ruby script that scans for vulnerable 3rd-party web applications. While working on a network security assessment internal, external, redteam gigs etc., we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiti...
[SECURITY] Fedora 22 Update: postgresql-9.4.2-1.fc22
PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...
CVE-2015-3153
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents...
IBM Domino 8.5.x < 8.5.3 Fix Pack 6 Interim Fix 4 GIF Code Execution (credentialed check)
The version of IBM Domino formerly IBM Lotus Domino installed on the remote host is 8.5.x prior to 8.5.3 Fix Pack 6 FP6 Interim Fix 4 IF4. It is, therefore, potentially affected by an integer truncation error when processing GIF files. A remote attacker, using a crafted GIF file, could exploit th...
libssh2: out-of-bounds read
When negotiating a new SSH session with a remote server, one of libssh2's functions for doing the key exchange kexagreemethods was naively reading data from the incoming packet and using it without doing sufficient range checks. The SSHMSGKEXINIT packet arrives to libssh2 with a set of strings,...
Mandriva Linux Security Advisory : libssh2 (MDVSA-2015:148-1)
Updated libssh2 packages fix security vulnerability : Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSHMSGKEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in t...
[SECURITY] Fedora 21 Update: duplicity-0.6.25-3.fc21
Duplicity incrementally backs up files and directory by encrypting tar-format volumes with GnuPG and uploading them to a remote or local file server. In theory many protocols for connecting to a file server could be supported; so far ssh/scp, local file access, rsync, ftp, HSI, WebDAV and Amazon ...
[SECURITY] Fedora 20 Update: duplicity-0.6.25-3.fc20
Duplicity incrementally backs up files and directory by encrypting tar-format volumes with GnuPG and uploading them to a remote or local file server. In theory many protocols for connecting to a file server could be supported; so far ssh/scp, local file access, rsync, ftp, HSI, WebDAV and Amazon ...
[SECURITY] [DSA 3182-1] libssh2 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3182-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 11, 2015 http://www.debian.org/security/faq -...
DSA-3182-1 libssh2 - security update
Bulletin has no description...
ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities
Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Petri Iivonen Contact: petri.iivonenattmbcgovuk Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montala Limited Vendor url: www.resourcespace.org Software:...
PuttyRider - Hijack Putty sessions in order to sniff conversation and inject Linux commands
PuttyRider injects a DLL into a running putty.exe process in order to sniff all communication and inject Linux commands on the remote server. This can be useful in an internal penetration test when you already have access to a sysadmin’s machine who has a Putty session open to a Linux server. You...