Lucene search
K

2293 matches found

ThreatPost
ThreatPost
added 2013/01/21 7:4 p.m.12 views

Security Firms Warn Users of Fake Java Updates

It’s really starting to feel like we’re piling on the perennially vulnerable, industry punching bag that is Java. That said, GFI Labs and other security firms are warning their users to be wary of malicious fake Java updaters taking advantage of all the patches Oracle had to ship last week. Trend...

7.4AI score
Exploits0References12
rdot
rdot
added 2013/01/21 12:0 a.m.506 views

WSO manager edition 1.0

Сделан на основе WSO manager на файлах | WSO web-shells manager edition files - no MySql & etc. Данная утилита предназначенна для системных администраторов для удаленного управления своими серверами. Любое незаконное использование скрипта преследуется по закону. было: 1. Добавление шеллов по...

7.3AI score
Exploits0
Prion
Prion
added 2013/01/03 1:55 a.m.10 views

Authentication flaw

The httpnegotiatecreatecontext function in protocol/http/httpnegotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials...

5.1CVSS7AI score0.0191EPSS
Exploits0References8Affected Software1
exploitpack
exploitpack
added 2012/12/21 12:0 a.m.29 views

FireFly Mediaserver 1.0.0.1359 - Null Pointer Dereference

FireFly Mediaserver 1.0.0.1359 - Null Pointer Dereference Advisory ID: HTB23129 Product: FireFly Mediaserver Vendor: FireFly Vulnerable Versions: 1.0.0.1359 and probably prior Tested Version: 1.0.0.1359 in Windows 7 SP1 Vendor Notification: November 21, 2012 Public Disclosure: December 19, 2012...

5CVSS0.3AI score0.10814EPSS
Exploits6
Packet Storm
Packet Storm
added 2012/12/20 12:0 a.m.49 views

FireFly Mediaserver 1.0.0.1359 NULL Pointer Dereference

Advisory ID: HTB23129 Product: FireFly Mediaserver Vendor: FireFly Vulnerable Versions: 1.0.0.1359 and probably prior Tested Version: 1.0.0.1359 in Windows 7 SP1 Vendor Notification: November 21, 2012 Public Disclosure: December 19, 2012 Vulnerability Type: NULL Pointer Dereference CWE-476 CVE...

5CVSS0.3AI score0.10814EPSS
Exploits6
RedHat Linux
RedHat Linux
added 2012/12/04 8:26 p.m.4 views

kernel: nfs4_getfacl decoding kernel oops

The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service OOPS by sending an excessive number of bitmap words...

4.6CVSS6.7AI score0.00775EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2012/11/20 3:18 p.m.49 views

New Linux Rootkit Emerges

A new Linux rootkit has emerged and researchers who have analyzed its code and operation say that the malware appears to be a custom-written tool designed to inject iframes into Web sites and drive traffic to malicious sites for drive-by download attacks. The rootkit is designed specifically for...

0.3AI score
Exploits0References4
The Hacker News
The Hacker News
added 2012/11/12 8:41 p.m.6 views

New OSX/Imuler Variant Targeting Tibetan Activists

Researchers over at Intego have recently discovered a new variant of OSX/Imuler the data-stealing Mac malware, detected as OSX/Imuler.E which is believed to be targeting Tibetan rights activists. "This backdoor Trojan family was first discovered in September 2011 as a Mac PDF Trojan horse and has...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2012/10/19 3:52 p.m.12 views

Fake Lookout android app stealing your SMS and MMS messages

Android's App store is currently facing a new dilemma as its security has been compromised once again. Researchers from security firm TrustGo have recently spotted on Google Play a bogus app that supposedly automatizes the updating of a batch of other apps. The malicious code was hidden within an...

7AI score
Exploits0
CVE
CVE
added 2012/08/25 4:0 p.m.47 views

CVE-2012-4672

CVE-2012-4672 corresponds to Apple iChat Server, which is based on jabberd14. The issue is that the server does not verify that a request was made for an XMPP Server Dialback response, allowing a remote XMPP server to spoof domains via responses for domains that were not asserted. This is a fault...

5.8CVSS6.3AI score0.00831EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.31 views

Scientific Linux Security Update : ntp on SL4.x i386/x86_64

A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially crafted request packet that could crash ntpd or, potentially, execut...

6.8CVSS7.1AI score0.21123EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.35 views

Scientific Linux Security Update : python on SL4.x, SL5.x i386/x86_64

A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the 'file://' URL type. This...

6.4CVSS7.4AI score0.27924EPSS
Exploits3References7
UbuntuCve
UbuntuCve
added 2012/07/17 12:0 a.m.21 views

CVE-2012-1963

The Content Security Policy CSP functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violatio...

4.3CVSS7.2AI score0.01612EPSS
Exploits0References4
Vulnerability Lab
Vulnerability Lab
added 2012/07/15 12:0 a.m.36 views

cPanel WHM v11.32.4 b9 - Persistent Web Vulnerability

Document Title: =============== cPanel WHM v11.32.4 b9 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=665 Release Date: ============= 2012-07-15 Vulnerability Laboratory ID VL-ID: ==================================== 665...

7.1AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2012/07/15 12:0 a.m.75 views

cPanel WHM v11.32.4 b9 - Persistent Web Vulnerability

Document Title: =============== cPanel WHM v11.32.4 b9 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=665 Release Date: ============= 2012-07-15 Vulnerability Laboratory ID VL-ID: ==================================== 665...

Exploits0
0day.today
0day.today
added 2012/05/30 12:0 a.m.32 views

VAMCart-InternetShop v0.9 (TinyBrowser) File Upload Code Execution

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/05/03 12:0 a.m.55 views

BeanShell Remote Server Mode Arbitrary Code Execution

The remote host is running a BeanShell interpreter in remote server mode. This allows network clients to connect to the interpreter and execute BeanShell commands and arbitrary Java code. A remote, unauthenticated attacker could exploit this to execute arbitrary code. %NASLMINLEVEL 70300 C Tenabl...

6AI score
Exploits0References1
ThreatPost
ThreatPost
added 2012/04/27 2:34 p.m.7 views

OSX/iWorkS-A Trojan

2009 Discovered by Symantec in 2009, iWorkS was first identified in a version of the iWork 09 suite that popped up on file sharing sites with a trojan horse added to the installer. The incident was noteworthy for a few reasons: iWork is and was a fairly popular software suite, and, according to...

1.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/04/20 12:0 a.m.26 views

IBM Tivoli Directory Server Web Administration Tool Detection

IBM Tivoli Directory Server Web Administration Tool, a web interface for managing IBM Tivoli Directory Server, was detected on the remote web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid58815; scriptversion"1.6";...

5.4AI score
Exploits0References1
CVE
CVE
added 2012/04/17 9:0 p.m.121 views

CVE-2012-1180

CVE-2012-1180 affects nginx older branches: use-after-free in memory handling allows a remote HTTP server to obtain sensitive information from process memory via a crafted backend response in conjunction with a client request. Affected: nginx before 1.0.14 and 1.1.x before 1.1.17. Impact details ...

5CVSS5.7AI score0.10417EPSS
Exploits1References21Affected Software1
Rows per page
Query Builder