2293 matches found
Security Firms Warn Users of Fake Java Updates
It’s really starting to feel like we’re piling on the perennially vulnerable, industry punching bag that is Java. That said, GFI Labs and other security firms are warning their users to be wary of malicious fake Java updaters taking advantage of all the patches Oracle had to ship last week. Trend...
WSO manager edition 1.0
Сделан на основе WSO manager на файлах | WSO web-shells manager edition files - no MySql & etc. Данная утилита предназначенна для системных администраторов для удаленного управления своими серверами. Любое незаконное использование скрипта преследуется по закону. было: 1. Добавление шеллов по...
Authentication flaw
The httpnegotiatecreatecontext function in protocol/http/httpnegotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials...
FireFly Mediaserver 1.0.0.1359 - Null Pointer Dereference
FireFly Mediaserver 1.0.0.1359 - Null Pointer Dereference Advisory ID: HTB23129 Product: FireFly Mediaserver Vendor: FireFly Vulnerable Versions: 1.0.0.1359 and probably prior Tested Version: 1.0.0.1359 in Windows 7 SP1 Vendor Notification: November 21, 2012 Public Disclosure: December 19, 2012...
FireFly Mediaserver 1.0.0.1359 NULL Pointer Dereference
Advisory ID: HTB23129 Product: FireFly Mediaserver Vendor: FireFly Vulnerable Versions: 1.0.0.1359 and probably prior Tested Version: 1.0.0.1359 in Windows 7 SP1 Vendor Notification: November 21, 2012 Public Disclosure: December 19, 2012 Vulnerability Type: NULL Pointer Dereference CWE-476 CVE...
kernel: nfs4_getfacl decoding kernel oops
The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service OOPS by sending an excessive number of bitmap words...
New Linux Rootkit Emerges
A new Linux rootkit has emerged and researchers who have analyzed its code and operation say that the malware appears to be a custom-written tool designed to inject iframes into Web sites and drive traffic to malicious sites for drive-by download attacks. The rootkit is designed specifically for...
New OSX/Imuler Variant Targeting Tibetan Activists
Researchers over at Intego have recently discovered a new variant of OSX/Imuler the data-stealing Mac malware, detected as OSX/Imuler.E which is believed to be targeting Tibetan rights activists. "This backdoor Trojan family was first discovered in September 2011 as a Mac PDF Trojan horse and has...
Fake Lookout android app stealing your SMS and MMS messages
Android's App store is currently facing a new dilemma as its security has been compromised once again. Researchers from security firm TrustGo have recently spotted on Google Play a bogus app that supposedly automatizes the updating of a batch of other apps. The malicious code was hidden within an...
CVE-2012-4672
CVE-2012-4672 corresponds to Apple iChat Server, which is based on jabberd14. The issue is that the server does not verify that a request was made for an XMPP Server Dialback response, allowing a remote XMPP server to spoof domains via responses for domains that were not asserted. This is a fault...
Scientific Linux Security Update : ntp on SL4.x i386/x86_64
A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially crafted request packet that could crash ntpd or, potentially, execut...
Scientific Linux Security Update : python on SL4.x, SL5.x i386/x86_64
A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the 'file://' URL type. This...
CVE-2012-1963
The Content Security Policy CSP functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violatio...
cPanel WHM v11.32.4 b9 - Persistent Web Vulnerability
Document Title: =============== cPanel WHM v11.32.4 b9 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=665 Release Date: ============= 2012-07-15 Vulnerability Laboratory ID VL-ID: ==================================== 665...
cPanel WHM v11.32.4 b9 - Persistent Web Vulnerability
Document Title: =============== cPanel WHM v11.32.4 b9 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=665 Release Date: ============= 2012-07-15 Vulnerability Laboratory ID VL-ID: ==================================== 665...
VAMCart-InternetShop v0.9 (TinyBrowser) File Upload Code Execution
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
BeanShell Remote Server Mode Arbitrary Code Execution
The remote host is running a BeanShell interpreter in remote server mode. This allows network clients to connect to the interpreter and execute BeanShell commands and arbitrary Java code. A remote, unauthenticated attacker could exploit this to execute arbitrary code. %NASLMINLEVEL 70300 C Tenabl...
OSX/iWorkS-A Trojan
2009 Discovered by Symantec in 2009, iWorkS was first identified in a version of the iWork 09 suite that popped up on file sharing sites with a trojan horse added to the installer. The incident was noteworthy for a few reasons: iWork is and was a fairly popular software suite, and, according to...
IBM Tivoli Directory Server Web Administration Tool Detection
IBM Tivoli Directory Server Web Administration Tool, a web interface for managing IBM Tivoli Directory Server, was detected on the remote web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid58815; scriptversion"1.6";...
CVE-2012-1180
CVE-2012-1180 affects nginx older branches: use-after-free in memory handling allows a remote HTTP server to obtain sensitive information from process memory via a crafted backend response in conjunction with a client request. Affected: nginx before 1.0.14 and 1.1.x before 1.1.17. Impact details ...