2293 matches found
CVE-2011-3171
Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors...
SuSE 10 Security Update : pure-ftpd (ZYPP Patch Number 7723)
The OES Netware add-ons in pure-ftpd had a security problem and some bugs, which are fixed by this update. A local attacker could overwrite local files when the OES remote server feature of pure-ftpd is enabled due to a directory traversal. CVE-2011-3171 Additionally the following bugs have been...
http-put NSE Script
Uploads a local file to a remote web server using the HTTP PUT method. You must specify the filename and URL path with NSE arguments. Script Arguments http-put.file - The full path to the local file that should be uploaded to the server http-put.url - The remote directory and filename to store...
Mass Injection Attack Targets ASP.NET Sites
There is yet another large-scale injection attack going on right now, with nearly 200,000 pages affected so far. The compromised pages are serving visitors with malicious code that sends them off to a remote server for installation of malware. The attack is the latest in a series of similar...
Advisory for MS11-035 / ZDI-11-167
Luigi Auriemma Application: Microsoft WINS service http://www.microsoft.com Versions: = 5.2.3790.4520 Platforms: Windows Bug: arbitrary memory corruption Exploitation: remote, versus server Date: found 21 Oct 2010 patched 10 May 2011 advisory 13 Sep 2011 Author: Luigi Auriemma e-mail:...
Debian: Security Advisory (DSA-2276-2)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CA security finds Android Trojan which records phone calls
CA security finds Android Trojan which records phone calls A new Android Trojan is capable of recording phone conversations, according to a CA security researcher. The trojan is triggered when the Android device places or receives a phone call. It saves the audio file and related information to t...
CA security finds Android Trojan which records phone calls
CA security finds Android Trojan which records phone calls A new Android Trojan is capable of recording phone conversations, according to a CA security researcher. The trojan is triggered when the Android device places or receives a phone call. It saves the audio file and related information to t...
DSA-2276-1 asterisk - multiple issues
Bulletin has no description...
Fedora 13 : rdesktop-1.6.0-10.fc13 (2011-7694)
This update fixes a security issue in rdesktop 1.6.0. A directory traversal flaw was found in the way rdesktop shared a local path with a remote server. If a user connects to a malicious server with rdesktop, the server could use this flaw to cause rdesktop to read and write to arbitrary, local...
DroidDream Returns, Dozens of Apps Pulled From Android Market
Researchers have identified a second large batch of apps in the Android Market that have been infected with the DroidDream malware, estimating that upwards of 30,000 users have downloaded at least one of the more than 30 infected apps. Google has removed the apps from the market. There are at lea...
Nmap NSE net: smb-enum-processes
Pulls a list of processes from the remote server over SMB. This will determine all running processes, their process IDs, and their parent processes. It is done by querying the remote registry service, which is disabled by default on Vista; on all other Windows versions, it requires Administrator...
Anonymous SMTP Authentication Enabled
This SMTP service allows anonymous authentication. Any remote user may connect and authenticate without providing a password or unique credentials. This may effectively turn the remote server into an open mail relay. C Tenable Network Security, Inc. include"compat.inc"; if description...
EgY SpIdEr ShElL : Shell strongest in the history the hacker !
Sites get hacked every day. The bad guys often install a toolkit to control remote servers effectively. Here is one called EgY SpIdEr ShElL: When logging in, you get a quick overview of the machine with what services are running, as well as some hardware specs.: The toolkit provides you with...
SPlayer 3.7 Buffer Overflow
!/usr/bin/python Exploit Title: SPlayer Software Link: http://www.splayer.org/index.en.html Versions: URL ctrl+u ... 3. Input the server URL and Click OK ... 4. Boom!/calc ... Method 2: 1. Execute this script ... 2. Launch SPlayer and click Open ctrl+o ... 3. Browse to any playlist file m3u, pls ...
SPlayer 3.7 (build 2055) - Remote Buffer Overflow
SPlayer 3.7 build 2055 - Remote Buffer Overflow !/usr/bin/python Exploit Title: SPlayer Software Link: http://www.splayer.org/index.en.html Versions: URL ctrl+u ... 3. Input the server URL and Click OK ... 4. Boom!/calc ... Method 2: 1. Execute this script ... 2. Launch SPlayer and click Open...
SPlayer 3.7 (build 2055) - Remote Buffer Overflow
!/usr/bin/python Exploit Title: SPlayer Software Link: http://www.splayer.org/index.en.html Versions: URL ctrl+u ... 3. Input the server URL and Click OK ... 4. Boom!/calc ... Method 2: 1. Execute this script ... 2. Launch SPlayer and click Open ctrl+o ... 3. Browse to any playlist file m3u, pls ...
CVE-2011-1097
rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service heap memory corruption and application crash or possibly execute arbitrary code via malformed data...
WebKit 1.2.x - Local Webpage Cross Domain Information Disclosure
source: https://www.securityfocus.com/bid/46816/info WebKit is prone to a cross-domain scripting vulnerability because it fails to properly enforce the same-origin policy. Successfully exploiting this issue will allow attackers to send the content of arbitrary files from the user's system to a...
Apache Derby 'BUILTIN' Authentication Insecure Password Hashing
According to its self-reported version number, the installation of Apache Derby running on the remote server performs a transformation on passwords that removes half the bits from most of the characters before hashing. This leads to a large number of hash collisions, letting passwords be easily...