2293 matches found
BlackHole RAT : Mac OS X backdoor Trojan !
'BlackHole' is the latest remote administration tool RAT and is available both in Windows and Mac. Hacktool such RAT employs client-server program that communicates to its victim's machine through its trojan server. The server application is installed on the victim while the client application is...
New BIND Bug Can Cause Remote Server DoS
There is a severe vulnerability in the widely deployed BIND DNS software that can allow an attacker to force a remote server to freeze and stop processing requests. The bug is in several recent versions of the BIND software. BIND is a very popular DNS package that’s maintained by the Internet...
White House E-Card Scam Part of Larger Zeus-Related Attack !
The simplistic spam campaign that hit around Christmas and purported to be a holiday greeting from the White House not only included a piece of Zeus-related malware that searches hard drives for documents and uploads them to a remote server, but also appears to be connected to a similar attack fr...
White House E-Card Scam Part of Larger Zeus-Related Attack
The simplistic spam campaign that hit around Christmas and purported to be a holiday greeting from the White House not only included a piece of Zeus-related malware that searches hard drives for documents and uploads them to a remote server, but also appears to be connected to a similar attack fr...
Geinimi Trojan targets Android devices !
A data-stealing Trojan affecting Android devices has emerged in China. The Geinimi Trojan sends location co-ordinates, unique device identifiers, and a list of installed apps on the infected device to a remote server. Additionally, it can independently download applications and prompts the user t...
FlexVision Agent Listener Information Disclosure
===== Tempest Security Intelligence - Advisory 02 / 2010 ============= Information Disclosure Vulnerability in FlexVision Agent Listener ----------------------------------------------------------------- Authors: Victor Ribeiro Hora Tempest Security Intelligence - Brazil ===== Table of Contents...
cformsII Plugin for WordPress 'rs' Parameter XSS
The version of the cformsII plugin for WordPress hosted on the remote web server fails to sanitize user-supplied input to the 'rs' parameter of the 'libajax.php' script before using it to generate dynamic HTML output. An attacker can leverage this issue to inject arbitrary HTML or script code int...
HTTP Origin Response Header Usage
The remote web server sets an Origin response header in some responses. Origin has been proposed as a way to mitigate cross-site request forgery and JSON data theft. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
CVE-2010-3903
Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service application crash via a 404 HTTP status code...
CVE-2010-3098
Directory traversal vulnerability in IoRush Software FTP Rush 1.1.3 and possibly earlier allows remote FTP servers to overwrite arbitrary files via a ".." dot dot backslash in a filename...
httpdx 1.5.4 - Multiple Denial of Service Vulnerabilities (http-ftp) (PoC)
httpdx 1.5.4 - Multiple Denial of Service Vulnerabilities http-ftp PoC !/usr/bin/env python Title: httpdx v1.5.4 Remote HTTP Server DoS 0day By: DrIDE Tested: XPSP3 Download: http://httpdx.sourceforge.net Note: Server will totally crash if only running the EXE Note: Get a "ffs what happened?"...
Bugzilla < 3.2.8 / 3.4.8 / 3.6.2 / 3.7.3 Multiple Vulnerabilities
Binary data 5627.prm...
Authentication flaw
The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute...
Microsoft to Issue Emergency Patch for Critical Windows Flaw
Microsoft will issue an out-of-band patch on Monday for a critical vulnerability in all of the current versions of Windows. The company didn’t identify which flaw it will be patching, but the description of the vulnerability is a close match to the LNK flaw that attackers have been exploiting for...
Memory corruption
Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service memory corruption or possibly have unspecified other...
Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow
Source: http://aluigi.org/adv/grawful-adv.txt Luigi Auriemma Applications: Ghost Recon Advanced Warfighter Ghost Recon Advanced Warfighter 2 http://ghostrecon.us.ubi.com/graw2/ Versions: GRAW = 1.35 GRAW2 = 1.05 Platforms: Windows Bugs: A interger overflow B Array indexing overflow Exploitation:...
Splunk 4.0.x < 4.0.11 / 4.1.x < 4.1.2 Directory Traversal
The Splunk Web hosted on the remote web server is 4.0.x prior to 4.0.11 or 4.1.x prior to 4.1.2. It is, therefore, affected by a directory traversal vulnerability due to a failure to properly validate user-specified file names before returning the contents of the file. A remote, unauthenticated...
CVE-2010-2253
lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . dot character, which allows remote servers to create or overwrite files via 1 a 3xx redirect to a URL with a crafted filename or 2 a Content-Disposition header that suggests a crafted filename, and...
CVE-2008-4389
Symantec AppStream 5.2.x and Symantec Workspace Streaming SWS 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via...
kernel: nfsv4: kernel panic in nfs4_proc_lock()
The nfs4proclock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service NULL pointer dereference and panic by sending a certain response containing incorrect file attributes, which trigger attempted use of an...