Lucene search
K

2293 matches found

The Hacker News
The Hacker News
added 2011/02/26 5:3 a.m.7 views

BlackHole RAT : Mac OS X backdoor Trojan !

'BlackHole' is the latest remote administration tool RAT and is available both in Windows and Mac. Hacktool such RAT employs client-server program that communicates to its victim's machine through its trojan server. The server application is installed on the victim while the client application is...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2011/02/25 3:21 p.m.19 views

New BIND Bug Can Cause Remote Server DoS

There is a severe vulnerability in the widely deployed BIND DNS software that can allow an attacker to force a remote server to freeze and stop processing requests. The bug is in several recent versions of the BIND software. BIND is a very popular DNS package that’s maintained by the Internet...

7.1CVSS0.4AI score0.13598EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2011/01/05 1:25 a.m.5 views

White House E-Card Scam Part of Larger Zeus-Related Attack !

The simplistic spam campaign that hit around Christmas and purported to be a holiday greeting from the White House not only included a piece of Zeus-related malware that searches hard drives for documents and uploads them to a remote server, but also appears to be connected to a similar attack fr...

6.4AI score
Exploits0
ThreatPost
ThreatPost
added 2011/01/04 3:44 p.m.8 views

White House E-Card Scam Part of Larger Zeus-Related Attack

The simplistic spam campaign that hit around Christmas and purported to be a holiday greeting from the White House not only included a piece of Zeus-related malware that searches hard drives for documents and uploads them to a remote server, but also appears to be connected to a similar attack fr...

7AI score
Exploits0References3
The Hacker News
The Hacker News
added 2011/01/02 12:20 a.m.9 views

Geinimi Trojan targets Android devices !

A data-stealing Trojan affecting Android devices has emerged in China. The Geinimi Trojan sends location co-ordinates, unique device identifiers, and a list of installed apps on the infected device to a remote server. Additionally, it can independently download applications and prompts the user t...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2010/12/24 12:0 a.m.42 views

FlexVision Agent Listener Information Disclosure

===== Tempest Security Intelligence - Advisory 02 / 2010 ============= Information Disclosure Vulnerability in FlexVision Agent Listener ----------------------------------------------------------------- Authors: Victor Ribeiro Hora Tempest Security Intelligence - Brazil ===== Table of Contents...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/11/08 12:0 a.m.43 views

cformsII Plugin for WordPress 'rs' Parameter XSS

The version of the cformsII plugin for WordPress hosted on the remote web server fails to sanitize user-supplied input to the 'rs' parameter of the 'libajax.php' script before using it to generate dynamic HTML output. An attacker can leverage this issue to inject arbitrary HTML or script code int...

4.3CVSS5.6AI score0.04285EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2010/10/26 12:0 a.m.40 views

HTTP Origin Response Header Usage

The remote web server sets an Origin response header in some responses. Origin has been proposed as a way to mitigate cross-site request forgery and JSON data theft. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...

5.2AI score
Exploits0References3
OSV
OSV
added 2010/10/14 5:58 a.m.7 views

CVE-2010-3903

Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service application crash via a 404 HTTP status code...

6.4AI score
Exploits0References1
NVD
NVD
added 2010/08/20 8:0 p.m.11 views

CVE-2010-3098

Directory traversal vulnerability in IoRush Software FTP Rush 1.1.3 and possibly earlier allows remote FTP servers to overwrite arbitrary files via a ".." dot dot backslash in a filename...

9.3CVSS6.8AI score0.0152EPSS
Exploits0References2
exploitpack
exploitpack
added 2010/08/18 12:0 a.m.17 views

httpdx 1.5.4 - Multiple Denial of Service Vulnerabilities (http-ftp) (PoC)

httpdx 1.5.4 - Multiple Denial of Service Vulnerabilities http-ftp PoC !/usr/bin/env python Title: httpdx v1.5.4 Remote HTTP Server DoS 0day By: DrIDE Tested: XPSP3 Download: http://httpdx.sourceforge.net Note: Server will totally crash if only running the EXE Note: Get a "ffs what happened?"...

7.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/08/13 12:0 a.m.28 views

Bugzilla < 3.2.8 / 3.4.8 / 3.6.2 / 3.7.3 Multiple Vulnerabilities

Binary data 5627.prm...

6.5CVSS6.8AI score0.02046EPSS
Exploits0References5
Prion
Prion
added 2010/08/10 12:23 p.m.13 views

Authentication flaw

The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute...

9.3CVSS8.2AI score0.02715EPSS
Exploits0References4Affected Software1
ThreatPost
ThreatPost
added 2010/07/31 4:7 a.m.22 views

Microsoft to Issue Emergency Patch for Critical Windows Flaw

Microsoft will issue an out-of-band patch on Monday for a critical vulnerability in all of the current versions of Windows. The company didn’t identify which flaw it will be patching, but the description of the vulnerability is a close match to the LNK flaw that attackers have been exploiting for...

0.8AI score
Exploits0References6
Prion
Prion
added 2010/07/22 5:42 a.m.20 views

Memory corruption

Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service memory corruption or possibly have unspecified other...

7.5CVSS7.8AI score0.02252EPSS
Exploits0References15Affected Software2
Exploit DB
Exploit DB
added 2010/07/08 12:0 a.m.35 views

Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow

Source: http://aluigi.org/adv/grawful-adv.txt Luigi Auriemma Applications: Ghost Recon Advanced Warfighter Ghost Recon Advanced Warfighter 2 http://ghostrecon.us.ubi.com/graw2/ Versions: GRAW = 1.35 GRAW2 = 1.05 Platforms: Windows Bugs: A interger overflow B Array indexing overflow Exploitation:...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/07/07 12:0 a.m.42 views

Splunk 4.0.x < 4.0.11 / 4.1.x < 4.1.2 Directory Traversal

The Splunk Web hosted on the remote web server is 4.0.x prior to 4.0.11 or 4.1.x prior to 4.1.2. It is, therefore, affected by a directory traversal vulnerability due to a failure to properly validate user-specified file names before returning the contents of the file. A remote, unauthenticated...

7.5CVSS5.5AI score0.02642EPSS
Exploits0References4
OSV
OSV
added 2010/07/06 5:17 p.m.4 views

CVE-2010-2253

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . dot character, which allows remote servers to create or overwrite files via 1 a 3xx redirect to a URL with a crafted filename or 2 a Content-Disposition header that suggests a crafted filename, and...

7.2AI score
Exploits0References10
Cvelist
Cvelist
added 2010/06/17 4:0 p.m.17 views

CVE-2008-4389

Symantec AppStream 5.2.x and Symantec Workspace Streaming SWS 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via...

6.9AI score0.02477EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2010/06/15 11:50 p.m.4 views

kernel: nfsv4: kernel panic in nfs4_proc_lock()

The nfs4proclock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service NULL pointer dereference and panic by sending a certain response containing incorrect file attributes, which trigger attempted use of an...

7.8CVSS7.2AI score0.12EPSS
Exploits1References4
Rows per page
Query Builder