Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure

This module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003 and CAS 2007, 2010, and 2013 servers. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Outlook Web App OWA ...

Multiple Websense Product Data Security Module Page Cross-Site Scripting Vulnerabilities

Websense, Inc. NASDAQ: WBSN is the world's leading provider of integrated Web, information and data security protection solutions. Multiple Websense product data security module page cross-site scripting vulnerabilities due to the program failing to properly filter user-supplied input. The...

[SECURITY] Fedora 22 Update: python-urllib3-1.10.2-1.fc22

Python HTTP module with connection pooling and file POST abilities...

Detours to modify the paragraph properties of vulnerability-vulnerability warning-the black bar safety net

Detours to modify the paragraph properties of the vulnerability Affected Software and systems Detours3. 0 and previous versions Description This issue will be its positioning as a vulnerability may be less suitable, the more likely that Detours a BUG, but because the defect will cause the exploit...

DS3 Authentication Server - Multiple Vulnerabilities

No description provided by source. Original: http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt =============================== - Advisory - =============================== Tittle: DS3 Authentication Server - Command Execution Post Authentication & other minor issues Risk: High Date:...

Apple Updates iOS Security Guide

Apple rarely offers anyone a glimpse inside its walled-off security garden. The last time it did was in the spring of 2012 when it released a detailed paper on the security of its iOS operating system for iPhones and iPads. The company also presented a much-anticipated if not anticlimactic...

CVE-2013-2197

The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service CPU consumption via a large number of failed login attempts...

Novell Client 4.91 SP4 nwfs.sys Local Privilege Escalation

This module exploits a flaw in the nwfs.sys driver to overwrite data in kernel space. The corruption occurs while handling ioctl requests with code 0x1438BB, where a 0x00000009 dword is written to an arbitrary address. An entry within the HalDispatchTable is overwritten in order to execute...

DS3 Authentication Server Command Execution

Original: http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt =============================== - Advisory - =============================== Tittle: DS3 Authentication Server - Command Execution Post Authentication & other minor issues Risk: High Date: 27.May.2013 Author: Pedro Andujar .:...

Design/Logic Flaw

Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module XSM is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to injec...

Potential use of freed memory in event channel operations

ISSUE DESCRIPTION Wrong ordering of operations upon extending the per-domain event channel tracking table can cause a pointer to freed memory to be left in place, when the hypervisor is under memory pressure and XSM Xen Security Module is enabled. IMPACT Malicious guest kernels could inject...

Design/Logic Flaw

The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances ASA devices, and Prime Security Manager aka PRSM before 9.0.2-103, allows remote attackers to cause a denial of service disk consumption and application hang via unspecified IPv4 packets that trigger...

CVE-2012-4629

The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances ASA devices, and Prime Security Manager aka PRSM before 9.0.2-103, allows remote attackers to cause a denial of service disk consumption and application hang via unspecified IPv4 packets that trigger...

SA-CONTRIB-2012-135 - CAPTCHA - Insufficient anti-automation prevention

This module enables you to protect website forms using a CAPTCHA. A CAPTCHA is a test which attempts to differentiate between a human and an automated bot or script. The module doesn't ensure that test submissions have a single-use unique token. This means that web robots could reuse a single...

[SECURITY] [DSA 2506-1] libapache-mod-security security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2506-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez July 02, 2012 http://www.debian.org/security/faq -...

Debian DSA-2506-1 : libapache-mod-security - ModSecurity bypass

Qualys Vulnerability & Malware Research Labs discovered a vulnerability in ModSecurity, a security module for the Apache webserver. In situations where both 'Content:Disposition: attachment' and 'Content-Type: multipart' were present in HTTP headers, the vulnerability could allow an attacker to...

CVE-2012-1799

The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password...

CVE-2012-1800

The CVE-2012-1800 entry concerns a stack-based buffer overflow in the Profinet DCP protocol stack of Siemens Scalance S Security Module firewalls (models S602 V2, S612 V2, S613 V2) prior to firmware 2.3.0.3. The flaw allows remote attackers, via a crafted DCP frame, to cause a denial of service o...

CVE-2012-1799

CVE-2012-1799 affects Siemens Scalance S Security Module firewalls S602 V2, S612 V2, and S613 V2 prior to firmware version 2.3.0.3. The web server does not limit the rate of authentication attempts, enabling remote attackers to conduct brute-force attacks to obtain administrative access. Connecte...

NAT-PMP Port Mapper

Map forward TCP and UDP ports on NAT devices using NAT-PMP This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NAT-PMP Port Mapper', 'Description' = 'Map forward TCP and UDP ports on NAT devices...