Backdoored PhpMyAdmin distributed at SourceForge site

A security issue has been reported in phpMyAdmin, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the distribution of a compromised phpMyAdmin source code package containing a backdoor, which can be exploited to e.g. execute...

Symantec Norton Utilities 2006 source code leaked by Anonymous

Symantec is looking into claims more of its products' source code has been leaked online, following a similar incident earlier this year. This time source code from Norton Utilities 2006 was reportedly leaked on The Pirate Bay by Anonymous member STUN. "As you all see its fully 7z packed content,...

OS X x64 Shell Reverse TCP

Connect back to attacker and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 128 include Msf::Payload::Single include Msf::Payload::Osx include...

The company's customer information and tracking management system CITMS 3.0 injection and upload vulnerabilities-vulnerability warning-the black bar safety net

Management system part of the function is as follows: （１）online add, modify, delete administrators （２）online add, modify, delete customer records, supporting HTML, etc.. （３）the front Desk recorded with the tracking function.． As well as the track record and the number of clicks on the display...

Kerry friends of Science and technology cms upload vulnerability-vulnerability warning-the black bar safety net

The program uses the upload page uploadfile. asp not be verified, leading to the establishment of malformations directory upload image the Trojans get a shell vulnerability. Google keywords: inurl:newslist. asp? NodeCode= exp: the...

Potential for signature integrity compromise in Intel® Integrated Performance Primitives (Intel® IPP) Cryptography Domain

Summary: The cryptography CP domain in Intel’s newest version of Intel® Integrated Performance Primitives Intel® IPP v7.1 has been enhanced to improve its security and customers are strongly urged to update to this release. Description: Intel IPP v7.1 introduces Intel® AVX & Intel® AVX2 performan...

Slackware: Security Advisory (SSA:2007-178-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Discuz!X2.5最新版后台管理员权限Getshell

简要描述： Discuz!X2.5最新版后台管理员权限Getshell。 详细说明： 1.在后台--站长--Ucenter设置处设置UcenterIP为 XX\';eval$POSTa?;// XX 2.发现管理页面代码出来了 3.上菜刀！ 4.看一下源码，哦，原来是这样的！ 漏洞证明： img src="https://images.seebug.org/upload/201209/10172158c1138ac884a3be1de3dd7f60fceaed33.jpg" alt...

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: LDAP Injection When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDAP...

Liferay Users disclosure

A users disclosure vulnerability Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64

Multiple security flaws were discovered in RealPlayer. Helix Player and RealPlayer share a common source code base; therefore, some of the flaws discovered in RealPlayer may also affect Helix Player. Some of these flaws could, when opening, viewing, or playing a malicious media file or stream, le...

Scientific Linux Security Update : spice-xpi on SL5.x i386/x86_64

The spice-xpi package provides a plug-in that allows the SPICE client to run from within Mozilla Firefox. A race condition was found in the way the SPICE Firefox plug-in and the SPICE client communicated. A local attacker could use this flaw to trick the plug-in and the SPICE client into...

Scientific Linux Security Update : python on SL4.x, SL5.x i386/x86_64

A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the 'file://' URL type. This...

CentOS Update for php CESA-2012:0546 centos6

Check for the Version of php OpenVAS Vulnerability Test CentOS Update for php CESA-2012:0546 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

CentOS Update for HelixPlayer-uninstall CESA-2010:0981 centos4 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Small nose article management system vulnerability-vulnerability warning-the black bar safety net

From the A5 site on just under an asp of built Station system, “small nose article management system” Open later discover to do good. Addresses in the background/admin/login. asp default tried universal password 'or'='or' found turned out to go in. Take a look at the source code ① Login. asp file...

Webmatic 3.1.1 - Blind SQL Injection

Webmatic 3.1.1 - Blind SQL Injection Advisory ID: HTB23096 Product: Webmatic Vendor: valarsoft.com Vulnerable Versions: 3.1.1 and probably prior Tested Version: 3.1.1 Vendor Notification: 13 June 2012 Public Disclosure: 4 July 2012 Vulnerability Type: Blind SQL Injection CVE Reference:...

Microsoft IIS Authentication Bypass and Source Code Disclosure Vulnerabilities

Microsoft IIS is prone to an authentication-bypass vulnerability and a source-code disclosure vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C...

GuestBook Scripts PHP v1.5 - Multiple Vulnerabilities

Exploit for php platform in category web applications Title: ====== GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites Common Vulnerability Scoring System: ==================================== 7.5 Introduction: ============= GuestBook Script PHP is a script that is very easy to install,...

GLSA-201206-13 : Mono: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201206-13 Mono: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mono and Mono debugger. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary...