WordPress Simple Ads Manager SQL Injection

SQL injection vulnerability in WordPress Simple Ads Manager plugin sam-ajax-admin.php Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

New Utility Decrypts Files Lost to TeslaCrypt Ransomware

Crypto-ransomware variants have enterprises on edge because of the threat of irreversibly damaged files. Some organizations, including most recently the Tewksbury, Ma., police department have gone as far as to pay hundreds of dollars in ransom for the recovery key. Some technology companies are...

CVE-2015-0113

The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next...

CVE-2015-0113

The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next...

Multiple IBM Rational Products Jazz Help System Information Disclosure Vulnerabilities

IBM Rational CLM, Rational Team Concert RTC, and Rational Engineering Lifecycle Manager are collaborative lifecycle management solutions; Rational Quality Manager RQM is a set of collaborative, Web-based quality management solutions; Rational Requirements Composer and Rational DOORS Next Generati...

FireEye Trojan analysis engine (MAS) 6.4.1 – multiple vulnerabilities-vulnerability warning-the black bar safety net

FireEye Trojan analysis system MAS web login section there are multiple serious vulnerabilities. Multiples Vulnerabilities 3 XSS reflected 1 CSRF 1 NoSQLi Json object 1 PostGreSQL SQLi Exploitable? 1 File and Path Disclosure 1 Source code Info-leak XSS: The Cross-Station 1...

java-1.8.0-openjdk security update

1:1.8.0.45-30.b13 - repacked sources - Resolves: RHBZ1209076 1:1.8.0.45-7.b13 - Re-add %name prefix to patches to avoid conflicts with OpenJDK 7 versions. - Remove ppc64le test case now fix has been verified. - Resolves: rhbz1194378 1:1.8.0.45-27.b13 - updated to security u45 - minor sync with 7....

BSD x64 Execute Command

Execute an arbitrary command This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exec ---- Executes an arbitrary command. module MetasploitModule CachedSize = 31 include Msf::Payload::Single include Msf::Payload::Bsd def...

Shopify: Force 500 Internal Server Error on any shop (for one user)

There is very strange behavior. If user open urls like below: - https://whashp.myshopify.com/?previewthemeid=11288717 - or https://lmfshp.myshopify.com/?previewthemeid=11290937 He got redirect to shop https://whashp.myshopify.com/ and 500 Internal Server Error response, and reload does not help i...

FreeBSD-SA-15:07.ntp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:07.ntp Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities of ntp Category: contrib Module: ntp Announced: 2015-04-07 Credits: Network Time...

How to Run Linux Kernel on Canon DSLRs Cameras

Last month, I Got a Canon's amazing and powerful video-capable DSLR Camera and was wondering if I could play a hack on it. Yes, Just like last time I installed and run Linux on my PlayStation 3 gaming console and the popular game console, the Nintendo Wii. What If I could port Linux Kernel to my...

CVE-2015-0902

The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code...

CVE-2015-0902

The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code...

Qianwei Music 3.5 /source/admincp/include/function.php 登录绕过漏洞

No description provided by source...

The local file contains（LFI）vulnerability Detection Tool – Kadimus-vulnerability warning-the black bar safety net

Kadimus is for detecting a site local file inclusion（LFI）vulnerability of security tools. Characteristics Detect all URL parameters /var/log/auth. log RCE /proc/self/environ RCE php://input RCE data://text RCE The source code leak detection Multi-thread scanning HTTP command execution vulnerabili...

All in One SEO Pack <= 2.2.5.1 - Information Disclosure

The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code...

Kadimus - LFI Scan & Exploit Tool

Kadimus is a tool to check sites to lfi vulnerability , and also exploit it Features: Check all url parameters /var/log/auth.log RCE /proc/self/environ RCE php://input RCE data://text RCE Source code disclosure Multi thread scanner Command shell interface through HTTP Request Proxy support...

Phabricator: SSRF vulnerability (access to metadata server on EC2 and OpenStack)

In bug 50537, haquaman reported a SSRF vulnerability in the meme creation section of Phabricator. Ticket T6755 was created and the HackerOne issue was closed as "Won't fix". T6755 states that "attackers can use the machine's ability to access the network, which may allow them to find services and...

Source code disclosure of Websense Triton JSP files via double quote character

------------------------------------------------------------------------ Source code disclosure of Websense Triton JSP files via double quote character ------------------------------------------------------------------------ Han Sahin, September 2014...

EMC M&R (Watch4net) MIB Browser Path Traversal Vulnerability

A path traversal vulnerability was found in EMC M&R Watch4net MIB Browser. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries...