EMC M&R (Watch4net) MIB Browser Path Traversal

------------------------------------------------------------------------ Path traversal vulnerability in EMC M&R Watch4net MIB Browser ------------------------------------------------------------------------ Han Sahin, November 2014...

Websense Triton Source Code Disclosure

------------------------------------------------------------------------ Source code disclosure of Websense Triton JSP files via double quote character ------------------------------------------------------------------------ Han Sahin, September 2014...

EMC M&R (Watch4net) - Directory Traversal

Abstract A path traversal vulnerability was found in EMC M&R Watch4net Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries. Affected products EMC repor...

EMC MR (Watch4net) - Directory Traversal

EMC MR Watch4net - Directory Traversal Abstract A path traversal vulnerability was found in EMC M&R Watch4net Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts an...

tcpdump 4.7.2 remote crashes

Hi, please find tcpdump 4.7.2 source code at: http://www.ca.tcpdump.org/beta/tcpdump-4.7.2.tar.gz http://www.ca.tcpdump.org/beta/tcpdump-4.7.2.tar.gz.sig there is also a matching libpcap To validate the source code with the "make check" you need to have libpcap-4.7.2 or the geneve test cases will...

XYCMS管理咨询公司建站系统存在默认数据库下载和存储型XSS

简要描述： XYCMS管理咨询公司建站系统存在默认数据库下载和存储型XSS 详细说明： XYCMS管理咨询公司建站系统存在默认数据库下载和存储型XSS。 源码地址：http://down.chinaz.com/soft/29472.htm 一是存在存储型XSS，发生在在线应聘处，可插入XSS代码，漏洞文件：Careersyp.asp 可谷歌搜索：inurl:Careersyp.asp 实例如下：http://www.gaonengkedi.com/Careersyp.asp?id=4 http://njqygl.com/Careersyp.asp?id=1...

Elastix 2.x - Blind SQL Injection

Elastix 2.x - Blind SQL Injection Title: Elastix v2.x Blind SQL Injection Vulnerability Author: Ahmed Aboul-Ela Twitter: https://twitter.com/aboul3la Vendor : http://www.elastix.org Version: v2.5.0 and prior versions should be affected too - Vulnerable Source Code snippet in...

Security vulnerability is the essence of myth of the battle to compile code-bug warning-the black bar safety net

0x00 Preface Currently more popular but also more efficient mining of vulnerabilities is Fuzzing, of course, this also needs to take the time to write Fuzzing programs. However, not every things are necessary to write Fuzzing programs,not every thing can go to Fuzzing, so still have to continue t...

PNMsoft Sequence Kinetics Information Disclosure Vulnerability

PNMsoft Sequence Kinetics is a suite of intelligent workflow applications from PNMsoft that can organize modeling, design, and execution.Form Controls CSS is one of the control form CSS files. A security vulnerability exists in the Form Controls CSS file in PNMsoft Sequence Kinetics 7.5 and earli...

SQLite3 3.8.6 - Controlled Memory Corruption (PoC)

Exploit Title: SQLite3 controlled memory corruption PoC 0day Date: date Exploit Author: Andras Kabai Vendor Homepage: http://www.sqlite.org/ Software Link: http://www.sqlite.org/download.html Version: 3.8.6, 3.8.8.3 Tested on: Ubuntu 14.10, 64 bit 3.8.6 latest available package, 3.8.8.3 built fro...

FreeBSD-SA-15:04.igmp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:04.igmp Security Advisory The FreeBSD Project Topic: Integer overflow in IGMP protocol Category: core Module: igmp Announced: 2015-02-25; Last revised on...

Zabbix 2.0.5 - Cleartext ldap_bind_Password Password Disclosure (Metasploit)

Zabbix 2.0.5 - Cleartext ldapbindPassword Password Disclosure Metasploit This module requires Metasploit Date: 25-09-2013 Author: Pablo González Vendor Homepage: Zabbix - http://www.zabbix.com Software Link: http://www.zabbix.com Version: 2.0.5 Tested On: Linux Ubuntu, Suse, CentOS CVE:...

Zabbix 2.0.5 Password Disclosure

This module requires Metasploit Date: 25-09-2013 Author: Pablo González Vendor Homepage: Zabbix - http://www.zabbix.com Software Link: http://www.zabbix.com Version: 2.0.5 Tested On: Linux Ubuntu, Suse, CentOS CVE: CVE-2013-5572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5572 More Inf...

Zabbix 2.0.5 - Cleartext ldap_bind_Password Password Disclosure (Metasploit)

This module requires Metasploit Date: 25-09-2013 Author: Pablo González Vendor Homepage: Zabbix - http://www.zabbix.com Software Link: http://www.zabbix.com Version: 2.0.5 Tested On: Linux Ubuntu, Suse, CentOS CVE: CVE-2013-5572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5572 More Inf...

‘DarkLeaks’ Black Market — Anonymously Selling Secrets for Bitcoins

An all new anonymous online underground black market website, DarkLeaks, has been introduced on the Internet where Whistleblowers, blackmailers, hackers and any individual can trade/sell sensitive and valuable data/secrets anonymously in exchange for Bitcoin payments. DarkLeaks is a decentralized...

Rig Exploit Kit Source Code Leaked

A spitting match between developers of the Rig Exploit Kit and one of its resellers resulted in a partial leak of the kit’s source code in a hacker forum. Rig is less than a year old and is spread primarily in malvertising campaigns, pushing Flash, Java and Microsoft Silverlight exploits; some...

Kallithea Information Disclosure Vulnerability

Kallithea is a free source code management system. Kallithea suffers from an information disclosure vulnerability that allows remote attackers to obtain sensitive information...

China Demands Tech Companies to give them Backdoor and Encryption Keys

A number of western companies are doing big business in China, but now they may have to pay a huge value for to do so. China has introduced strict new banking cyber security regulations on western companies selling technology to Chinese banks. The Chinese government wants backdoors installed in a...

JADX - Java source code from Android Dex and Apk files

Command line and GUI tools for produce Java source code from Android Dex and Apk files. Usage jadx-gui options .dex, .apk, .jar or .class options: -d, --output-dir - output directory -j, --threads-count - processing threads count -f, --fallback - make simple dump using goto instead of 'if', 'for'...

Dex to Java Decompiler: jadx

Command line and GUI tools for produce Java source code from Android Dex and Apk files Building from source git clone https://github.com/skylot/jadx.git cd jadx ./gradlew dist on Windows, use gradlew.bat instead of ./gradlew Scripts for run jadx will be placed in build/jadx/bin and also packed to...