(edited) [DSECRG-09-044] SAP GUI 7.1 Insecure Methods

Digital Security Research Group DSecRG Advisory DSECRG-09-044 Application: EnjoySAP, SAP GUI for Windows 6.4 and 7.1 Versions Affected: Tested on 7100.2.7.1038 PL 7 Vendor URL: http://SAP.com Bugs: insecure method, File owervriting Exploits: YES Reported: 02.07.2009 Vendor response: 02.07.2009 Da...

[SECURITY] Fedora 11 Update: rubygem-actionpack-2.3.3-2.fc11

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

[DSECRG-09-055] OSSIM 2.1 - Multiple security vulnerabilities

OSSIM - Open Source Security Information Management is vulnerable to multiple security vulnerabilities. 1. SQL Injections 2. Linked XSS 3. Unauthorized access Digital Security Research Group DSecRG Advisory DSECRG-09-055 Application: OSSIM Versions Affected: 2.1 and may be 2.1.1 Vendor URL:...

Remote exploit released for Windows Vista SMB2 worm hole

Security researchers at penetration testing firm Immunity have created a reliable remote exploit capable of spawning a worm through an unpatched security hole in Microsoft’s dominant Windows operating system. A team of exploit writers led by Kostya Kortchinsky attacked the known SMB v2...

Microsoft Releases New SDL Security Tools

Microsoft’s Security Development Lifecycle SDL team has released two new security tools to help developers test and verify the security of software programs. The tools — BinScope Binary Analyzer and MiniFuzz File Fuzzer — are available for download at no cost. The BinScope Binary Analyzer can be...

Notepad++ 5.4.5 Buffer Overflow

/ 0dayNotepad++ 5.4.5 Local .C/CPP Stack Buffer Overflow POC by fl0 fl0w / / LATEST FIXES Notepad++ v5.4.5 fixed bugs from v5.4.4 : 1. Fix plugins shortcuts not working bug. 2. Fix the tooltip on toolbar display bug for the plugins icons. 3. Fix a crash that was occurring when searching in files...

DSA-1884-1 nginx - arbitrary code execution

Bulletin has no description...

Use google to conduct“penetration testing”-vulnerability warning-the black bar safety net

The dark visitor Today we are penetration testers in the implementation of the attack before, often the first information-gathering, which is the vulnerability is confirmed and the final exploits, expanding the war fruit. Here we are now going to talk about is: One, use google to find is people w...

Overflow vulnerability scan technique method and implementation-vulnerability warning-the black bar safety net

First, Windows under the commonly used overflow vulnerability scan method For vulnerability scanning, we commonly used methods are the following: 1． Testing services the port is open or not. This is the most basic, but also the accuracy rate is the lowest kind of way. Directly to the target machi...

Phorum过滤引擎HTML代码注入漏洞

BUGTRAQ: 35777 Phorum是一款基于PHP的WEB论坛程序，可在Linux和Unix操作系统下使用，也可在Microsoft Windows操作系统下使用。 Phorum的过滤引擎没有充分地验证某些BBcode参数，远程攻击者可以在所提交的请求中使用导致注入并执行恶意JavaScript代码。 Phorum 5.2.11 厂商补丁： Phorum ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.phorum.org/phorum5/read.php?64,139411...

Debian Security Advisory DSA 1866-1 (kdegraphics)

The remote host is missing an update to kdegraphics announced via advisory DSA 1866-1. OpenVAS Vulnerability Test $Id: deb18661.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1866-1 kdegraphics Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Linux Kernel 2.4/2.6 sock_sendpage() Local Root Exploit (ppc)

No description provided by source. / Linux socksendpage NULL pointer dereference Copyright 2009 Ramon de Carvalho Valle [email protected] This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Softwar...

Can record windows login password stuff-vulnerability warning-the black bar safety net

from: t00ls.net ========Principle: windows Authentication in General are ultimately in the lsass process 默认 模块 是 msv10.dll while critical in its export function LsaApLogonUserEx2, the The present program by injecting code into the lsass process hook LsaApLogonUserEx2, the interception of the...

Detailed description of SSL and TLS Web Security penetration testing-vulnerability warning-the black bar safety net

If the Web Service of the SSL and TLS Protocol security problem, the consequences will be how? Obviously, in this case the attacker can have all your security information, including user name, passwords, credit card, Bank information...... All in all. This article will give the reader a detailed...

Feed Sidebar Firefox Extension - Privileged Code Injection

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Feed Sidebar Firefox Extension Code Injection Vulnerability Versions affected: 3.2 +-----------+ |Description| +-----------+ The Feed Sidebar Firefox extension will generate a previ...

Stable Update: Security fixes

Google Chrome 2.0.172.43 has been released to the Stable channel to fix the security issues listed below. CVE-2009- 2935 Unauthorized memory read from Javascript A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing securi...

CoolPreviews - Firefox Extension - Chrome Privileged Code Injection

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. CoolPreviews Chrome Privileged Code Injection +-----------+ |Description| +-----------+ Security-Assessment.com discovered that Coolpreviews stack feature is vulnerable to Cross Sit...

[SECURITY] [DSA 1868-1] New kde4libs packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1868-1 [email protected] http://www.debian.org/security/ Steffen Joeris August 19, 2009 http://www.debian.org/security/faq -...

ZTE ZXDSL 831 II Modem Arbitrary Add Admin User Vulnerability

No description provided by source. ----------------------------------------------------- -- Found By SuNHouSe2 ALGERIAN HaCkEr -- -- Made in "Maghnia City" DZ -- -- Contact : [email protected] -- -- Greetz to : His0k4 all my friends -- -- Good Ramadan to all muslims --...

Debian Security Advisory DSA 1843-2 (squid3)

The remote host is missing an update to squid3 announced via advisory DSA 1843-2. OpenVAS Vulnerability Test $Id: deb18432.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1843-2 squid3 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...