[SECURITY] Fedora 13 Update: pam_ssh-1.97-7.fc13

This PAM module provides single sign-on behavior for UNIX using SSH keys. Users are authenticated by decrypting their SSH private keys with the password provided. In the first PAM login session phase, an ssh-agent process is started and keys are added. The same agent is used for the following PAM...

[SECURITY] Fedora 15 Update: pam_ssh-1.97-7.fc15

This PAM module provides single sign-on behavior for UNIX using SSH keys. Users are authenticated by decrypting their SSH private keys with the password provided. In the first PAM login session phase, an ssh-agent process is started and keys are added. The same agent is used for the following PAM...

SuSE9 Security Update : ethereal (YOU Patch Number 12708)

This ethereal update fixes the use of uninitialized variables. CVE-2011-1590 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid54993; scriptversion"1.5";...

Google Chrome < 12.0.742.91 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 12.0.742.91. Such versions of Chrome are affected by multiple vulnerabilities: - Use-after-free errors exist in the handling of float variables, accessibility functionality, developer tools and an image loader. Issues 73962...

Nmap NSE net: mysql-variables

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Symphony CMS 2.1.2 Blind SQL Injection

-------------------------------------------------------------------------------------------- 20110424 - Justanotherhacker.com : Symphony-cms blind sql injection JAHx111 - http://www.justanotherhacker.com/advisories/JAHx111.txt...

CVE-2011-1095

locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...

RedHat Update for glibc RHSA-2011:0412-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Advanced Image Hosting 2.2 (index.php) SQL Injection Vulnerability

Exploit for php platform in category web applications InformatioN Title : Advanced Image Hosting v2.2 SQLi Vulnerability Author : keracker Vendor or Software Link : http://yabsoft.com Email : email protected Data : 2011-04-01 Google dork: "Powered by: AIH v2.2" Category: Webapps Tested on: Window...

Advanced Image Hosting 2.2 SQL Injection

========================================== Advanced Image Hosting v2.2 SQLi Vulnerability ========================================== InformatioN Title : Advanced Image Hosting v2.2 SQLi Vulnerability Author : keracker Vendor or Software Link : http://yabsoft.com Email : [email protected] Data :...

Advanced Image Hosting 2.2 - &#039;index.php&#039; SQL Injection

========================================== Advanced Image Hosting v2.2 SQLi Vulnerability ========================================== InformatioN Title : Advanced Image Hosting v2.2 SQLi Vulnerability Author : keracker Vendor or Software Link : http://yabsoft.com Email : [email protected] Data :...

DEBIAN-CVE-2009-5057

The S/MIME feature in Open Ticket Request System OTRS before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations,...

Medium severity flaw in QNX Neutrino RTOS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20110310 Date: 10th March 2011 Author: Tim Brown mailto:[email protected] URL: http://www.nth-dimension.org.uk/ / http://www.machine.org.uk/ Product: QNX Neutrino RTOS 6.5.0...

boblog arbitrary variable overwrite vulnerability(a)-vulnerability warning-the black bar safety net

by Ryatpuretot mail: puretot at gmail dot com team: http://www.80vul.com Vulnerability code is as follows: // go.php $qurl=$SERVER"REQUESTURI"; @list$relativePath, $rawURL=@explode'/go.php/', $qurl; $rewritedURL=$rawURL; // from$SERVER"REQUESTURI",can be arbitrarily submitted:...

Buffer overflow in JavaScript upvarMap — Mozilla

Security researcher Christian Holler reported that the JavaScript engine's internal memory mapping of non-local JS variables contained a buffer overflow which could potentially be used by an attacker to run arbitrary code on a victim's computer...

Ускоритель MySQL-inj

Если данный способ уже где-то описан - прошу кинуть ссылочки. Метод был существенно доработан - читай мой пост ниже! Хочу рассказать вам о новой может я что-то пропустил? технике вывода данных при MySQL injection. Дело в том, что очень неудобно когда при наличии уязвимости в результате мы можем...

IcedTea System property information leak via public static

IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including 1 user.name, 2 user.home, and 3 java.home system properties, and other sensitive...

FreeBSD : php -- corruption of $GLOBALS and $this variables via extract() method (f3148a05-0fa7-11e0-becc-0022156e8794)

Off-by-one error in the sanity validator for the extract method allowed attackers to replace the values of $GLOBALS and $this when mode EXTROVERWRITE was used. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeB...

Multi Gather Generic Operating System Environment Settings

This module prints out the operating system environment variables. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Gather Generic Operating System Environment Settings', 'Description' = %...

[SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw

------------------------------------------------------------------------ Debian Security Advisory DSA-2141-2 [email protected] http://www.debian.org/security/ Stefan Fritsch January 06, 2011 http://www.debian.org/security/faq -...