RedHat Update for postfix RHSA-2011:0423-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Limit Login Attempts < 1.7.1 - Auth Cookies Brute Force Bypass

From the changelog of the plugin: "Auth cookies" are special cookies set at login that authenticating you to the system. It is how WordPress "remembers" that you are logged in between page loads. During lockout these are supposed to be cleared, but a change in 1.6.2 broke this. It allowed an...

Security fix for the ALT Linux 6 package strongswan version 4.6.4-alt1

June 1, 2012 Michael Shigorin 4.6.4-alt1 - 4.6.4 + CVE-2012-2388 is fixed an attacker presenting a forged signature and/or certificate can authenticate as any legitimate user provided that "gmp" plugin is in use and a connection definition using RSA auth exists...

Baby Gekko CMS 1.1.5c Cross Site Scripting

Baby Gekko CMS v1.1.5c Multiple Stored Cross-Site Scripting Vulnerabilities Vendor: Baby Gekko, Inc. Product web page: http://www.babygekko.com Affected version: 1.1.5c Summary: BabyGekko strives to deliver high quality websites and other web content fast and easy for all end users. It is a...

WebCalendar 1.2.4 - Remote Code Injection (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "WebCalendar 1.2.4...

WebCalendar 1.2.4 Pre-Auth Remote Code Injection

This module exploits a vulnerability found in k5n.us WebCalendar, version 1.2.4 or less. If not removed, the settings.php script meant for installation can be update by an attacker, and then inject code in it. This allows arbitrary code execution as www-data. This module requires Metasploit:...

KLA10101 SB vulnerabilities in Cerberus FTP Server

A CSRF vulnerability was found in the Cerberus FTP Server. By exploiting this vulnerability malicious users can hijack the administrators’ auth. This vulnerability can be exploited from the network at a point related to the web interface. Original advisories - Related products Cerberus-FTP-Server...

Fingerprint And Proximity Access Control Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 + Device: Fingerprint & Proximity Access Control + Model: ZEM560 and others + Kernel: 2.6.24 Treckle on an MIPS + Vulnerability: Auth Bypass + Impact: By using a direct URL attackers can bypass the fingerprint & proximity security and open the door...

Sysax 5.57 - Directory Traversal

!/usr/bin/python Title: Sysax Multi Server = 5.57 Directory Traversal Tool Post Auth Author: Craig Freyman @cd1zz Tested on: XP SP3 32bit and Server 2003 SP2 32bit Date Discovered: March 27, 2012 Vendor Contacted: March 29, 2012 Vendor Response: April 3, 2012 Vendor Fixed: Currently working on fi...

Sysax 5.57 - Directory Traversal

Sysax 5.57 - Directory Traversal !/usr/bin/python Title: Sysax Multi Server = 5.57 Directory Traversal Tool Post Auth Author: Craig Freyman @cd1zz Tested on: XP SP3 32bit and Server 2003 SP2 32bit Date Discovered: March 27, 2012 Vendor Contacted: March 29, 2012 Vendor Response: April 3, 2012 Vend...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 logindata parameter to admin/auth.php; 2 nb parameter to admin/blogs.php; 3 type, 4 sortby, 5 order, or 6 status parameters to admin/comments.php; or ...

Citrix 11.6.1 - Licensing Administration Console Denial of Service

Citrix 11.6.1 - Licensing Administration Console Denial of Service source: https://www.securityfocus.com/bid/52522/info Citrix Licensing is prone to a denial-of-service vulnerability. A remote attacker can leverage this issue to crash the affected application, denying service to legitimate users...

Bintech Systems LLC SQL Injection

Exploit for asp platform in category web applications Exploit Title: Bintech Systems LLC Admin Auth Bypass Exploit Google Dork: "Powered By: Bintech Systems LLC" Date: 11-03-2012 Author: BLACK BURN BBHH Tested on: Linux Exploit : http://localhost/ptah/login.asp user: 'or''=' pass: 'or''=' Demo :...

Bintech Systems LLC SQL Injection

Exploit Title: Bintech Systems LLC Admin Auth Bypass Exploit Google Dork: "Powered By: Bintech Systems LLC" Date: 11-03-2012 Author: BLACK BURN BBHH Tested on: Linux Exploit : http://localhost/ptah/login.asp user: 'or''=' pass: 'or''=' Demo :...

HITB2011KUL - SAPocalypse Now, CrushingSAPs J2EE

Document Title: =============== HITB2011KUL - SAPocalypse Now, CrushingSAPs J2EE References: =========== View: http://www.youtube.com/watch?v=bu6JnwqhRV0 Release Date: ============= 2012-03-05 Vulnerability Laboratory ID VL-ID: ==================================== 469 Discovery Status:...

Sysax 5.53 SSH Username Buffer Overflow Exploit

No description provided by source. !/usr/bin/python Title: Sysax = 5.53 SSH Username BoF Pre Auth RCE Egghunter Author: Craig Freyman @cd1zz OS Tested: XP SP3 32bit, 2003 Server SP2 No DEP Software Versions Tested: 5.53, 5.52, 5.50 Date Discovered: Febrary 22, 2012 Vendor Contacted: Febrary 23,...

THC-HYDRA 7.2 - Fast and Flexible network login Bruteforce Tool Updated

THC-HYDRA 7.2 - Fast and Flexible network login Bruteforce Tool Updated One of the most famous network logon cracker – THC-HYDRA 7.2 get latest Update. Hydra is a parallized login cracker which supports numerous protocols to attack. New modulesare easy to add, beside that, it is flexible and very...

OpenSSH < 5.7 Multiple Vulnerabilities

Binary data 6300.prm...

FAA US Academy SQL Injection

Title: ====== FAA US Academy AFS - Auth Bypass Vulnerability Date: ===== 2012-01-28 References: =========== http://vulnerability-lab.com/getcontent.php?id=171 VL-ID: ===== 171 Introduction: ============= This is a FAA computer system. FAA computer systems are provided for the processing of Offici...

FAA US Academy (AFS) - Auth Bypass Vulnerability

Document Title: =============== FAA US Academy AFS - Auth Bypass Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=171 Release Date: ============= 2012-01-27 Vulnerability Laboratory ID VL-ID: ==================================== 171 Common...