Microsoft issues Emergency Windows Update to Block Fake SSL Certificates

Today, Microsoft has issued an emergency update for almost all versions of Windows and also for Microsoft devices running Windows Phone 8 and 8.1 to secure users from attacks that abuse the latest issued rogue SSL certificates, which could be used to impersonate Google and Yahoo! websites. A week...

Security Advisory 2982792 released, Certificate Trust List updated

Today, we are updating the Certificate Trust List CTL for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates. These certificates could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties. Wit...

MS KB2982792: Improperly Issued Digital Certificates Could Allow Spoofing

The remote host is missing KB2982792, KB2677070 automatic updater, or the latest disallowed certificate update using KB2813430 manual updater. If KB2677070 is installed, it is missing the latest auto-updates. Note that this plugin checks that the updaters have actually updated the disallowed CTL...

CVE-2014-0247

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx...

DEBIAN-CVE-2014-0247

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx...

CVE-2014-0247

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx...

KLA10242 Vulnerability in LibreOffice

Automatic macros execution was found in LibreOffice. By exploiting this vulnerability malicious users can have an unspecified impact via unspecified attack vectors. Original advisories LibreOffice bulletin Related products LibreOffice CVE list CVE-2014-0247 critical Solution Update to latest...

KingView 6.5.3 SCADA HMI Heap Overflow PoC

No description provided by source. Exploit Title: KingView 6.53 SCADA HMI Heap Overflow PoC Date: 9/28/2010 Author: Dillon Beresford Software Link: http://download.kingview.com/software/kingview%20English%20Version/kingview6.53EN.rar Version: 6.53 English Tested on: Windows XP SP1 works on SP2 an...

Microsoft Internet Explorer 5.0.1 ITS Protocol Zone Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9658/info Microsoft Internet Explorer has been reported prone to a vulnerability that may permit hostile content to be interpreted in the Local Zone. The issue may be exploited via the ITS InfoTech Storage Protocol URI...

Apple iPhone <= 2.2.1 Call Approval Dialog Security Bypass Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/35425/info Apple iPhone is prone to a security-bypass vulnerability that may cause a call to be placed automatically. Successfully exploiting this issue may allow attackers to bypass the Mail's call-approval dialog and...

Sielco Sistemi Winlog Buffer Overflow 2.07.14

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

phpmychat plus 1.94 rc1 - Multiple Vulnerabilities

No description provided by source. Exploit Title: phpMyChat Plus v1.94 RC1 Multiple Remote Vulnerabilities Date: 04/10/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://sourceforge.net/projects/phpmychat/ Software Link:...

Nullsoft Winamp 2.80 Automatic Update Check Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5170/info Nullsoft Winamp is a media player for Microsoft Windows supporting MP3 and other filetypes. Winamp is vulnerable to a buffer overflow condition when checking for updated versions. A malicious server located at...

Xerox DocuShare - SQL Injection

No description provided by source. The following request is vulnerable to a SQL injection in the last URI segment: GET /docushare/dsweb/ResultBackgroundJobMultiple/1 HTTP/1.1 Host: 172.31.16.194:8080 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101 Firefox/26.0 Accept:...

PunBB Automatic Image Upload <= 1.3.5 - Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl 0-Day PunBB Automatic Image Upload = v1.3.5 Remote SQL Injection Exploit Coded By Dante90, WaRWolFz Crew Bug Discovered By: Dante90, WaRWolFz Crew Works only if '$AllowStats = USERGROUP;' is not commented in uploadimgconfig.php FIND LINE: 75...

The Mole - Automatic SQL Injection Exploitation Tool

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server,...

Scientific Linux Security Update : dovecot on SL6.x i386/srpm/x86_64 (20140625)

It was discovered that Dovecot did not properly discard connections trapped in the SSL/TLS handshake phase. A remote attacker could use this flaw to cause a denial of service on an IMAP/POP3 server by exhausting the pool of available connections and preventing further, legitimate connections to t...

How to: Version Control

How to: Version Control In Linux, /etc directory contains important system-related or application-specific configuration files. Especially in a server environment, it is wise to back up various server configurations in /etc directory regularly, to save trouble from any accidental changes in the...

Microsoft released a“denial of service vulnerability”fixes-bug warning-the black bar safety net

In patch 5 9 IE vulnerability after Microsoft finally for its security software to plug a security vulnerability. It is reported that the vulnerability may be in use“Malware Protection engine”Malware Protection Engineto scan when triggered. Then, the attacker can use it to launch denial of...

Microsoft Malware Protection Engine Denial of Service Bug

Microsoft today released a security advisory alerting users of a serious vulnerability in the antimalware engine present in a number of security products, including Windows Defender, Forefront and others. The update will be automatically pushed down to the Microsoft Malware Protection Engine in t...