[JSQL v0.3] Java Tool for Automatic Database Injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Version 0.2 features: GET, POST, header, cookie methods normal, error based, blind, time based algorithms automatic...

Scientific Linux Security Update : pcsc-lite on SL6.x i386/x86_64 (20130221)

A stack-based buffer overflow flaw was found in the way pcsc-lite decoded certain attribute values of Answer-to-Reset ATR messages. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the pcscd daemon root, by default, by inserting a specially...

Scientific Linux Security Update : dhcp on SL6.x i386/x86_64 (20130221)

A flaw was found in the way the dhcpd daemon handled the expiration time of IPv6 leases. If dhcpd's configuration was changed to reduce the default IPv6 lease time, lease renewal requests for previously assigned leases could cause dhcpd to crash. CVE-2012-3955 This update also fixes the following...

Server: Multiple CSRF vulnerabilities

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud 4.5.6 and 4.0.11 and all prior versions before allows remote attackers to hijack the authentication for users via the "lat" and "lng" POST parameters to guesstimezone.php in /apps/calendar/ajax/settings/ CVE-2013-0299 Commits:...

Microsoft's Patch Tuesday fully loaded with patch for 57 security flaws

Microsoft next updates are fully loaded with 57 different security vulnerabilities through 12 separate updates. It will roll out fixes as it always does on Patch Tuesday, the second Tuesday of every month. Anyone who uses Windows as their primary operating system will be quite familiar with Patch...

CentOS Update for libreport CESA-2013:0215 centos6

Check for the Version of libreport OpenVAS Vulnerability Test CentOS Update for libreport CESA-2013:0215 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CentOS 6 : mysql (CESA-2013:0219)

Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Chrome for Android - Download Function Information Disclosure

CVE Number: CVE-2012-4906 Title: Chrome for Android - Download Function Information Disclosure Affected Software: Confirmed on Chrome for Android v18.0.1025123 Credit: Takeshi Terada Issue Status: v18.0.1025308 was released which fixes this vulnerability Overview: Rogue Android apps can steal...

Chrome For Android Download Function Information Disclosure

CVE Number: CVE-2012-4906 Title: Chrome for Android - Download Function Information Disclosure Affected Software: Confirmed on Chrome for Android v18.0.1025123 Credit: Takeshi Terada Issue Status: v18.0.1025308 was released which fixes this vulnerability Overview: Rogue Android apps can steal...

CVE-2012-5654

The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the 1 description,...

Android application lazy listen to the book the automatic updates can be exploited-vulnerability warning-the black bar safety net

Brief description: www.yytingting.com 出品 的 Android 有声读物 软件“lazy listen to the book”, in the automatic update when the verification is insufficient, may be utilized to replace other apk, and ultimately can achieve remote code execution. Detailed description: www.yytingting.com 出品 的 Android 有声读物...

Windows Autologin Password Dumper & Manager

Windows Autologin Password is the free command-line tool to quickly dump and manage the Windows Automatic Logon Password. Automatic Logon is one of the useful feature in Windows which allows you to login to system automatically without entering the password everytime. This tool helps you to easil...

FixMeStick PRO : Best remote malware remediation product

This week Corey and Marty over at FixMeStick shared the specs of their recently released FixMeStick PRO with me. This Pro is the best remote malware remediation product we've seen. It retails for $299.99 per year, or $209.99 for the first 50 'The Hacker News' readers use coupon code 'THNFIX' for...

Window 8 will get its first critical patch this Friday

The Windows 8 and Windows RT security updates will be the first shipped since those operating systems' launch on Oct. 26. The latest vulnerabilities include three critical security vulnerabilities for Windows 8, and one critical security vulnerability for the Surface-based Windows RT operating...

X-Ray 2.0 - VirusTotal frontent version for Suspicious Files Auto Submit

Raymond announce X-Ray 2.0, a program which is frontend for VirusTotal multi scanner. X-Ray will provide users with automatic submission of files that you think are suspicious to 35 Agnitum, Antiy Labs, Avast, AVG, Avira, Bitdefender, QuickHeal, ClamAV, Comodo, Dr.Web, Emsisoft, ESET, F-Prot,...

CVE-2012-4511

services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle MITM attack...

Moderate: Red Hat Security Advisory: libvirt security and bug fix update

Updated libvirt packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Multiple Vulnerabilities in the Cisco WebEx Recording Format Player

The Cisco WebEx Recording Format WRF player contains six buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. The Cisco WebEx WRF Player is an application...

phpMyChat Plus 1.94 RC1 LFI / XSS / RFI / SQL Injection

Exploit Title: phpMyChat Plus v1.94 RC1 Multiple Remote Vulnerabilities Date: 04/10/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://sourceforge.net/projects/phpmychat/ Software Link:...

HTTP Client Automatic Exploiter

This module has three actions. The first and the default is 'WebServer' which uses a combination of client-side and server-side techniques to fingerprint HTTP clients and then automatically exploit them. Next is 'DefangedDetection' which does only the fingerprinting part. Lastly, 'list' simply...