Apache mod_cgi - Remote Exploit (Shellshock)

No description provided by source. ! /usr/bin/env python from socket import from threading import Thread import thread, time, httplib, urllib, sys stop = False proxyhost = "" proxyport = 0 def usage: print """ Shellshock apache modcgi remote exploit Usage: ./exploit.py var=value Vars: rhost: vict...

Fedora 20 : subversion-1.8.10-1.fc20 (2014-9636)

This update includes the latest stable release of Apache Subversion, version 1.8.10. Client-side bugfixes: - guard against md5 hash collisions when finding cached credentials - raserf: properly match wildcards in SSL certs. - raserf: ignore the CommonName in SSL certs where there are Subject Alt...

OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB...

A vulnerability can lead to getting letv network-vulnerability warning-the black bar safety net

Improperly configured directly execute the command, you can endanger the entire network system, due to the vulnerability of IP is not a binding domain, that is not. letv.com and all the test say is with the domain name, without a domain name is not received, so sobug does not recognize this...

Polymorphic Bindport 31337 with setreuid (0,0) linux/x86

No description provided by source. / Title : Polymorphic shellcode that bindport to 31337 with setreuid 0,0 x86 linux shellcode. Name : 131 bytes bind port 31337 x86 linux polymorphic shellcode. Date : Sat Jun 17 21:27:03 2010 Author : gunslinger yudha.gunslingeratgmail.com Web :...

Serial port shell binding, busybox Launching shellcode

No description provided by source. / General: Serial port shell binding, busybox launching shellcode.. yey! Specific: really wish i could tell you what i needed this for.. but meh.. this will bind a busybox sh shell to /dev/ttyS0, the shellcode does not alter the baudrate settings.. 9600 is the...

ghttpd 1.4.x Log() Function Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5960/info A buffer overflow has been reported in ghttpd which will allow arbitrary code to be executed with the privileges of the webserver. The overflow occurs when the argument to a 'GET' request is of excessive length...

CylantSecure 1.0 Kernel Module Syscall Rerouting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2958/info CylantSecure is a commercial Linux hardening tool and security infrastructure available from Cylant Technology. A problem in the CylantSecure infrastructure could allow users to escape monitoring. A user with ro...

TildeSlash Monit 1-4 Authentication Handling Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10581/info It is reported that TildeSlash Monit is vulnerable to a buffer overflow vulnerability during authentication handling. This issue arises due to a failure of the affected application to properly handle...

Linux Kernel 2.6.x - IPV6 Local Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15156/info Linux Kernel is reported prone to a local denial-of-service vulnerability. This issue arises from an infinite loop when binding IPv6 UDP ports. / Linux kernel IPv6 UDP port selection infinite loop local denial ...

Internet Explorer Data Binding Memory Corruption

No description provided by source. $Id: ms08078xmlcorruption.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and ter...

openSUSE Security Update : seamonkey (seamonkey-5804)

SeaMonkey was updated to 2.7.1 to fix critical bugs and security issue. Following security issue was fixed: CVE-2012-0452: Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, wh...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-5799)

MozillaFirefox was updated to 10.0.1 to fix critical bugs and security issue. Following security issue was fixed: CVE-2012-0452: Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this...

OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB...

OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB...

[SECURITY] Fedora 19 Update: php-ZendFramework2-2.2.7-1.fc19

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...

USN-2217-1: lxml vulnerability

It was discovered that the lxml.html.clean module incorrectly stripped control characters. An attacked could potentially exploit this to conduct cross-site scripting XSS attacks...

OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB...

OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB...

Mozilla: Buffer overflow when using non-XBL object as XBL (MFSA 2014-38)

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of...