Mageia: Security Advisory (MGASA-2014-0413)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

HackerOne: Indexing of urls on the "External link warning" pages discloses many vulnerable endpoints from the past and unlisted videos/photos

@nagli found a misconfiguration in an interstitial page that could lead to a link to be indexed by a 3rd party. This could have exposed links to proof of concepts that HackerOne users had posted on hackerone.com. This affected a specific set of customers, which HackerOne worked together with to...

Cross-site request forgery in Django

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

TP-Link TL-WR841N V13 Cross Site Request Forgery

Vulnerability: Cross-Site Request Forgery Affected Software: TP-Link TL-WR841N v13 Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n Patched Version: None Risk: High Vendor Contacted: 05/20/2018 Vendor Fix: None Public Disclosure: 06/27/2018 Overview The web interface of the router is...

Cross-Site Request Forgery (CSRF)

Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...

CSRF Protection Bypass in Ruby on Rails

Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...

Phoenix Exploit Kit - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Phoenix Exploit Kit Remote Code Execution', 'Description' = %q This module exploits a Remote Code Execution in the web panel of...

Phoenix Exploit Kit - Remote Code Execution (Metasploit)

Exploit for php platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Phoenix Exploit Kit Remote Code Execution', 'Description' = %q This module...

Phoenix Exploit Kit Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Phoenix Exploit Kit Remote Code Execution', 'Description' = %q This module exploits a Remote Code Execution in the web panel of...

Phoenix Exploit Kit Remote Code Execution

This module exploits a Remote Code Execution in the web panel of Phoenix Exploit Kit via geoip.php. The Phoenix Exploit Kit is a popular commercial crimeware tool that probes the browser of the visitor for the presence of outdated and insecure versions of browser plugins like Java and Adobe Flash...

DarkBot Malware Circulation very fast via Skype

Two weeks back we reported that Security firm Trend Micro discovered a worm targeting Skype users with spam messages designed to infect machines with the Dorkbot ransomware has been discovered. This malware is spreading through a question/ phrase sent to the users by someone and the question is:...

Chorus Grows Louder to Disable Java 7 After Exploit Hits Mainstream

More security researchers are recommending users disable the current version of Java after zero-day exploits gained traction in the Web world. Patrick Runald, director of security research for Websense, told PC World today that his team had uncovered more than 100 infected domains – a figure...

Fedora 16 : kdepim-4.8.4-4.fc16 (2012-10411)

kmail security patch to disable java, JavaScript, browser plugins in html mail by default. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

ZDI-11-174: Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability

ZDI-11-174: Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-174 June 6, 2011 -- CVE ID: CVE-2011-1701 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Novell -- Affected Products: Novell iPrint --...

ZDI-11-173: Novell iPrint nipplib.dll profile-time Remote Code Execution Vulnerability

ZDI-11-173: Novell iPrint nipplib.dll profile-time Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-173 June 6, 2011 -- CVE ID: CVE-2011-1700 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Novell -- Affected Products: Novell iPrint --...

Novell iPrint Client < 5.64 Multiple Vulnerabilities

The version of Novell iPrint Client installed on the remote host is prior to 5.64. It is, therefore, affected by one or more of the following vulnerabilities in the nipplib.dll component, as used by both types of browser plugins, that can allow for arbitrary code execution : - The uri parameter...

Novell iPrint Client < 5.64 Multiple Vulnerabilities

Binary data 5942.prm...

Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib componen...

Novell iPrint nipplib.dll client-file-name Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib componen...

Novell iPrint nipplib.dll driver-version Remote Code Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib componen...