744 matches found
WordPress "WP Cycle Playlist" PLUGIN Multiple Vulnerabilities
Exploit for php platform in category web applications IN THE NAME OF ALLAH BY ASHIYANE DIGITAL SECURITY TEAM TITLE: WORDPRESS "WP Cycle Playlist" PLUGIN Multiple Vulnerabilities DORK : allinurl:wp-cycle-playlist/admin/ 1. REMOTE FILE UPLOAD ......... GO TO .../ADMIN/UPLOAD.PHP FOR UPLOADING SHELL...
Adobe Plans Critical Security Updates for Reader, Acrobat Next Week
Adobe said on Friday that it will issue critical fixes for its popular Reader and Acrobat products on Tuesday, January 10. The company said it is planning to release updates for Adobe Reader and Acrobat versions X and earlier for both the Windows and Macintosh platforms to fix a slew of critical...
Mozilla Pushes Firefox 5, Do Not Track Feature, New Development Cycle
With the release of Firefox 5 earlier this week, Mozilla has finally added its Do Not Track privacy feature to the company’s flagship browser. The feature, aimed at customizing how users browsing behavior is tracked is the first of its kind that can be implemented across multiple platforms,...
Report: Application Security Still Mostly Sucks
The third State of Software Security SOSS report finds that software developers are still doing a poor job of making applications secure. Application testing firm Veracode, which compiled the report, found that 58% of almost 5,000 applications failing a security audit on the first pass – about th...
MS10-087 Microsoft Word RTF pFragments Stack Buffer Overflow (File Format)
This module exploits a stack-based buffer overflow in the handling of the 'pFragments' shape property within the Microsoft Word RTF parser. All versions of Microsoft Office 2010, 2007, 2003, and XP prior to the release of the MS10-087 bulletin are vulnerable. This module does not attempt to explo...
Professional Penetration Testing Guide
Here is the another good book in the field of penetration testing. Unlike other books which aims only at the technical aspects of Penetration testing, this one explains every step involved in the making of a Professional Pentester. Rather than just teaching how to use the existing tools, it does...
Adobe Readies Patch for Critical Reader, Acrobat Flaws
Adobe Inc. said on Friday that it is planning to release an out-of-cycle update to fix critical security holes in its Reader and Acrobat products, including a fix for a newly disclosed hole that is already being exploited in the wild. In a post on the company’s Product Security Incident Response...
HP Systems Insight Dynamics Detection
HP Systems Insight Dynamics is a infrastructure life cycle management suite that allows you to adjust, provision, and modify many different aspects of infrastructure. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid50540; scriptversion"1.9"; scriptcvsdate"Date:...
Unofficial Patch Released for Adobe Reader Bug
As users await the Oct. 4 release of a patch for the CoolType.dll vulnerability in Adobe Reader, a software and security company has published an unofficial patch for the bug that essentially replaces the vulnerable DLL with a patched one. The patch was published Wednesday by RamzAfzar, a softwar...
Adobe to Issue Emergency Fixes for Reader and Acrobat
Adobe on Thursday will release a fix for a recently publicized critical flaw in its Reader and Acrobat applications. The patches are emergency, out-of-cycle fixes. The vulnerability in Reader and Acrobat was disclosed at the Black Hat conference last month by researcher Charlie Miller during his...
This Week In Security: Privacy, RedPhone and Adobe
In case you needed any reminders that privacy is one of the more pressing problems on the Web right now, this week’s news provided plenty of them. Along with stories of Facebook’s continued privacy missteps, this week gave us the gift of Google letting users install some Google code to opt out of...
Microsoft to Share Vulnerability Details with Governments
Microsoft today announced plans to share pre-patch details on software vulnerabilities with governments around the world under a new program aimed at securing critical infrastructure and government assets from hacker attacks. The program, codenamed Omega, features a Defensive Information Sharing...
Java Zero-Day Attacks In The Wild
Just days after Google researcher Tavis Ormandy released details on a dangerous new Java vulnerability, malicious hackers have pounced and are exploiting the flaw in the wild to launch drive-by download attacks. Virus hunters have spotted the attacks on a popular song lyrics Web site. Any visitor...
The Cadence of Microsoft Security Patches
By Andrew Storms Every month, like clockwork, Microsoft releases security bulletins and every month people ask me if it’s small or a big release. While the exact details of the patches are generally treated as news, the expected workload each month really shouldn’t be a guessing game because...
RedHat Security Advisory RHSA-2009:0297
The remote host is missing updates announced in advisory RHSA-2009:0297. In accordance with the Red Hat Enterprise Linux Errata Support Policy, the 7 years life-cycle of Red Hat Enterprise Linux 2.1 will end on May 31 2009. After that date, Red Hat will discontinue the technical support services,...
Microsoft Security Bulletin MS08-002 – Important Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)
Microsoft Security Bulletin MS08-002 – Important Vulnerability in LSASS Could Allow Local Elevation of Privilege 943485 Published: January 8, 2008 Version: 1.0 General Information Executive Summary This important update resolves a privately reported vulnerability in Microsoft Windows Local Securi...
Skillfully crack open someone ASP Trojan password method-vulnerability warning-the black bar safety net
Crack the objective: to crack a encrypted Asp Trojan login password. Since the Trojan there is no version described, specific also don't know what this Trojan is called what name. Crack idea: the two, with the encrypted password replaces the ciphertext and use the ciphertext and the encryption...
CISCO as5350 crashes with nmap connect scan
I have managed to "reduplicate" at least five times the following scenario with a cisco as5250, with firmwrare 12.2 11t release firmware of cisco: nmap -dinsane -p 1-65535 ip.of.as5350 This causes a "hard" lockup, and the device must be powered off in order to have functionality restored to it...
Marconi ASX-1000 - Administration Denial of Service
Marconi ASX-1000 - Administration Denial of Service // source: https://www.securityfocus.com/bid/2400/info ASX-1000 Switches are hardware packages developed by Marconi Corporation. ASX-1000 Switches can be used to regulate ATM networks, performing layer-3 switching. A problem with the switch coul...
Security Advisory: Cisco Catalyst Memory Leak Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Cisco Catalyst Memory Leak Vulnerability Revision 1.0 For Release 2000 December 6 08:00 AM US/Pacific UTC+0700 Summary A series of failed telnet authentication attempts to the switch can cause the Catalyst Switch to fail to pass traffic or accept management...