427 matches found
US CERT Warns on VxWorks Flaws
The U.S. Computer Emergency Readiness Team has issued two warnings on flaws in the embedded systems’ OS technology VxWorks as discovered by researcher HD Moore. One flaw deals with weakness in the hashing algorithm of the API authentication; The second regards debug settings being enabled by...
firefox security update
firefox: 3.6.7-2.0.1.el5 - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat ones 3.6.7-2 - Update to 3.6.7 beta2 3.6.7-1 - Update to 3.6.7 3.6.4-9 - Fixed rhbz531159 - default browser check xulrunner: 1.9.2.7-2.0.1.el5 - Added...
Fotos
En la izquierda está el default. Usted quiere apagar Todos. Y cambiar Redes de manera que ninguna de sus redes tenga permiso automático a menos que usted específicamente lo desee, como viejas fotos escolares. Después decida si desea Amigos de Amigos, etc., o para personalizar, seleccione Algunos...
Nautilus File Manager Proof Of Concept
According to the GNOME documentations, the file manager Nautilus is able to display a preview of most of the files. My Proof Of Concept works using the default settings. tested on VirtualBox: Ubuntu, 2.6.28-17-generic, GNOME, Nautilus 2.26.2 ++++ BEGIN BASE64 CONTENT ++++...
GNOME Nautilus
According to the GNOME documentations, the file manager Nautilus is able to display a preview of most of the files. ref: http://library.gnome.org/users/user-guide/stable/gosnautilus-60.html.en This is a Proof Of Concept, it works using the default settings Local Files Only checked. ++++ BEGIN...
acroread: script injection vulnerability (APSB10-02)
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data...
TinyBrowser (TinyMCE Editor File browser) 1.41.6 - Multiple Vulnerabilities
TinyBrowser TinyMCE Editor File browser 1.41.6 - Multiple Vulnerabilities ============================================================================== TinyBrowser TinyMCE Editor File browser 1.41.6 - Multiple Vulnerabilities...
CVE-2009-2213
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access...
IE default settings exposes Intranet to attacks
From DarkReading Kelly Jackson Higgins Internet Explorer 7 and 8’s default security settings can be unsafe for internal, intranet-based Web applications, according to newly published research. Cesar Cerrudo, founder and CEO of Argennis, a security consulting firm in Argentina, has demonstrated th...
Belkin F5D8233-4 Wireless N Router (Multiple Scripts) - Authentication Bypass
Belkin F5D8233-4 Wireless N Router Multiple Scripts - Authentication Bypass source: https://www.securityfocus.com/bid/32275/info The Belkin F5D8233-4 Wireless N Router is prone to multiple vulnerabilities because of a lack of authentication when users access specific administration scripts...
zubrag-upload.txt
//Title - Zubrag Uploader 1.0 Arbitrary Shell Upload Vulnerability //Vendor - zubrag.com/scripts/file-upload-form.php //Version - 1.0 //Status - vendor has been notified //Author - Dentrasi //Description It is possible to upload a php script to the remote site. The script attempts to hide the...
Cacti: SQL injection vulnerability
Background Cacti is a complete web-based front end to rrdtool. Description Cacti is vulnerable to a SQL injection attack where an attacker may inject SQL into the Username field. Impact An attacker could compromise the Cacti service and potentially execute programs with the permissions of the use...
TREND MICRO: The Protector Becomes The Vector Take II
Monday, June 07, 2004 !-- 1. When the product alerts it creates an html file in the temporary file of the user's machine the so-called "local zone" screen shot: http://www.malware.com/weallcar.png 29KB This html file is viewed from an Internet Explorer "browser object" and indicates what file is...
PHP setting leaks from .htaccess files on virtual hosts
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description If the server configuration "php.ini" file has "registerglobals = on" and a request is made to one virtual host which has "phpadminflag...
CVE-2003-0983
Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via 1 a "bubba" local user account, 2 an open TCP port 34571, or 3 when a local DHCP server is unavailable, a...
CVE-2003-1346
D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager...
CVE-2003-0983
Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, enabling unauthorized activity via (1) a local user account named “bubba,” (2) an open TCP port 34571, or (3) a DHCP server on the manufacturer’s test network when a local DHCP server i...
CVE-2003-0983
Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via 1 a "bubba" local user account, 2 an open TCP port 34571, or 3 when a local DHCP server is unavailable, a...
Unauthorized access via Xerox DocuTech
Default system settings and admin password...
Beck GmbH IPC@Chip FtpD allows an attacker to gain access to the device
Overview There is a vulnerability in the Beck IPC@CHIP that allows an attacker to gain access to the device. Description The Beck IPC@CHIP is a single chip embedded webserver. This device also contains an ftp server that is configured by default to allow anonymous access. Additionally, the device...