OracleVM 3.3 : net-snmp (OVMSA-2015-0099)

The remote OracleVM system is missing necessary patches to address critical security updates : - Add Oracle ACFS to hrStorage John Haxby orabug 18510373 - Quicker loading of IP-MIB::ipAddrTable 1191393 - Quicker loading of IP-MIB::ipAddressTable 1191393 - Fixed snmptrapd crash when '-OQ' paramete...

JVN#67540183: Simple Oekaki BBS vulnerable to cross-site scripting

Simple Oekaki BBS provided by LEMON-S PHP contains a persistent cross-site scripting CWE-79 vulnerability due to the processing of oekakis parameter in index.php. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version...

WordPress Albo Pretorio Online 3.2 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Albo Pretorio Online 3.2 Multiple Vulnerabilities Google Dork: inurl:/?action=visatto Date: 09/06/2015 Exploit Author: Alessandro Cingolani Vendor Homepage: http://plugin.sisviluppo.info/ Software Link:...

Critical DoS Bug in Node.js, io.js Patched

Developers at Node.js over the weekend released a critical update to the open source runtime environment that addresses a bug that could be used to cause denial of service attacks. The JavaScript framework is used in one way or another by a handful of companies, including Netflix, PayPal, the New...

Hacking Team Couldn't Hack Your iPhone

More than 36 hours after the huge cache of data from Hacking Team’s corporate network was dumped online, researchers are continuing to find surprising bits and pieces in the documents. Among them is evidence that the company had an enterprise developer certificate from Apple, allowing it to devel...

Windows shell: Babun

Would you like to use a linux-like console on a Windows host without a lot of fuzz? Try out babun! Installation Just download the dist file from http://babun.github.io , unzip it and run the install.bat script. After a few minutes babun starts automatically. The application will be installed to t...

[SECURITY] [DLA 266-1] libxml2 security update

Package : libxml2 Version : 2.7.8.dfsg-2+squeeze12 CVE ID : CVE-2015-1819 Debian Bug : 782782 782985 783010 This upload to Debian squeeze-lts fixes three issues found in the libxml2 package. 1 CVE-2015-1819 / 782782 Florian Weimer from Red Hat reported an issue against libxml2, where a parser whi...

WordPress Plugin Albo Pretorio Online 3.2 - Multiple Vulnerabilities

WordPress Plugin Albo Pretorio Online 3.2 - Multiple Vulnerabilities Exploit Title: Albo Pretorio Online 3.2 Multiple Vulnerabilities Google Dork: inurl:/?action=visatto Date: 09/06/2015 Exploit Author: Alessandro Cingolani Vendor Homepage: http://plugin.sisviluppo.info/ Software Link:...

WordPress Plugin Albo Pretorio Online 3.2 - Multiple Vulnerabilities

Exploit Title: Albo Pretorio Online 3.2 Multiple Vulnerabilities Google Dork: inurl:/?action=visatto Date: 09/06/2015 Exploit Author: Alessandro Cingolani Vendor Homepage: http://plugin.sisviluppo.info/ Software Link: https://downloads.wordpress.org/plugin/albo-pretorio-on-line.3.2.zip Version: 3...

JVN#77386811: Explorer+ File Manager vulnerable to directory traversal

Explorer+ File Manager provided by Droidware UK contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has...

Mind Blowing Radar-based Gesture Recognition Technology for Everything

Since it introduced at the annual Google I/O conference, Project Soli has been trending on the Internet. Project Soli is one of Google's latest cutting-edge experiments that could actually transform the way humans interact with technology. Project Soli is not a wearable watch you might think it i...

Joombri Freelance, pre 1.6.5, SQLi

JoomBri freelance extension pre 1.6.5. suffers major sqli exploit. No contact from developer, Notified by Ruth Cheesley...

TYPO3 Developer Log Extension SQL Injection Vulnerability

TYPO3 is a free and open source content management system, and Developer Log is one of the log extension plugins. A SQL injection vulnerability exists in the TYPO3 Developer Log extension, which allows remote attackers to exploit the vulnerability to submit specially crafted SQL queries to...

CVE-2015-4613

SQL injection vulnerability in the backend module in the Developer Log devlog extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in the backend module in the Developer Log devlog extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors...

CVE-2015-4613

SQL injection vulnerability in the backend module in the Developer Log devlog extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors...

Ruby on Rails 4.0.x/4.1.x/4.2.x (Web Console v2) - Whitelist Bypass Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Ruby on Rails Web Console v2 Whitelist Bypass Code Execution', 'Description' = %q This module exploits an IP whitelist bypass...

Crouton - Chromium OS Universal Chroot Environment

crouton is a set of scripts that bundle up into an easy-to-use, Chromium OS-centric chroot generator. Currently Ubuntu and Debian are supported using debootstrap behind the scenes, but "Chromium OS Debian, Ubuntu, and Probably Other Distros Eventually Chroot Environment" doesn't acronymize as wel...

chicken -- Potential buffer overrun in string-translate*

chicken developer Peter Bex reports: Using gcc's Address Sanitizer, it was discovered that the string-translate procedure from the data-structures unit can scan beyond the input string's length up to the length of the source strings in the map that's passed to string-translate. This issue was fix...

JVN#05559185: MilkyStep vulnerable to OS command injection

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by an attacker. Solution Update the Software Update to the latest version according to the...