[Watcher] passive Web-security scanner

Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...

Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP opensslx509parse Memory Corruption Vulnerability Release Date: 2013/12/13 Last Modified: 2013/12/13 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHP 4.0.6 - PHP 4.4.9 PHP 5.0.x PHP 5.1.x PHP 5.2.x PHP 5.3....

JVN#69700259: HP Autonomy Ultraseek vulnerable to cross-site scripting

HP Autonomy Ultraseek provided by Hewlett-Packard Development Company, L.P. contains an issue in handling specific character encoding, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's Internet Explorer. Solution Update the Software Update the...

[Sahi] Web Test Automation Tool

Sahi Pro is a powerful tool for automation of web application testing. Sahi Pro helps test web applications across different browsers with high reliability and low maintenance. Existing testing teams with minimal programming knowledge can easily get started and contribute to test automation. Sahi...

Debian Security Advisory DSA 2811-1 (chromium-browser - several vulnerabilities)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6634 Andrey Labunets discovered that the wrong URL was used during validation in the one-click sign on helper. CVE-2013-6635 cloudfuzzer discovered use-after-free issues in the InsertHTML and Indent DOM editing...

nspr, nss security update

CentOS Errata and Security Advisory CESA-2013:1791 Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security...

OpenJDK: JPEGImageReader and JPEGImageWriter missing band size checks (2D, 8013510)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability tha...

JDK: unspecified vulnerability fixed in 7u45 (Deployment)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment...

[Exploit Pack] The most advanced and easy to use tool for pentesters

Exploit Pack is an open source GPLv3 licensed bundle of scripts known as exploits with an easy to use GUI and a SID IDE. It’s built on JAVA and Python, which means it’s easy to customize and works very nicely on any device. Like every software that has an open source license you can patch, extend...

Super 'Stuxnet' Malware development in progress to destroy Iran’s nuclear program

None...

CVE-2013-6820

Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure NWDI allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors...

Unrestricted file upload

Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure NWDI allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors...

[FruityWifi v1.6] the Wireless Network Auditing Tool

FruityWifi is a wireless network auditing tool based in the Wifi Pineapple idea. The application can be installed in any Debian based system. Tested in Debian, Kali Linux, Kali Linux ARM Raspberry Pi, Raspbian Raspberry Pi, Pwnpi Raspberry Pi. With the new version, it is possible to install...

CVE-2013-6820

CVE-2013-6820 describes an unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) that allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors. According to NVD, the issue yields a CVSS v2 ba...

flash-plugin: multiple code execution flaws (APSB13-26)

Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or caus...

JDK: unspecified sandbox bypass (XML)

Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remote attackers to execute arbitrary code via unspecified vectors...

JDK: unspecified sandbox bypass (ORB)

Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to execute arbitrary code via unspecified vectors...

JDK: unspecified sandbox bypass (JVM)

Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors...

OpenJDK: JTable not properly performing certain access checks (Swing, 8013744)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing...

JDK: unspecified sandbox bypass (JVM)

Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors...