PT-2012-1072 · Gnu +3 · Gimp +3

Name of the Vulnerable Software and Affected Versions: gimp-libs version 2.6.9 gimp-devel-tools version 2.6.9 gimp-help-browser version 2.6.9 gimp-devel version 2.6.9 gimp-debuginfo version 2.6.9 gimp version 2.6.9 gimp version 2.8.x and earlier Description: The issue concerns multiple...

Hastymail2 Webmail 1.1 RC2 Stored XSS

Exploit for php platform in category web applications !/usr/bin/python ''' Exploit Title: Hastymail2 Webmail Stored XSS Date: 17/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.hastymail.org Software Link: http://sourceforge.net/projects/hastymail/files/latest/download...

IBM Rational ClearQuest Installed

IBM Rational ClearQuest, change management software for development, is installed on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid61564; scriptversion"1.7"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/10";...

Fedora Update for Django FEDORA-2012-11416

Check for the Version of Django OpenVAS Vulnerability Test Fedora Update for Django FEDORA-2012-11416 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

[SECURITY] Fedora 16 Update: Django-1.3.2-1.fc16

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 17 Update: Django-1.4.1-1.fc17

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Kamads classifieds V2 admin Disclosure / AuthBypass exploit

Exploit for php platform in category web applications \n"; print "\nex...........: php $argv0 http://www.target.com/V2AXHTML/admin/admin.php\n"; die; else $ch = curlinit; curlsetopt$ch,CURLOPTURL,"$argv1"; $op1 = curlsetopt$ch,CURLOPTRETURNTRANSFER,true; curlsetopt$ch,CURLOPTUSERAGENT,"Mozilla/4....

Microsoft Releases Attack Surface Analyzer Tool

Microsoft has released a public version of its internal Attack Surface Analyzer tool, which helps organizations identify changes to a system’s attack surface as new applications are added. The tool has been in beta for a few months, but this is the first official release. The Attack Surface...

[SECURITY] Fedora 16 Update: php-5.3.15-1.fc16

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Apple Xcode IDE Detection (Mac OS X)

The remote Mac OS X host has Apple Xcode installed. Xcode is a development environment for creating applications that will run on Apple products. TRUSTED...

Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64

CVE-2009-3555 TLS: MITM attacks via session renegotiation CVE-2010-0082 OpenJDK Loader-constraint table allows arrays instead of only the base-classes 6626217 CVE-2010-0084 OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. 6633872 CVE-2010-0085 OpenJDK File TOCTOU deserialization...

Duvys Media web design and development file upload

Exploit for php platform in category web applications Exploit Title: duvys media web design and development file upload Date: 01.08.2012 Author: DzErRoR Category:: webapps.. Google dork: intext:Website by Duvys Media: Tested on: win7 Demo sites: http://omnirehab.com/...

Scientific Linux Security Update : nss, nss-util, and nspr on SL6.x i386/x86_64 (20120620)

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authori...

Scientific Linux Security Update : java-1.6.0-sun on SL5.x i386/x86_64 (BEAST)

The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on th...

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user...

Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64 (20120214)

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could u...

CentOS Update for nspr CESA-2012:1091 centos6

Check for the Version of nspr OpenVAS Vulnerability Test CentOS Update for nspr CESA-2012:1091 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CentOS Update for java CESA-2011:1380 centos5 x86_64

Check for the Version of java OpenVAS Vulnerability Test CentOS Update for java CESA-2011:1380 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Apple XCode 4.x 信息泄露漏洞

BUGTRAQ ID: 54679 CVE ID: CVE-2012-3698,CVE-2011-3389 Xcode是苹果机器上所使用的开发工具。 Apple Xcode 4.4之前版本在实现上存在安全漏洞，可被恶意用户利用泄露敏感信息，劫持用户会话，绕过某些安全限制。 1） SSL 3.0和TLS 1.0协议的实现中存在设计错误。 2） DR实现中的错误可允许App Store应用访问用Xcode构建的Helper工具中的密钥链项目。 0 Apple XCode 4.x 厂商补丁： Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

p5-RT-Authen-ExternalAuth -- privilege escalation

The RT development team reports: RT::Authen::ExternalAuth 0.10 and below for all versions of RT are vulnerable to an escalation of privilege attack where the URL of a RSS feed of the user can be used to acquire a fully logged-in session as that user. CVE-2012-2770 has been assigned to this...