DSA-2466-1 rails - cross site scripting

Bulletin has no description...

Magnolia Development Group CSRF / SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

Heycats CMS Cross Site Scripting

Exploit Title : heycats Cms Cross-Site Scripting Vulnerabilities Author : BHG Security Center - IrIsT Security Team Discovered By : Am!r Home : http://Black-hg.Org - http://IrIsT.Ir Software Link : http://www.heycats.com/ Security Risk : High Version : All Version Tested on : GNU/Linux Ubuntu -...

RuggedCom: Dust Hasn't Cleared From Backdoor Account Revelation

The dust still hasn’t cleared from revelations that many of RuggedCom brand networking products contain an easily-exploited back door account, and that it is working on a fix for the problem, according to a statement from Siemens, which recently bought RuggedCom. “We are looking into all aspects ...

Developing and Sharing Tools for Professional Hackers

Professional hackers or security testers tend to write a lot of code. We write exploit code, fuzzers, code to handle esoteric protocols and data structures, unpackers, disassemblers, reversers, parsers, and so much more. We write this code because often what we’re doing is so specific that is...

A CISO's Guide To Application Security – Part 3: Toward an AppSec Center of Excellence

This post is the third in a 4-part series on Application Security, or “AppSec”. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk...

Teen's Arrest Underscores Need for More Secure Web Development

A 15-year-old who claimed he was bored when he turned to hacking was arrested for breaking into almost 260 companies during the first three months of this year, according to a ZDNet article published earlier today. Austria’s Federal Criminal Police Office said the teenager, who used the hacker...

Mozilla Firefox Bootstrapped Addon Social Engineering Code Execution

Mozilla Firefox before version 41 allowed users to install unsigned browser extensions from arbitrary web servers. This module dynamically creates an unsigned .xpi addon file. The resulting bootstrapped Firefox addon is presented to the victim via a web page. The victim's Firefox browser will pop...

Разработка эксплоитов для Linux. Часть 4 – обход ASCII armor и возврат в plt

Автор: sickness Блог автора: Перевод: Gh0St 07.04.2012 Разработка эксплоитов для Linux. Часть 4 – обход ASCII armor и возврат в plt. ПРИМЕЧАНИЕ: Перед чтением данного документа, рекомендуется ознакомиться со следующими работами: Руководство по написанию эксплоитов для Linux. Часть I – переполнени...

Fedora Update for arora FEDORA-2011-14719

Check for the Version of arora OpenVAS Vulnerability Test Fedora Update for arora FEDORA-2011-14719 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

Fedora Update for nss FEDORA-2012-3996

Check for the Version of nss OpenVAS Vulnerability Test Fedora Update for nss FEDORA-2012-3996 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

Fedora 17 : condor-7.7.5-0.2.fc17.2 (2012-3263)

Update to latest development release 7.7.5 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...

Fedora 15 : condor-7.7.5-0.2.fc15 (2012-3363)

Update to latest development release 7.7.5 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...

nginx fix for malformed HTTP responses from upstream servers

Hello, The nginx team has released stable version 1.0.14, and development version 1.1.17 of nginx web server, which include a fix for malformed HTTP responses from upstream servers: http://trac.nginx.org/nginx/changeset/4535/nginx http://trac.nginx.org/nginx/changeset/4531/nginx...

Mozilla Readies Silent Updater with New Versions of Firefox

Mozilla announced this week that it plans to integrate a silent updater in the next build of its flagship browser, Firefox, allowing future patches for Firefox 12 to be downloaded and installed in the background while the browser is running, according to a blog post by Robert Nyman, Mozilla’s...

Online-Development CMS Cross Site Scripting

Exploit Title : Online-Development Cms Cross-Site Scripting Vulnerabilitiy Author : Zarbat.Org & IrIsT.Ir Discovered By : Am!r Home : http://Zarbat.Org/forums/ Software Link : http://www.onlinedevelopment.co.uk/ Security Risk : High Version : All Version Tested on : GNU/Linux Ubuntu - Windows...

Moderate: Red Hat Security Advisory: java-1.4.2-ibm-sap security update

Updated java-1.4.2-ibm-sap packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5 and 6 for SAP. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Sandcat Browser 2.0 Released - Penetration Testing Oriented Browser

Sandcat Browser 2.0 Released, Penetration Testing Oriented Browser Sandcat Browser version 2.0 includes several user interface and experience improvements, an improved extension system, RudraScript support and new extensions. What is Sandcat Browser? The fastest web browser combined with the...

Mobile Apps Space A 'Wild West' For Enterprises

SAN FRANCISCO – Companies that are hoping to catch a ride on the mobile wave should pay close attention to the application development firms they choose to work with, unless they want to be saddled with a buggy and insecure albatross bearing their corporate logo, a leading application security...

[SECURITY] Fedora 16 Update: systemtap-1.7-2.fc16

SystemTap is an instrumentation system for systems running Linux. Developers can write instrumentation scripts to collect data on the operation of the system. The base systemtap package contains/requires the components needed to locally develop and execute systemtap scripts...