DB2 Trace Enabled

Binary data 5366.prm...

Microsoft SQL Server Native Auditing Enabled

Binary data 5384.prm...

[SECURITY] Fedora 13 Update: nss-3.12.6-1.2.fc13

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

PT-2010-1086 · Openssl +2 · Openssl +2

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 0.9.8n OpenSSL versions prior to 1.0.0e Description: The issue is related to the kssl keytab is available function in OpenSSL, which, when Kerberos is enabled but Kerberos configuration files cannot be opened, does n...

GIT gitweb git_snapshot / git_object Shell Metacharacter Arbitrary Command Execution

The version of gitweb, a web-enabled interface to the open source distributed version control system Git, hosted on the remote web server fails to sanitize user-supplied input to the 'gitweb.cgi' script of shell metacharacters before passing it to a shell. An unauthenticated, remote attacker can...

CURL-CVE-2010-0734 data callback excessive length

When downloading data, libcurl hands it over to the application using a callback that is registered by the client software. libcurl then calls that function repeatedly with data until the transfer is complete. The callback is documented to receive a maximum data size of 16K CURLMAXWRITESIZE. Usin...

HTTP WebDAV Scanner

Detect webservers with WebDAV enabled This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP WebDAV Scanner', 'Description' = 'Detect webservers with WebDAV enabled', 'Author' = 'et', 'License' =...

BIND upstream fix for CVE-2009-4022 is incomplete

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query a...

K-Rate SQL Injection

K-Rate SQL Injection Vulnerability By: e.wiZz! Script site:http://turn-k.net/k-rate In the wild... Vulnerability: SQL Injection in view.php,variable username. Anyway, all sites i saw which are powered by this script are hosted on Apache,and have a modrewrite enabled,so you need to try this:...

Design/Logic Flaw

Feature Pack for Communications Enabled Applications CEA before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value...

Apache 列目录

No description provided by source...

SSL Certificate Expiry - Future Validity

The SSL certificate for the remote SSL-enabled service is not yet valid. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid42980; scriptversion "$Revision: 1.8 $"; scriptcvsdate"$Date: 2012/04/02 16:34:10 $"; scriptnameenglish:"SSL Certificate Expiry - Future Validity";...

DEBIAN-CVE-2009-4022

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive...

Error messages can leak onto unrelated sites – Opera Security Advisories

Scripting error messages are normally available only to the page that caused the error. In some cases, the error messages could be passed to other sites as the contents of unrelated variables, and may contain sensitive information. If those sites write the content into the page markup, this could...

iPhone, Android, Others Get Man in the Middle Treatment

Security researchers have released a paper detailing successful man-in-the-middle attacks against several smartphones. The SSL enabled log in sessions on the tested, Nokia N95, HTC Tilt, Android G1 and iPhone 3GS devices was sniffed using the publicly available SSLstrip tool, with the attack taki...

DEBIAN-CVE-2009-3617

Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service application crash via format string specifiers in a download URI. NOTE: som...

Adobe ShockWave Player 11.5.1.601 Stack Overflow

Application: Adobe ShockWave Player 11.5.1.601 Platforms: Windows XP Professional French SP2 and SP3 crash: IE 6.0.2900.2180 Exploitation: remote DoS Date: 2009-08-24 Author: Francis Provencher Protek Research Lab's 1 Introduction 2 Technical details and bug 3 The Code =============== 1...

Adobe Flash Patch Guidance Working, Kinda

Mozilla’s move to nudge Firefox users into updating the browser’s Flash Player plug-in has been a phenomenal success with about 10 million users clicking through to the Web page with Adobe’s patch. Mozilla released some brief statistics to track the success of its new program, which serves up a...

Adobe Shockwave Player 11.5.1.601 Buffer Overflow

Application: Adobe ShockWave Player 11.5.1.601 Platforms: Windows XP Professional French SP2 and SP3 crash: IE 6.0.2900.2180 Exploitation: remote DoS Date: 2009-08-24 Author: Francis Provencher Protek Research Lab's 1 Introduction 2 Technical details and bug 3 The Code =============== 1...

DEBIAN-CVE-2009-2957

Heap-based buffer overflow in the tftprequest function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read aka RRQ request...