glibc, nscd security update

CentOS Errata and Security Advisory CESA-2012:1097 Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CV...

CVE-2011-4940

The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...

KeePass Password Safe 1.22 - Encoding Filter Vulnerability

Document Title: =============== KeePass Password Safe 1.22 - Encoding Filter Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=615 Release Date: ============= 2012-06-24 Vulnerability Laboratory ID VL-ID: ====================================...

KeePass Password Safe 1.22 - Encoding Filter Vulnerability

Document Title: =============== KeePass Password Safe 1.22 - Encoding Filter Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=615 Release Date: ============= 2012-06-23 Vulnerability Laboratory ID VL-ID: ====================================...

Windows Manage PowerShell Download and/or Execute

This module will download and execute a PowerShell script over a meterpreter session. The user may also enter text substitutions to be made in memory before execution. Setting VERBOSE to true will output both the script prior to execution and the results. This module requires Metasploit:...

Mozilla Products Multiple Vulnerabilities (May 2012) - Mac OS X

Mozilla Firefox/Thunderbird/Seamonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for cherokee FEDORA-2011-12657

Check for the Version of cherokee OpenVAS Vulnerability Test Fedora Update for cherokee FEDORA-2011-12657 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CVE-2011-3058

Google Chrome pre-18.0.1025.142 has a vulnerability where improper handling of EUC-JP encoding can permit remote cross-site scripting (XSS) via unspecified vectors. The description specifies the affected version range and the exploit could be triggered remotely through EUC-JP-encoded inputs, lead...

Yealink VOIP Phone persistent cross-site scripting flaws and fixes-vulnerability warning-the black bar safety net

Title: Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability Product: Yealink Easy VOIP Phone Development website: http://www.yealink.com/ Author: Narendra Shinde =================================================== Developer description: --------------------------- Yealink is the...

Yealink VOIP Phone Cross Site Scripting

============================================================== Secur-I Research Group Security Advisory SV-2012-005 ============================================================== Title: Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability Product: Yealink Easy VOIP Phone Homepage:...

Debian: Security Advisory (DSA-2341-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1254-1: Thunderbird vulnerabilities

It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Thunderbird 3.1. An attacker could potentially exploit a user who had installed an add-on that used loadSubscript in vulnerable ways. CVE-2011-3647 Yosuke Hasegawa discovered that the...

Ubuntu 11.04 / 11.10 : mozvoikko, ubufox update (USN-1277-2)

USN-1277-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 8. Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the u...

Fedora Update for cherokee FEDORA-2011-14634

Check for the Version of cherokee OpenVAS Vulnerability Test Fedora Update for cherokee FEDORA-2011-14634 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Mozilla Products XSS and Memory Corruption Vulnerabilities - Mac OS X

Mozilla Firefox/Thunderbird is prone to cross site scripting and memory corruption vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

WordPress AdRotate plugin <= 3.6.6 SQL Injection

Exploit for php platform in category web applications Exploit Title: WordPress AdRotate plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0" encoded=echo -n "1' AND 1=IF21,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0" | base64 -w 0 curl...

Ubuntu 10.04 LTS / 10.10 : firefox, xulrunner-1.9.2 vulnerabilities (USN-1251-1)

It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Firefox 3.6. An attacker could potentially exploit Firefox when an add-on was installed that used loadSubscript in vulnerable ways. CVE-2011-3647 Yosuke Hasegawa discovered that the Mozill...

Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Adobe handl...

Encipher It : Easiest Browser based Advanced Encryption Tools [Video Demonstration]

Encipher It : Easiest Browser based Advanced Encryption Tools Video Demonstration "Encipher It" One of the best and easiest AES Text encryptor for Google Mail or anything else. It Provide more secure PBKDF2 Password-Based Key Derivation Function key generation. It use Advanced Encryption Standard...

[SECURITY] Fedora 15 Update: cherokee-1.2.99-1.fc15

Cherokee is a very fast, flexible and easy to configure Web Server. It supp orts the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, TLS and SSL encrypted connections, Virtual hosts, Authentication, on the fly encoding, Apache compatible log files, and much more...