CVE-2013-4465

The CVE-2013-4465 issue affects Simple Machines Forum (SMF) prior to versions 2.0.6 and 2.1, where the avatar upload functionality permits an unrestricted file upload. The root cause is that an uploaded file with an executable extension can be stored and later retrieved via a direct request to a ...

Threat Outbreak Alert: Email Messages with Malicious Attachments on December 24, 2013

Medium Alert ID: 31483 First Published: 2013 October 24 17:34 GMT Last Updated: 2013 December 24 16:39 GMT Version: 14 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an attachment for the recipient. The text in the email message...

ARRIS DG860A - NVRAM Backup Password Disclosure

ARRIS DG860A - NVRAM Backup Password Disclosure ! /usr/bin/env ruby ARRIS DG860A NVRAM Backup 'Compressor/Decompressor', it really does xor? Gleaned from scmix executable in firmware dump. Backup file is world readable without authentication and contains password information in plain text...

Threat Outbreak Alert: Fake Bank Swift Payment Notification Email Messages on October 8, 2013

Medium Alert ID: 31173 First Published: 2013 October 9 15:28 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claims to contain a bank payment information for the recipient. The text in the email message attempts to convince the recipient...

Apache OpenJPA code execution

User-controlled data it stored in local executable file...

Unrestricted file upload

Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/wpdb/...

Threat Outbreak Alert: Fake Purchase Order Invoice Request Email Messages on September 29, 2013

Medium Alert ID: 31021 First Published: 2013 September 30 14:29 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a purchase order notification for the recipient. The text in the email message attempts to convince the...

Threat Outbreak Alert: Fake Product Quote Request Email Messages on June 5, 2014

Medium Alert ID: 31005 First Published: 2013 September 28 05:39 GMT Last Updated: 2014 June 6 12:40 GMT Version: 4 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a product quote request for the recipient. The text in the email message...

Threat Outbreak Alert: Fake Portuguese Product Price Inquiry Email Messages on September 25, 2013

Medium Alert ID: 30975 First Published: 2013 September 25 15:40 GMT Version: 1 Summary Cisco Security has detected significant activity related Portuguese-language spam email messages that claim to contain a product price inquiry notification for the recipient. The text in the email message...

PT-2013-5454 · Esri · Esri Arcgis For Server

Name of the Vulnerable Software and Affected Versions: Esri ArcGIS for Server versions 10.1 through 10.2 Description: The mobile-upload feature in Esri ArcGIS for Server allows remote authenticated users to upload .exe files by leveraging publisher or administrator privileges. Recommendations: Fo...

MS13-071 Microsoft Windows Theme File Handling Code Execution

This Metasploit module exploits a vulnerability mainly affecting Microsoft Windows XP and Windows 2003. The vulnerability exists in the handling of the Screen Saver path, in the boot section. An arbitrary path can be used as screen saver, including a remote SMB resource, which allows for remote...

Mozilla 24 Resolves 17 Security Vulnerabilities

The Mozilla Foundation released Firefox 24 yesterday, issuing 17 security patches for the browser. Seven of the bulletins received the highest, critical impact rating, four are considered high impact advisories, the second most severe rating, and the remaining six are of moderate impact. Mozilla’...

Threat Outbreak Alert: Malicious Attachment Email Messages on September 16, 2013

Medium Alert ID: 30835 First Published: 2013 September 17 15:43 GMT Version: 1 Summary Cisco Security has detected significant activity related to Italian-language spam email messages that claim to contain an attachment for the recipient. The text in the email message attempts to convince the...

Threat Outbreak Alert: Fake Document Attachment Email Messages on September 14, 2013.

Medium Alert ID: 30799 First Published: 2013 September 16 14:39 GMT Version: 1 Summary Cisco Security has detected significant activity related to a spam email message that claims to contain a document attachment for the recipient. The text in the email message attempts to convince the recipient ...

Threat Outbreak Alert: Email Messages with Malicious Attachments on September 12, 2013

Medium Alert ID: 30763 First Published: 2013 September 12 15:48 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that contain a malicious attachment. The text in the email message attempts to convince the recipient to open the attachment and...

[Hidden File Finder v2.5] Tool to Find and Unhide/Remove all the Hidden Files

Hidden File Finder is the free software to quickly scan and discover all the Hidden files on your Windows system. It performs swift multi threaded scan of all the folders parallely and quickly uncovers all the hidden files. It automatically detects the Hidden Executable Files EXE, DLL, COM etc an...

Unrestricted file upload

Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to ...

VMWare Setuid vmware-mount Unsafe popen(3)

VMWare Workstation up to and including 9.0.2 build-1031769 and Player have a setuid executable called vmware-mount that invokes lsbrelease in the PATH with popen3. Since PATH is user-controlled, and the default system shell on Debian-derived distributions does not drop privs, we can put an...

Adobe Photo Loader Malware Posts Craigslist Spam

An attacker is going to a lot of trouble to post spam messages to Craigslist. Researchers at Solera Networks have come across an attack where malware is using compromised machines to post poorly worded ads for an Android application marketed at parents for the purposes of monitoring the activitie...

Java User Agent Executable Download

Some executable files can be downloaded to computer systems Java user agent. There are cases in which certain traffic, although not intended for malicious use, is very unsafe, since it may transfer shellcode which is undetectable by IPS...