OpenSSL - Padding Oracle in AES-NI CBC MAC Check

Exploit for multiple platform in category dos / poc Source: http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html TLS-Attacker: https://github.com/RUB-NDS/TLS-Attacker https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39768.zip Y...

BackdoorMe - Powerful Auto-Backdooring Utility

Backdoorme is a powerful utility capable of backdooring Unix machines with a slew of backdoors. Backdoorme uses a familiar metasploit interface with tremendous extensibility. Backdoorme relies on having an existing SSH connection or credentials to the victim, through which it will transfer and...

CVE-2015-4334

The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers OCS when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive...

Default configuration

The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers OCS when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive...

Ashley Madison Hackers (with another 300GB Dump) – Wait, Cheaters! We haven't Yet Done

Over a month ago, a group of hackers breached the popular cheater's dating service Ashley Madison and its parent company Avid Life Media, affecting tens of Millions site customers private life and also dump the website's source code onto the dark web. The hackers behind the Ashley Madison hack, w...

Debian DLA-286-1 : squid3 security update

Alex Rousskov discovered that Squid configured with cachepeer and operating on explicit proxy traffic does not correctly handle CONNECT method peer responses. In some configurations, it allows remote clients to bypass security in an explicit gateway proxy. For Debian 6 Squeeze, this problem has...

[SECURITY] [DLA 286-1] squid3 security update

Package : squid3 Version : 3.1.6-1.2+squeeze5 CVE ID : CVE-2015-5400 Debian Bug : 793128 Alex Rousskov discovered that Squid configured with cachepeer and operating on explicit proxy traffic does not correctly handle CONNECT method peer responses. In some configurations, it allows remote clients ...

DLA-286-1 squid3 - security update

Bulletin has no description...

tipask注入漏洞

简要描述： sql注入漏洞（2次注入） 详细说明： 官方最新源码测试 在control中answer.php中 追问模块---追问 / function onappend $this-load"message"; $qid = intval$this-get2 ? $this-get2 : intval$this-post'qid'; $aid = intval$this-get3 ? $this-get3 : intval$this-post'aid'; $question = $ENV'question'-get$qid; $answer = $ENV'answer'-get$aid...

Google Changes SafeSearch Option for Administrators

Google is removing a feature that allowed administrator to require their users to employ a search option that removes explicit content from search results. The decision is tied to the fact that the option required the use of an unsecured connection to Google, something that the company said allow...

WordPress Explicit Theme - XSS

This WordPress theme is prone to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary script or HTML. Solution Update the theme...

Ethernet Industrial Protocol (EtherNet/IP) Client Explicit Message Detection

Binary data 8277.prm...

Ethernet Industrial Protocol (EtherNet/IP) Server Explicit Message Detection

Binary data 8278.prm...

Ethernet Industrial Protocol (EtherNet/IP) Server Explicit Message Detection

Binary data 7115.pasl...

QNX RTOS 6.2 Application Packager Non-Explicit Path Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6146/info A vulnerability has been discovered in an application packager shipped with QNX RTOS. It should be noted that the vulnerable packager is installed setuid root by default. It has been reported that the packager...

MySQL typecasting

When using a MySQL database, Django don't perform explicit conversion of the fields: FilePathField GenericIPAddressField IPAddressField If a query is performed without first converting values to the appropriate type, this can produce unexpected results, similar to what would occur if the query...

Fedora 20 : imapsync-1.584-1.fc20 (2014-2505)

1.584 - Enhancement: Added --minmaxlinelength to select messages with long lines only. It helps to diagnostic Echange error on messages with lines longer than 9000 characters - Enhancement: Added --debugmaxlinelength - Bug fix: --ssl1 --tls2 was buggy because of default SSLVERIFYPEER. 'Can not go...

http_vs_https_dist

This plugin analyzes the network distance between the HTTP and HTTPS ports giving a detailed report of the traversed hosts in transit to target:port. You should have root/admin privileges in order to run this plugin succesfully. Explicitly declared ports on the entered target override those...

Novell iManager Multiple Vulnerabilities

The host is running Novell iManager and is prone to multiple unspecified vulnerabilities. OpenVAS Vulnerability Test $Id: gbnovellimanagermultvuln.nasl 6079 2017-05-08 09:03:33Z teissa $ Novell iManager Multiple Vulnerabilities Authors: Arun Kallavi Copyright: Copyright c 2013 Greenbone Networks...

Webwork direct method invocation can bypass validatingStack through Action aliases

WebWork supports the concept of action aliases, which allow a single action class to serve requests mapping to different names. This allows a developer to reuse the same action logic, but provide different results based on interceptors. When an action is invoked, Webwork will typically call its...