Moderate: Red Hat Security Advisory: python-django security update

An update for python-django is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Moderate: Red Hat Security Advisory: python-django security update

An update for python-django is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Apache Struts 2 remote code execution vulnerability(CVE-2 0 1 6-0 7 8 5)-vulnerability warning-the black bar safety net

Apache Struts 2 is the world's most popular Java Web serverframework. Unfortunately, however, a security researcher in the Struts 2 on found a remote code execution vulnerability. Currently the Apache official published announcement, the vulnerability risk level is high risk. The black bar safety...

Linux powermate Null Pointer Dereference

OS-S Security Advisory 2016-13 Linux powermate Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB...

Wordpress-Exploit-Framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems

A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. What do I need to run it? Ensure that you have Ruby 2.2.x installed on your system and then install all required dependencies by opening a command prompt / terminal in...

AppLocker - Execution Prevention Bypass (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 'AppLocker Execution Prevention Bypass', 'Description' = %q This module will generate a .NET service executable on the target and utilise InstallUtil to...

PEAR LiveUser 0.16.8 - Arbitrary File Access

PEAR LiveUser 0.16.8 - Arbitrary File Access PEAR LiveUser Arbitrary File Access Vendor: Markus Wolff Product: PEAR LiveUser Version: options'cookie''name'; if strlen$cookieData deleteRememberCookie; $this-stack-pushLIVEUSERERRORCOOKIE, 'error', array, 'Wrong data in cookie store in...

AndroL4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

AndroL4b is an android security virtual machine based on ubuntu Mate includes the collection of latest framework, tutorials and labs from different security geeks and researcher for reverse engineering and malware analysis. Tools APKStudio Cross-platform Qt5 based IDE for reverse-engineering...

Python Fuzzing Framework: Kitty

Kitty is an open-source modular and extensible fuzzing framework written in python, inspired by OpenRCE’s Sulley and Michael Eddington’s and now Deja Vu Security’s Peach Fuzzer . Goal The goal of Kitty was to help with fuzzing unusual targets — proprietary and esoteric protocols over non-TCP/IP...

StrongSoft灾害预警系统SelectContacts.aspx 等文件11处注入

0x01 框架概述 福建四创软件有限公司成立于2001年1月19日，位于福建省福州市海西高新创业大厦9、10楼（广贤路与乌龙江大道交叉口） ，是一家致力于中国防灾减灾事业的技术型企业。目前专注于为政府提供防灾减灾应急指挥系统解决方案，为各级企业提供防灾减灾信息与应用租赁服务，为社会公众提供防灾减灾信息发布与预警服务。 官方主页： http://www.strongsoft.net/DMenu.aspx 谷歌搜索： intitle:预警 系统 技术支持:福建四创 0x02 漏洞细节 11注入点： 1、/BaseCourse/RushTeamCollect.aspx?adcd=1&key=1...

CVE-2016-0522

Unspecified vulnerability in the Oracle Retail Open Commerce Platform Cloud Service component in Oracle Retail Applications 3.5, 4.5, 4.7, and 5.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Framework...

CVE-2016-0522

Unspecified vulnerability in the Oracle Retail Open Commerce Platform Cloud Service component in Oracle Retail Applications 3.5, 4.5, 4.7, and 5.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Framework...

SimplyEmail - Email Recon Made Fast And Easy, With A Framework To Build On

What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt wa...

Phabricator: libphutil: removing bytes from a PhutilRope does not work as intended

Mongoose. This is a bug in libphutil, it doesn't seem to affect phabricator because the bytes are always removed one buffer at a time. I imagine this could cause security issues in applications made with libphutil as a framework, if they use PhutilRope directly. This is how it goes: $rope = new...

Debian DSA-3402-1 : symfony - security update

Several vulnerabilities have been discovered in symfony, a framework to create websites and web applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-8124 The RedTeam Pentesting GmbH team discovered a session fixation vulnerability within th...

[SECURITY] [DSA 3402-1] symfony security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3402-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2015 https://www.debian.org/security/faq -...

Celoxis 9.5 Cross Site Scripting

================================================================ Celoxis alert"XSS" Advisory Timeline -------------------- 08/10/2015 - Informed Vendor about Issue 08/10/2015 - Vendor responded 12/11/2015 - Reminded Vendor 14/11/2015 - Vendor responded saying 'they changed the framework itself to...

CVE-2015-7771

Cross-site scripting XSS vulnerability in the runtime engine in the Newphoria applican framework before 1.13.0 for Android and iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID that is encountered by an applican application, a different vulnerability than...

Cisco FireSight Management Center Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco FireSIGHT Management Center MC could allow an authenticated, remote attacker to execute a stored, cross-site scripting XSS attack against a user of the web interface. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted...

[SECURITY] Fedora 22 Update: php-horde-horde-5.2.8-1.fc22

The Horde Application Framework is a flexible, modular, general-purpose web application framework written in PHP. It provides an extensive array of components that are targeted at the common problems and tasks involved in developing modern web applications. It is the basis for a large number of...