Microsoft .NET Framework Parameter Validation Code Execution (MS12-025; CVE-2012-0163)

A heap buffer overflow vulnerability has been reported in Microsoft .NET framework...

[SECURITY] Fedora 16 Update: php-symfony-symfony-1.4.18-1.fc16

Symfony is a complete framework designed to optimize the development of web applications by way of several key features. For starters, it separates a w eb application's business rules, server logic, and presentation views. It contains numerous tools and classes aimed at shortening the development...

winAUTOPWN v3.0 Released - System vulnerability exploitation Framework

winAUTOPWN v3.0 Released - System vulnerability exploitation Framework The improved GUI extension - WINAUTOPWN ACTIVE SYSTEMS TRANSGRESSOR GUI C4 - WAST is a Systems and Network Exploitation Framework built on the famous winAUTOPWN as a backend. C4 - WAST gives users the freedom to select...

FTC Privacy Framework Pushes for Do Not Track, Closer Inspection of Data Brokers

The Federal Trade Commission has issued a new report on consumer privacy and online tracking and among the recommendations the commission makes is that data brokers make themselves known to consumers and be open and transparent about the data they collect on consumers. The FTC also says that...

Microsoft .NET Framework CLI Loader Memory Corruption (CVE-2007-0041)

A memory corruption vulnerability has been reported in Microsoft .NET Framework...

Metasploit Framework 4.2.0 : IPv6, VMware, and Tons of Modules!

Metasploit Framework 4.2.0 : IPv6, VMware, and Tons of Modules! Since last release in October, Metasploit added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads. Metasploit 4.2 now ships with thirteen brand new payloads, all added to support opening...

Apache Struts 2 ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution

The remote web application appears to use Apache Struts 2, a web framework that uses XWork. Due to a flaw in the ParameterInterceptor class, user input is not properly sanitized, which allows a remote attacker to run arbitrary Java code on the remote host by sending a specially crafted HTTP...

appRain CMF v0.1.5 - Multiple Web Vulnerabilities

Exploit for php platform in category web applications appRain CMF v0.1.5 - Multiple Web Vulnerabilities Introduction: ============= appRain is one of the first officially released Opensource Content Management Framework CMF. CMF is a new web engineering concept where CMS Content Management System...

Adobe Fixes Flaw in Flex SDK Framework

Adobe has patched a security flaw in its Flex SDK product that could lead to cross-site scripting attacks against some applications that were built using the SDK. The vulnerability affects versions 3.6 and below and 4.5.1 and below. The Flex SDK is a free, open source application framework that...

LedgerSMB 1.3.0 released, includes anti-XSRF framework

Hi all; LedgerSMB 1.3.0 has been released. One of the important enhancements this version has is protection against cross-site request forgery XSRF, notably missing in past versions. The codebase we inherited when beginning the project has not been very conducive to retrofitting security framewor...

iDefense Security Advisory 10.12.11: Apple Mobile OfficeImport Framework Word Document Parsing Memory Corruption Vulnerability

iDefense Security Advisory 10.12.11 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 12, 2011 I. BACKGROUND The OfficeImport framework is an API used by Apple's mobile devices, including the iPod Touch, iPhone, and iPad. The framework is used to parse and display Microsoft Office file...

Apple Mobile OfficeImport Framework Word文档解析内存破坏漏洞

CVE ID: CVE-2011-3260 OfficeImport组件是Apple移动设备使用的API，用于解析和显示Office文档格式。 Apple公司的OfficeImport组件在解析畸形Office文档时存在内存破坏漏洞，可使攻击者以当前用户权限执行任意代码。 在解析具有恶意构建记录的Word文件时，记录中的特定值可触发内存破坏漏洞，文件中的值被用作函数指针。 Apple iOS 5 厂商补丁： Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://support.apple.com/...

Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)

This host is missing a critical security update according to Microsoft Bulletin MS11-078. OpenVAS Vulnerability Test $Id: secpodms11-078.nasl 8190 2017-12-20 09:44:30Z cfischer $ Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability 2604930 Authors: Sooraj KS Copyright:...

[SECURITY] Fedora 15 Update: Django-1.3.1-2.fc15

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

SSHtrix - Fastest Multithreaded SSHv1 and SSH1v2 login cracker

SSHtrix - Fastest Multithreaded SSHv1 and SSH1v2 login cracker sshtrix is a very fast multithreaded SSH login cracker. It supports SSHv1 and SSHv2.sshtrix was designed to automate rapid bruteforce attacks against SSH authentification screens. Unlike other public tools, the aim is to keep it...

Exploit writing tutorial part 4 : From Exploit to Metasploit [RUS by p(eaZ]

Автор: Peter Van Eeckhoutte corelanc0d3r Перевод: peaZ 9/2011 В первых частях руководства, мы обсудили некоторые общие уязвимости, которые могут привести к двум типам эксплойтов: стековое переполнение буфера с прямой перезаписью EIP, и буферное переполнение с использованием SEH chain. В моих...

RealVNC 4.1 Authentication Bypass

No description provided by source. $Id: realvnc41bypass.rb 13641 2011-08-26 04:40:21Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...

HP JetDirect Printer PJL Query Execution

Exploit Title: HP JetDirect PJL Query Execution Date: Aug 7, 2011 Author: Myo Soe Software Link: http://www.hp.com Version: All Tested on: HP LaserJet Pxxxx Series $Id: $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the...

dotProject GW v2.1.5 - Multiple SQL Injection Vulnerabilities

Document Title: =============== dotProject GW v2.1.5 - Multiple SQL Injection Vulnerabilities Release Date: ============= 2011-07-24 Vulnerability Laboratory ID VL-ID: ==================================== 83 Product & Service Introduction: =============================== dotProject is a PHP...

[SECURITY] [DSA 2278-1] horde3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2278-1 [email protected] http://www.debian.org/security/ Steffen Joeris July 16, 2011 http://www.debian.org/security/faq -...