GnuTLS libgnutls Double-free Certificate List Parsing Remote DoS

No description provided by source. Sorry I forgot to write headers in previous mail. Exploit Title: possible ways to exploit CVE-2012-1663 GNUTLS-3.0.13 Google Dork: if relevant we will automatically add these to the GHDB Date: Mar 20, 2013 Exploit Author: Shawn the R0ck Vendor Homepage:...

Zend-Framework - Full Info Disclosure

No description provided by source. Exploit Title : Zend-Framework Full Info Disclosure Google Dork : inurl:/application/configs/application.ini Date : 26/11/2013 Exploit Author : Ariel Orellana Vendor Homepage : http://framework.zend.com/ Category : Web applications Tested on : GNU/Linux...

NitroSecurity ESM 8.4.0a - Remote Code Execution

No description provided by source. -- Product description: NitroView ESM is an enterprise-class security information and event management system that identifies, correlates, and remediates threats faster than any other SIEM on the market. -- Problem Description: During research it was found that...

Cacti <= 0.8.6d Remote Command Execution Exploit

No description provided by source. Note: This exploit contains backdoor shell code that is not located on this server. /str0ke !/usr/bin/perl Remote Command Execution Exploit for Cacti = 0.8.6d This exploit open a remote shell on the targets that uses Cacti TARGET HOST MUST BE A GNU/LINUX SERVER,...

Debian GNU/Linux 3.1 top Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1895/info top is a program used to display system usage statistics in real time written by GoupSys Consulting but shipped by default as a core component with many operating systems. On BSD systems, top is installed setgid...

SaurusCMS <= 4.6.4 - Multiple RFI Exploit

No description provided by source. Exploit Title: SaurusCMS = 4.6.4 Multiple RFI Exploit Date: 19-12-2009 Author: cr4wl3r Software Link: http://www.saurus.info Version: N/A Tested on: GNU/LINUX Code class.writeexcelworkbook.inc.php global $classpath; requireonce...

Linux Kernel 2.6.29 - ptrace_attach() Local Root Race Condition Exploit

No description provided by source. / GNU/Linux kernel 2.6.29 ptraceattach local root race condition exploit. ========================================================================== This is a local root exploit for the 2.6.29 ptraceattach race condition that allows a process to gain elevated...

eoCMS <= 0.9.03 Remote FIle Include Vulnerability

No description provided by source. Exploit Title: eoCMS = 0.9.03 Remote FIle Include Vulnerability Date: 14-12-2009 Author: 1nd0n3s14n l4m3r Software Link: http://eocms.com/index.php?act=plugin&id=4 Version: N/A Tested on: GNU/LINUX CVE : N/A Code : N/A eoCMS = 0.9.03 Remote FIle Include...

'Tails' Operating System Website Has Been Hacked

Just a few hours ago, the Official website of the Tails Operating System has been hacked and it appears that a self-proclaimed 17-year old hacker breached and defaced it. Tails is a Linux-based highly secure Operating System, specially designed and optimized to preserve users' anonymity and...

Tails - The Amnesic Incognito Live System Released

Tails , The Amnesic Incognito Live System, is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly. It is a complete...

CVE-2014-2405

Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462...

CVE-2014-0462

Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405...

Design/Logic Flaw

Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462...

CVE-2014-2405

Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462...

PerfectWare CMS SQL Injection

PerfectWare CMS SQL Injection Risk: High CWE number: CWE-89 Author: Hugo Santiago dos Santos Contact: [email protected] Date: 09/05/2014 Vendor Homepage: http://www.perfectware.com.br/ Robson Gutierrez Tested on: Windows 7 and Gnu/Linux Google Dork: intext:Desenvolvimento By Robson Gutierrez U...

Jasper Server 5.5 Session Fixation

Session Fixation / Hijacking on JasperServer + Date: 09/05/2014 + Risk: High + CWE number: CWE-384 + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.jaspersoft.com/ + Software Download : http://sourceforge.net/projects/jasperserver/ + Contact: [email protected] + Tested on:...

Enquete yS 1.0 SQL Injection Vulnerability

Enquete yS version 1.0 suffers from a remote SQL injection vulnerability. Enquete yS - Full v. 1.0 POST SQL Injection in Panel Admin Risk: High CWE number: CWE-89 Author: Hugo Santiago dos Santos Contact: email protected Date: 08/05/2014 Vendor Homepage:...

Enquete yS 1.0 SQL Injection

Enquete yS - Full v. 1.0 POST SQL Injection in Panel Admin Risk: High CWE number: CWE-89 Author: Hugo Santiago dos Santos Contact: [email protected] Date: 08/05/2014 Vendor Homepage: http://phpbrasil.com/script/AG216GUqK7nS/enquete-ys--full-v-10-yourspotcombr Version: v1.0 Tested on: Windows 7...

BlackArch Linux v2014.04.21 - Lightweight expansion to Arch Linux for pentesters and security researchers

BlackArch Linux is an Arch-based GNU/Linux distribution for pentesters and security researchers. The BlackArch package repository is compatible with existing Arch installs. Changelog v2014.04.21 added new system packages: mplayer, abs, ack, bc, bridge-utils, darkhttpd, flashplugin, inotify-tools,...

UBUNTU-CVE-2014-2405

Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462...