Prestige Software CMS File Disclosure

Exploit Title : Prestige Software CMS Local File Disclosure Author : IrIsT.Ir Discovered By : BeniVanda Home : http://IrIsT.Ir/en/ Software Link : http://www.prestijsoftware.com/tr/ Security Risk : High Version : All Version Tested on : GNU/Linux Ubuntu/BT/Fedora - win7 Dork : intext:Bu site...

CVE-2013-2162

Race condition in the post-installation script mysql-server-5.5.postinst for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive...

MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution

This Metasploit module exploits the MiniUPnP 1.0 SOAP stack buffer overflow vulnerability present in the SOAPAction HTTP header handling. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more...

MiniUPnPd 1.0 - Remote Stack Buffer Overflow Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'MiniUPnPd 1.0 Stack Buffer Overflow...

Monkey HTTPD 1.1.1 - Denial of Service Vulnerability

Title: ====== Monkey HTTPD 1.1.1 - Denial of Service Vulnerability Date: ===== 2013-05-28 References: =========== http://bugs.monkey-project.com/ticket/181 Introduction: ============= Monkey is a lightweight and powerful web server for GNU/Linux. It has been designed to be very scalable with low...

Monkey HTTPD 1.1.1 Denial Of Service

Title: ====== Monkey HTTPD 1.1.1 - Denial of Service Vulnerability Date: ===== 2013-05-28 References: =========== http://bugs.monkey-project.com/ticket/181 Introduction: ============= Monkey is a lightweight and powerful web server for GNU/Linux. It has been designed to be very scalable with low...

Immunity Canvas: PERF_SWEVENT_INIT

Name| perfsweventinit ---|--- CVE| CVE-2013-2094 Exploit Pack| CANVAS Description| perfsweventinit local root Notes| Repeatability: Infinite Notes: Tested on: - Ubuntu 12.10 quantal x8664 3.5.0-27-generic VENDOR: GNU/Linux CVE Url: https://vulners.com/cve/CVE-2013-2094 CVE Name: CVE-2013-2094...

MyBB Games Cross Site Scripting

Exploit Title :Mybb Games xss Vul Author : DarkSnipper ,Dream.Killer & Soulinj3ctor Discovered By : [email protected] Home : http://cybercoders.org Link : http://mods.mybb.com/view/game-section Security Risk : High Version : All Tested on : GNU/Linux Ubuntu - Windows Server - win7 Dork :...

ClamAV < 0.97.8 Multiple Vulnerabilities

According to its version, the ClamAV clamd antivirus daemon on the remote host is earlier than 0.97.8 and is, therefore, potentially affected by the following vulnerabilities : - An overflow condition exists in the 'getsisstring' function in 'libclamav/sis.c' when handling SIS content. This flaw...

WordPress Traffic Analyzer Cross Site Scripting

Exploit Title : WordPress Trafficanalyzer Plugin XSS Vulnerability Author : IrIsT.Ir Discovered By : BeniVanda Home : http://IrIsT.Ir/en/ Software Link : http://wptrafficanalyzer.in Security Risk : Medium Version : All Version Tested on : GNU/Linux Ubuntu/BT/Fedora - win7 Dork :...

GnuTLS libgnutls - Double-Free Certificate List Parsing Remote Denial of Service

Sorry I forgot to write headers in previous mail. Exploit Title: possible ways to exploit CVE-2012-1663 GNUTLS-3.0.13 Google Dork: if relevant we will automatically add these to the GHDB Date: Mar 20, 2013 Exploit Author: Shawn the R0ck Vendor Homepage: http://www.gnutls.org/ Software Link:...

CVE-2013-1427

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP...

Race condition

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP...

CVE-2013-1427

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP...

CVE-2013-1427

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP...

The GNU/Linux kernel new features initiator to mention the right vulnerability-vulnerability warning-the black bar safety net

SUSE security research members of the Sebastian Krahmer has published the GNU/Linux kernel to mention the right vulnerability, recent GNU/Linux kernel3.8+have introduced a In order to facilitate the container to achieve the new features: user-namespacesuser-ns, CLONENEWUSER flag, this feature...

GNU/Linux kernel(3.8+)Privilege Escalation Vulnerability

Exploit for linux platform in category local exploits define GNUSOURCE include include include include include include include include include include int go2; char childstack120; extern char environ; void dieconst char msg perrormsg; exiterrno; int childvoid arg char c; closego1; readgo0, &c, 1;...

CVE-2013-1048

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an...

Immunity Canvas: SUDO_TIMESTAMP

Name| sudotimestamp ---|--- CVE| CVE-2013-1775 Exploit Pack| CANVAS Description| sudotimestamp: Linux/MacOS timestamp privilege escalation Notes| CVE Name: CVE-2013-1775 VENDOR: Intel, GNU/Linux, Apple Notes: This exploit runs on GNU/Linux and MacOS X. On both systems this exploit requires: - Use...

[SECURITY] [DSA 2612-1] ircd-ratbox security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2612-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 24, 2013 http://www.debian.org/security/faq -...