WordPress Traffic Analyzer Cross Site Scripting

Exploit Title : WordPress Trafficanalyzer Plugin XSS Vulnerability Author : IrIsT.Ir Discovered By : BeniVanda Home : http://IrIsT.Ir/en/ Software Link : http://wptrafficanalyzer.in Security Risk : Medium Version : All Version Tested on : GNU/Linux Ubuntu/BT/Fedora - win7 Dork :...

GnuTLS libgnutls - Double-Free Certificate List Parsing Remote Denial of Service

Sorry I forgot to write headers in previous mail. Exploit Title: possible ways to exploit CVE-2012-1663 GNUTLS-3.0.13 Google Dork: if relevant we will automatically add these to the GHDB Date: Mar 20, 2013 Exploit Author: Shawn the R0ck Vendor Homepage: http://www.gnutls.org/ Software Link:...

CVE-2013-1427

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP...

Race condition

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP...

CVE-2013-1427

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP...

CVE-2013-1427

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP...

The GNU/Linux kernel new features initiator to mention the right vulnerability-vulnerability warning-the black bar safety net

SUSE security research members of the Sebastian Krahmer has published the GNU/Linux kernel to mention the right vulnerability, recent GNU/Linux kernel3.8+have introduced a In order to facilitate the container to achieve the new features: user-namespacesuser-ns, CLONENEWUSER flag, this feature...

GNU/Linux kernel(3.8+)Privilege Escalation Vulnerability

Exploit for linux platform in category local exploits define GNUSOURCE include include include include include include include include include include int go2; char childstack120; extern char environ; void dieconst char msg perrormsg; exiterrno; int childvoid arg char c; closego1; readgo0, &c, 1;...

CVE-2013-1048

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an...

Immunity Canvas: SUDO_TIMESTAMP

Name| sudotimestamp ---|--- CVE| CVE-2013-1775 Exploit Pack| CANVAS Description| sudotimestamp: Linux/MacOS timestamp privilege escalation Notes| CVE Name: CVE-2013-1775 VENDOR: Intel, GNU/Linux, Apple Notes: This exploit runs on GNU/Linux and MacOS X. On both systems this exploit requires: - Use...

[SECURITY] [DSA 2612-1] ircd-ratbox security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2612-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 24, 2013 http://www.debian.org/security/faq -...

Novell NCP - Remote Command Execution

Novell NCP - Remote Command Execution In the interest of full-disclosure, here is a remote exploit for the vulnerability found by David Klein: Demonstration Novell NCP Pre-Auth Remote Stack Buffer Overflow Connecting to host 127.0.0.1... Connected! Sending message 1 23 bytes 74 4e 63 50 00 00 00 ...

Novell NCP Pre-Auth Remote Stack Buffer Overflow

/ Novell NCP Pre-Auth Remote Root Exploit Written by Gary Nilson 11-17-2013 Overview US-CERT/NIST CVES:CVE-2012-0432: Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors...

WordPress Gallery 3.8.3 Arbitrary File Read

​ Exploit Title : Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability Author : IrIsT.Ir Discovered By : BeniVanda Home : http://IrIsT.Ir/forum/ Software Link : http://wordpress.org/extend/plugins/gallery-plugin/ Security Risk : High Version : All Version Tested on : GNU/Linux Ubuntu ...

Phuse Web / Element C2 / Cox Web Design SQL Injection

Exploit Title : Phuse Web Sql Injection Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link : http://www.phusewebdesign.co.uk/ Security Risk : High Version : All Version Tested on : GNU/Linux Ubuntu - Windows Server - win7 Dork : intext:"Site by Phuse W...

Mandriva Update for cups MDVSA-2012:179 (cups)

Check for the Version of cups OpenVAS Vulnerability Test Mandriva Update for cups MDVSA-2012:179 cups Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Ubuntu Linux is a spyware ?

Creator of the GNU Project & Free Software Foundation's Leader Richard Stallman has called out Ubuntu as being "spyware". Why ? Because the operating system sends data to Ubuntu maker Canonical when a user searches the desktop. How ? Due to the Amazon search capabilities that have been integrated...

Design/Logic Flaw

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface...

CVE-2012-5519

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface...

CVE-2012-5519

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface...