[SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable

------------------------------------------------------------------------- Debian Security Advisory DSA-2360-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 6, 2011 http://www.debian.org/security/faq -...

[SECURITY] Fedora 15 Update: psi-0.14-7.fc15

Psi is the premiere Instant Messaging application designed for Microsoft Windows, Apple Mac OS X and GNU/Linux. Built upon an open protocol named Jabber, Psi is a fast and lightweight messaging client that utilises the be st in open source technologies. Psi contains all the features necessary to...

DSA-2360-1 lenny end-of-life

This is an advance notice that security support for Debian GNU/Linux 5.0 code name "lenny" will be terminated in two months. The Debian project released Debian GNU/Linux 6.0 alias "squeeze" on the 6th of February 2011. Users and distributors have been given a one-year timeframe to upgrade their o...

JAM SQL Injection

Exploit Title: JAM SQL Injection Vulnerability Google Dork: intext:"This site is preserved by JAM" Date: 2011-15-09 Author: nGa Sa Lu N-S-L Service Link: http://www.jamarketing.co.nz Tested on: Debian GNU/Linux 5.0 Google Dork : intext:"This site is preserved by JAM"...

dotProject 2.1.5 - SQL Injection

Exploit Title: dotProject 2.1.5 SQL Injection Vulnerability Google Dork: intitle:"dotproject" Date: 2011-12-09 Author: sherl0ck @AlligatorTeam Software Link: http://www.dotproject.net/ Version: 2.1.5 tested Tested on: Debian GNU/Linux 5.0 --------------- PoC --------------- URL:...

dotProject 2.1.5 - SQL Injection

dotProject 2.1.5 - SQL Injection Exploit Title: dotProject 2.1.5 SQL Injection Vulnerability Google Dork: intitle:"dotproject" Date: 2011-12-09 Author: sherl0ck @AlligatorTeam Software Link: http://www.dotproject.net/ Version: 2.1.5 tested Tested on: Debian GNU/Linux 5.0 --------------- PoC...

dotProject 2.1.5 SQL Injection

Exploit Title: dotProject 2.1.5 SQL Injection Vulnerability Google Dork: intitle:"dotproject" Date: 2011-12-09 Author: sherl0ck @AlligatorTeam Software Link: http://www.dotproject.net/ Version: 2.1.5 tested Tested on: Debian GNU/Linux 5.0 --------------- PoC --------------- URL:...

dotProject 2.1.5 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: dotProject 2.1.5 SQL Injection Vulnerability Google Dork: intitle:"dotproject" Date: 2011-12-09 Author: sherl0ck @AlligatorTeam Software Link: http://www.dotproject.net/ Version: 2.1.5 tested Tested on: Debian GNU/Linux 5.0...

Durandal - Distributed CPU/GPU Hash Cracker v 0.5 released

Durandal - Distributed CPU/GPU Hash Cracker v 0.5 released Durandal is a distributed GPU/CPU computing software that aims to crack passwords. Mostly written in C++ with the Boost library, it works on many systems, however it is only built for Windows and GNU/Linux for the moment, on the x86 and x...

Durandal - Distributed CPU/GPU Hash Cracker v 0.5 released

Durandal - Distributed CPU/GPU Hash Cracker v 0.5 released Durandal is a distributed GPU/CPU computing software that aims to crack passwords. Mostly written in C++ with the Boost library, it works on many systems, however it is only built for Windows and GNU/Linux for the moment, on the x86 and x...

ISC BIND 9 named denial of service vulnerability

Overview ISC BIND 9 contains a remote packet denial of service vulnerability when running as an authoritative or recursive server. Description According to ISC:A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packe...

CVE-2009-5082

The 1 configure and 2 config.guess scripts in GNU troff aka groff 1.20.1 on Openwall GNU//Linux aka Owl improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file...

Rhythmbox - '.m3u' Local Crash (PoC)

Exploit Title: Rhythmbox .m3u Local Crash Poc Vendor: http://projects.gnome.org/rhythmbox/ Author: Caddy-Dz Facebook Page: www.facebook.com/islam.caddy E-mail: [email protected] | [email protected] Website: www.exploit-id.com Category:: webapps Tested on: Ubuntu 10.10 - French Note ! :...

HB Ecommerce SQL Injection

------------- HB ECOMMERCE SQL Injection Vulnerability --------------- ------------------------------------------------------------------------ ------------------------------------------------------------------------ + Exploit Title: HB ECOMMERCE SQL Injection Vulnerability + Google Dork:...

OpenSSL leaks ECDSA private key through a remote timing attack

Overview The OpenSSL ladder implementation for scalar multiplication of points on elliptic curves over binary fields is susceptible to a timing attack vulnerability. This vulnerability can be used to steal the private key of a TLS server that authenticates with ECDSA signatures and binary curves...

Nic.cl Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Main URI: http://www.nic.cl Type: Cross Site Scripting Exploitable URI: http://www.nic.cl/cgi-bin/show-form?f=/example/201001191941%3Cbody%20onload=alert%28this%29%3E3a6 Status: Reported Date: April 20, 2011, 12:27 p.m. Reported on:...

CVE-2011-1548

The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated...

Default configuration

The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated...

CVE-2011-1548

CVE-2011-1548 concerns the logrotate utility on Debian-based systems, where the default configuration allows a non-root user to trigger symlink and hard-link attacks by exploiting logrotate’s handling of directories that are writable by non-root users. The underlying issue is the program processi...

CVE-2011-1548

The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated...