DFLabs PTK 1.0.5 Cross Site Request Forgery

+---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : DFLabs PTK = 1.0.5 Multiple Vulnerabilities Steal Authentication Credentials Date : 22-02-2012 Author : Ivano Binetti...

DFLabs PTK <= 1.0.5 Multiple Vulnerabilities

Exploit for php platform in category web applications +---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : DFLabs PTK = 1.0.5 Multiple Vulnerabilities Steal Authentication Credentials...

Twitter Makes HTTPS Default Login Option

Twitter has finally gotten on board the SSL train and made HTTPS the default login option for all of its users who sign in through the Web interface. The company had made secure login an option for users last year but hadn’t made it the default mechanism. On Monday, officials at Twitter said that...

Finding Location Data In Google Maps SSL Sessions

In the last couple of years, Google and some other Web giants have moved to make many of their services accessible over SSL, and in many cases, made HTTPS connections the default. That’s designed to make eavesdropping on those connections more difficult, but as researchers have shown, it certainl...

[SECURITY] Fedora 15 Update: curl-7.21.3-13.fc15

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Iran Shutdown Google ,Yahoo & other Major sites using Https Protocol

Iran Shutdown Google ,Yahoo & other Major sites using Https Protocol We Received latest reports from Iran ,Governments has blocked access to the major sites plus websites using certain Https protocol like Gmail, Google ,Yahoo. On the eve of the anniversary of the revolution that overthrew the...

Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ExportReport stored procedure, accessed via the management.asmx console. Th...

http-qnap-nas-info NSE Script

Attempts to retrieve the model, firmware version, and enabled services from a QNAP Network Attached Storage NAS device. Script Arguments slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline,...

[SECURITY] Fedora 16 Update: curl-7.21.7-6.fc16

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

USN-1346-1: curl vulnerability

Dan Fandrich discovered that curl incorrectly handled URLs containing embedded or percent-encoded control characters. If a user or automated system were tricked into processing a specially crafted URL, arbitrary data could be injected...

RHEL 6 : java-1.6.0-ibm (RHSA-2012:0034)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0034 advisory. The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes...

OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity,...

op5 Portal Detection

The remote web server hosts op5 Portal, a web interface platform that contains several other components produced by op5, notably op5 Monitor. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid57575; scriptversion"1.5"; scriptcvsdate"Date: 2019/11/22";...

http-generator NSE Script

Displays the contents of the "generator" meta tag of a web page default: / if there is one. Script Arguments http-generator.path Specify the path you want to check for a generator meta tag default to '/'. http-generator.redirects Specify the maximum number of redirects to follow defaults to 3...

OP5 license.php Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'OP5 license.php...

MS12-006: Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)

The remote host is affected by an information disclosure vulnerability, known as BEAST, in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector IV is selected when operating in cipher-block chaining CBC modes. A man-in-the-middle attacker can exploit this to obtain...

Google Chrome HTTPS Address Bar Spoofing

Google awarded one of our security researchers a Chromium Security Reward for an HTTPS address bar spoofing bug in Chrome 14 and 15 although it may be present in older versions too. The bug was fixed in Chrome 16, most browsers seem to be updated and we're happy to share technical details with th...

Google Chrome HTTPS地址栏欺骗漏洞

Google Chrome是一个由Google公司开发的开源网页浏览器。 Google Chrome 14和15在HTTPS地址栏的实现上存在欺骗漏洞，攻击者可利用此漏洞诱使用户访问恶意站点，泄露其证书和个人数据。 0 Google Chrome 15 Google Chrome 14 厂商补丁： Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.google.com...

PHP Hash Table Collision - Denial of Service (PoC)

PHP Hash Table Collision - Denial of Service PoC ! /usr/bin/env python """ This script was written by Christian Mehlmauer https://twitter.com/!/FireFart Sourcecode online at: https://github.com/FireFart/HashCollision-DOS-POC Original PHP Payloadgenerator taken from...

PHP Hash Table Collision Proof Of Concept

Exploit for php platform in category dos / poc ''' This script was written by Christian Mehlmauer Original PHP Payloadgenerator taken from https://github.com/koto/blog-kotowicz-net-examples/tree/master/hashcollision CVE : CVE-2011-4885 requires Python 2.7 Examples: - Make a single Request, wait f...