482 matches found
HITB Quartal Magazine - eZine Issue 007
Document Title: =============== HITB Quartal Magazine - eZine Issue 007 References: =========== Original: http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-007.pdf Article: http://magazine.hitb.org/ Mirror: http://www.vulnerability-lab.com/resources/documents/297.pdf Article:...
Debian Security Advisory DSA 2314-1 (puppet)
The remote host is missing an update to puppet announced via advisory DSA 2314-1. OpenVAS Vulnerability Test $Id: deb23141.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2314-1 puppet Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
Debian DSA-2314-1 : puppet - multiple vulnerabilities
Multiple security issues have been discovered in Puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-3848 Kristian Erik Hermansen reported that an unauthenticated directory traversal could drop any...
[SECURITY] [DSA 2314-1] puppet security update
-------------------------------------------------------------------------- Debian Security Advisory DSA-2314-1 [email protected] http://www.debian.org/security/ Nico Golde Oct 3, 2011 http://www.debian.org/security/faq - --------------------------------------------------------------------------...
DSA-2314-1 puppet - several
Bulletin has no description...
One Third of Drug-Related Searches Lead to Illicit Pharmacy Sites
Researchers at the University of Cambridge will present evidence of what they say is wide spread manipulation of search results that direct unwitting Web surfers to dodgy and illicit online pharmacy sites. The research, which will be presented at the 20th USENIX Security Symposium in San Francisc...
Code injection
HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allow remote authenticated users to conduct unspecified script injection attacks via unknown vectors...
CVE-2011-1760
utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument...
Insecure Mail Server Offers Chinese Government Accounts To The Masses
A security researcher who identified holes in SCADA software used by utilities in China has issued a new warning to that country’s CERT about insecure Web infrastructure, including an e-mail server that allows any Web user to create their own Chinese government mail account. Dillon Beresford, a...
Mc.Graw Hill – Hacking Exposed 3rd Edition 2011
The latest Web app attacks and countermeasures from world-renowned practitioners. Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web...
CVE-2010-4700
The setmagicquotesruntime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqlifetchassoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly...
Overlooked Old Vulnerabilities Lead to Major Data Breaches, Says TrustWave
A recent report suggests that focusing too much on new security threats might make companies overlook older, more commonly exploited vulnerabilities. The report by TrustWave is based on data from over 1,900 penetration tests and more than 200 data breach investigations for clients like American...
Mojo's IWMS 7 SQL Injection / Cross Site Scripting
Exploit Title: MOJO's IWMS | www.DigitalWhisper.co.il Software Link: http://www.mojo.co.il Version: YourXSSHere SQL Injection A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can re...
PHP 5.2.11 - htmlspecialCharacters() Malformed Multibyte Character Cross-Site Scripting (1)
PHP 5.2.11 - htmlspecialCharacters Malformed Multibyte Character Cross-Site Scripting 1 source: https://www.securityfocus.com/bid/37389/info PHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execu...
PHP 5.2.11 - htmlspecialCharacters() Malformed Multibyte Character Cross-Site Scripting (2)
PHP 5.2.11 - htmlspecialCharacters Malformed Multibyte Character Cross-Site Scripting 2 source: https://www.securityfocus.com/bid/37389/info PHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execu...
PHP 5.2.11 - 'htmlspecialCharacters()' Malformed Multibyte Character Cross-Site Scripting (2)
source: https://www.securityfocus.com/bid/37389/info PHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
How to Get Owned in One Easy Step
As 2009 draws to a close, one thing has become clear: The most dangerous piece of software on your PC isn’t a banking Trojan or a bot; it’s your Web browser. The Web browser has become the main focal point of attackers’ attention and the frequency with which new vulnerabilities are found in all o...
OWASP Con Begets Top 10 Threats List
Injection attacks top the 2010 OWASP Top 10 list of Web application security threats, including SQL, OS, and LDAP injection, followed by cross-site scripting XSS, broken authentication and session management, insecure direct object references, cross-site request forgery CSRF, security...
CVE-2008-7092
CVE-2008-7092 affects Unica Affinium Campaign 7.2.1.0.55. The connected records confirm multiple cross-site scripting (XSS) vulnerabilities where arbitrary web script/HTML can be injected via parameters such as url, PageName, title (CustomBookMarkLink action), displayIcon (updateOfferTemplateSubm...
openSUSE Security Update : rubygem-activerecord (rubygem-activerecord-328)
Missing sanity checks of the :limit and :offset parameters in SQL queries could potentially be exploited to conduct SQL inection attacks CVE-2008-4094. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...