Lucene search
K

482 matches found

Vulnerability Lab
Vulnerability Lab
added 2011/10/16 12:0 a.m.36 views

HITB Quartal Magazine - eZine Issue 007

Document Title: =============== HITB Quartal Magazine - eZine Issue 007 References: =========== Original: http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-007.pdf Article: http://magazine.hitb.org/ Mirror: http://www.vulnerability-lab.com/resources/documents/297.pdf Article:...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2011/10/16 12:0 a.m.32 views

Debian Security Advisory DSA 2314-1 (puppet)

The remote host is missing an update to puppet announced via advisory DSA 2314-1. OpenVAS Vulnerability Test $Id: deb23141.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2314-1 puppet Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

6.3CVSS6.4AI score0.01115EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/10/04 12:0 a.m.35 views

Debian DSA-2314-1 : puppet - multiple vulnerabilities

Multiple security issues have been discovered in Puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-3848 Kristian Erik Hermansen reported that an unauthenticated directory traversal could drop any...

6.3CVSS5.7AI score0.01115EPSS
Exploits0References10
Debian
Debian
added 2011/10/03 5:13 p.m.26 views

[SECURITY] [DSA 2314-1] puppet security update

-------------------------------------------------------------------------- Debian Security Advisory DSA-2314-1 [email protected] http://www.debian.org/security/ Nico Golde Oct 3, 2011 http://www.debian.org/security/faq - --------------------------------------------------------------------------...

6.3CVSS6.8AI score0.01115EPSS
Exploits0
OSV
OSV
added 2011/09/29 12:0 a.m.32 views

DSA-2314-1 puppet - several

Bulletin has no description...

6.3CVSS6AI score0.01115EPSS
Exploits0
ThreatPost
ThreatPost
added 2011/08/10 9:36 p.m.11 views

One Third of Drug-Related Searches Lead to Illicit Pharmacy Sites

Researchers at the University of Cambridge will present evidence of what they say is wide spread manipulation of search results that direct unwitting Web surfers to dodgy and illicit online pharmacy sites. The research, which will be presented at the 20th USENIX Security Symposium in San Francisc...

7.4AI score
Exploits0References6
Prion
Prion
added 2011/06/14 5:55 p.m.18 views

Code injection

HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allow remote authenticated users to conduct unspecified script injection attacks via unknown vectors...

7.5CVSS7AI score0.01364EPSS
Exploits0References6Affected Software2
UbuntuCve
UbuntuCve
added 2011/06/09 12:0 a.m.23 views

CVE-2011-1760

utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument...

7.2CVSS5.8AI score0.01367EPSS
Exploits1References2
ThreatPost
ThreatPost
added 2011/04/20 9:21 p.m.10 views

Insecure Mail Server Offers Chinese Government Accounts To The Masses

A security researcher who identified holes in SCADA software used by utilities in China has issued a new warning to that country’s CERT about insecure Web infrastructure, including an e-mail server that allows any Web user to create their own Chinese government mail account. Dillon Beresford, a...

0.2AI score
Exploits0References5
The Hacker News
The Hacker News
added 2011/03/19 12:59 p.m.6 views

Mc.Graw Hill – Hacking Exposed 3rd Edition 2011

The latest Web app attacks and countermeasures from world-renowned practitioners. Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web...

8.2AI score
Exploits0
UbuntuCve
UbuntuCve
added 2011/01/18 8:0 p.m.28 views

CVE-2010-4700

The setmagicquotesruntime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqlifetchassoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly...

6.8CVSS5.9AI score0.01464EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2010/10/30 12:28 a.m.10 views

Overlooked Old Vulnerabilities Lead to Major Data Breaches, Says TrustWave

A recent report suggests that focusing too much on new security threats might make companies overlook older, more commonly exploited vulnerabilities. The report by TrustWave is based on data from over 1,900 penetration tests and more than 200 data breach investigations for clients like American...

8.8AI score
Exploits0
Packet Storm
Packet Storm
added 2010/02/09 12:0 a.m.19 views

Mojo's IWMS 7 SQL Injection / Cross Site Scripting

Exploit Title: MOJO's IWMS | www.DigitalWhisper.co.il Software Link: http://www.mojo.co.il Version: YourXSSHere SQL Injection A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can re...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2009/12/17 12:0 a.m.30 views

PHP 5.2.11 - htmlspecialCharacters() Malformed Multibyte Character Cross-Site Scripting (1)

PHP 5.2.11 - htmlspecialCharacters Malformed Multibyte Character Cross-Site Scripting 1 source: https://www.securityfocus.com/bid/37389/info PHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execu...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2009/12/17 12:0 a.m.9 views

PHP 5.2.11 - htmlspecialCharacters() Malformed Multibyte Character Cross-Site Scripting (2)

PHP 5.2.11 - htmlspecialCharacters Malformed Multibyte Character Cross-Site Scripting 2 source: https://www.securityfocus.com/bid/37389/info PHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execu...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/12/17 12:0 a.m.66 views

PHP 5.2.11 - 'htmlspecialCharacters()' Malformed Multibyte Character Cross-Site Scripting (2)

source: https://www.securityfocus.com/bid/37389/info PHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2009/12/08 4:15 p.m.11 views

How to Get Owned in One Easy Step

As 2009 draws to a close, one thing has become clear: The most dangerous piece of software on your PC isn’t a banking Trojan or a bot; it’s your Web browser. The Web browser has become the main focal point of attackers’ attention and the frequency with which new vulnerabilities are found in all o...

0.4AI score
Exploits0References5
ThreatPost
ThreatPost
added 2009/11/16 6:12 p.m.11 views

OWASP Con Begets Top 10 Threats List

Injection attacks top the 2010 OWASP Top 10 list of Web application security threats, including SQL, OS, and LDAP injection, followed by cross-site scripting XSS, broken authentication and session management, insecure direct object references, cross-site request forgery CSRF, security...

0.9AI score
Exploits0References1
CVE
CVE
added 2009/08/26 2:0 p.m.47 views

CVE-2008-7092

CVE-2008-7092 affects Unica Affinium Campaign 7.2.1.0.55. The connected records confirm multiple cross-site scripting (XSS) vulnerabilities where arbitrary web script/HTML can be injected via parameters such as url, PageName, title (CustomBookMarkLink action), displayIcon (updateOfferTemplateSubm...

4.3CVSS5.9AI score0.01774EPSS
Exploits1References18Affected Software1
Tenable Nessus
Tenable Nessus
added 2009/07/21 12:0 a.m.31 views

openSUSE Security Update : rubygem-activerecord (rubygem-activerecord-328)

Missing sanity checks of the :limit and :offset parameters in SQL queries could potentially be exploited to conduct SQL inection attacks CVE-2008-4094. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

7.5CVSS5.6AI score0.0303EPSS
Exploits1References2
Rows per page
Query Builder