Lorex Technologies Edge Series Security DVR ActiveX Buffer Overflow

The remote Windows host has one or more versions of Lorex Technologies' INetViewX ActiveX control installed. The HTTPPORT parameter in these controls is affected by a buffer overflow vulnerability that could allow an attacker to remotely execute arbitrary code if exploited. C Tenable Network...

MW6 Technologies ActiveX controls contain multiple vulnerabilities

Overview MW6 Technologies' MaxiCode, Aztec, and DataMatrix ActiveX controls contain multiple vulnerabilities. Description MW6 Technologies' MaxiCode, Aztec, and DataMatrix ActiveX controls are used for processing barcodes. The ActiveX controls contain multiple vulnerabilities that may lead to...

cmstop through the kill injection vulnerability-vulnerability warning-the black bar safety net

Play for a few months this vulnerability. See the nine zones there ztz large cattle released out exp. 漏洞 文件 /apps/vote/controller/vote.php app.xxx.com/?app=vote&controller=vote&action=total&contentid=1 To obtain an administrator id ? app=vote&controller=vote&action=total&contentid=1 and 1=2 union...

UBUNTU-CVE-2013-4255

The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a 1 PREEMPT, 2 SUSPEND, 3 CONTINUE, 4 WANTVACATE, or 5 KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of...

NASDAQ Patches Reported XSS Vulnerability

A NASDAQ representative confirmed this morning that a cross-site scripting vulnerability on the exchange’s website discovered by an ethical hacker has been patched. The issue was reported on Sept. 2 by Ilia Kolochenko, chief executive of High-Tech Bridge, a Swiss penetration testing company...

CVE-2013-4277

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option...

Design/Logic Flaw

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option...

CVE-2013-4277

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option...

CVE-2013-4277

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option...

CVE-2013-4277

CVE-2013-4277 affects Svnserve in Apache Subversion; affected versions are 1.4.0–1.7.12 and 1.8.0–1.8.1. Local users can overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. Root cause: symlink race on pid-file handling. Impact...

KingView 6.53 Active-X File Overwrite / Creation

arg1="..................................\WINDOWS\win.ini" target.SaveToFile arg1...

Oracle Linux 5 : kernel (ELSA-2011-0927)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0927 advisory. - Revert: xen hvm: svm support cleanups Andrew Jones 703715 702657 CVE-2011-1780 - Revert: xen hvm: secure svmcraccess Andrew Jones 703715 702657...

[Aircrack-ng 1.2 Beta 1] 802.11 WEP and WPA-PSK keys cracking tool

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared ...

MS KB2820197: Update Rollup for ActiveX Kill Bits

The remote Windows host is missing one or more kill bits for ActiveX controls that are known to contain vulnerabilities. If any of these ActiveX controls are ever installed on the remote host, either now or in the future, they would expose the host to various security issues. Note that the affect...

Mandriva Linux Security Advisory : ircd-hybrid (MDVSA-2013:093)

Updated ircd-hybrid packages fix security vulnerability : Bob Nomnomnom reported a Denial of Service vulnerability in IRCD-Hybrid, an Internet Relay Chat server. A remote attacker may use an error in the masks validation and crash the server CVE-2013-0238. Please note that due to the previously...

tuned: insecure permissions of tuned.pid

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes...

OpenIPMI: IPMI event daemon creates PID file with world writeable permissions

ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...

Low: Red Hat Security Advisory: OpenIPMI security, bug fix, and enhancement update

Updated OpenIPMI packages that fix one security issue, multiple bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which give...

CYME ChartFX ActiveX ShowPropertiesDialog pageNumber indexing error

Added: 12/17/2012 BID: 55765 OSVDB: 85894 Background The CYME Power Engineering Software is a suite of applications for power engineers. It includes the ChartFX ActiveX control. Problem An indexing error in ChartFX.ClientServer.Core.dll of the ChartFX ActiveX Control allows command execution when...

CYME ChartFX ActiveX ShowPropertiesDialog pageNumber indexing error

Added: 12/17/2012 BID: 55765 OSVDB: 85894 Background The CYME Power Engineering Software is a suite of applications for power engineers. It includes the ChartFX ActiveX control. Problem An indexing error in ChartFX.ClientServer.Core.dll of the ChartFX ActiveX Control allows command execution when...