CVE-2013-2086

The CVE-2013-2086 issue affects ownCloud 5.0.x prior to 5.0.6, where the configuration loader writes CSRF tokens (and other private data) into an accessible JavaScript file. This leakage enables remote attackers to obtain CSRF tokens and other sensitive information, per the official advisory and ...

Tilon/SpyEye2 Banking Trojan Usage Declining after SpyEye Author Arrest

Today, when we come across various malware, exploit kits and botnets that are in the wild, we think about an effective Antivirus solution or a Security Patch, but the most effective solution is always "The arrest of malware authors and culprits who are involved in the development of Malware." Til...

Dexter (CasinoLoader) Panel - SQL Injection Exploit

Exploit for multiple platform in category web applications import pycurl import urllib import cStringIO import base64 import argparse import sys import string import pygeoip version = "0.1-httpbots-PoC" def PrintHelp: global version print "usage: dexter.PoC.py -h action gateway url" print "" prin...

UBUNTU-CVE-2014-1869

Multiple cross-site scripting XSS vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters aka loaderInfo.parameters...

Linux Kernel (Ubuntu 11.10/12.04) - binfmt_script Stack Data Disclosure

Source: http://www.halfdog.net/Security/2012/LinuxKernelBinfmtScriptStackDataDisclosure/ Introduction Problem description: Linux kernel binfmtscript handling in combination with CONFIGMODULES can lead to disclosure of kernel stack data during execve via copy of data from dangling pointer to stack...

[Sandcat Browser 4.4] The fastest web browser combined with the fastest scripting language packed with features for pen-testers

Sandcat Browser is the fastest web browser combined with the fastest scripting language packed with features for pen-testers. Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team. The Sandcat Browser is built on top...

Fedora 19 : gimp-2.8.10-4.fc19 (2013-22776)

This update fixes buffer overflows in the XWD loader. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Solr: directory traversal when loading XSL stylesheets and Velocity templates

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. dot dot or full pathname in the tr parameter to solr/select/, when the response writer wt parameter is set to XSLT. NOTE: this can be leveraged using a separa...

Windows Manage Driver Loader

This module loads a KMD Kernel Mode Driver using the Windows Service API. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SERVICEDEMANDSTART', 'boot' = 'SERVICEBOOTSTART', 'auto' =...

[SE-2012-01] Issue 69 details and IBM Java vulnerabilities

Hello All, The CPU released yesterday Oct 15, 2013 by Oracle included information about a fix for Java SE 7 vulnerability Issue 69 that was reported to the company in July. Issue 69 allows to conduct a very classic attack against Java VM - the so called class spoofing attack. To quote the paper...

DEBIAN-CVE-2013-6397

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. dot dot or full pathname in the tr parameter to solr/select/, when the response writer wt parameter is set to XSLT. NOTE: this can be leveraged using a separa...

Oracle Linux 5 / 6 : gimp (ELSA-2013-1778)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-1778 advisory. - fix overflow in XWD loader CVE-2013-1913, CVE-2013-1978 Tenable has extracted the preceding description block directly from the Oracle Linux...

GNU C Library: Multiple vulnerabilities

Background The GNU C library is the standard C library used by Gentoo Linux systems. Description Multiple vulnerabilities have been discovered in GNU C Library. Please review the CVE identifiers referenced below for details. Impact A local attacker could trigger vulnerabilities in dynamic library...

gimp security update

2:2.6.9-6 - fix overflow in XWD loader CVE-2013-1913, CVE-2013-1978 2:2.6.9-5 - fix overflow in XWD loader 879302 2:2.6.9-5 - fix overflow in GIF loader 847303 2:2.6.9-5 - fix overflows in GIF, CEL loaders 727800, 839020 2:2.6.9-4.1 - fix various overflows 666793, 703403, 703405, 703407, 704512...

GLSA-201312-01 : GNU C Library: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201312-01 GNU C Library: Multiple vulnerabilities Multiple vulnerabilities have been discovered in GNU C Library. Please review the CVE identifiers referenced below for details. Impact : A local attacker could trigger...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-235)

Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine...

RHEL 6 : java-1.6.0-openjdk (RHSA-2013:1505)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1505 advisory. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple inp...

Important: java-1.6.0-openjdk

Issue Overview: Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual...

JDK: java.lang.ClassLoder defineClass() code execution

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600,...

OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information...