OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423...

OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394)

Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458...

OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB...

OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423...

ionCube loader-wizard.php Remote Information Disclosure

The ionCube 'loader-wizard.php' script hosted on the remote web server is affected by a remote information disclosure vulnerability because the script fails to properly sanitize user-supplied input to the 'ininame' parameter. An attacker could potentially leverage this to view arbitrary files by...

ionCube Loader Wizard 'loader-wizard.php'多个安全漏洞

Bugtraq ID:66531 ionCube Loader Wizard是一款基于WEB的应用。 ionCube Loader Wizard允许攻击者利用漏洞获取phpinfo信息，下载配置文件，进行反射型跨站脚本攻击，下载任意文件。 0 ionCube Loader Wizard 2.42 ionCube Loader Wizard 2.36 ionCube Loader Wizard 2.46版本已修复该漏洞，建议用户下载使用： http://www.ioncube.com/loaders.php...

CVE-2013-2086

The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file...

CVE-2013-2086

The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file...

Cross site request forgery (csrf)

The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file...

UBUNTU-CVE-2013-2086

The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file...

CVE-2013-2086

The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file...

CVE-2013-2086

The CVE-2013-2086 issue affects ownCloud 5.0.x prior to 5.0.6, where the configuration loader writes CSRF tokens (and other private data) into an accessible JavaScript file. This leakage enables remote attackers to obtain CSRF tokens and other sensitive information, per the official advisory and ...

Tilon/SpyEye2 Banking Trojan Usage Declining after SpyEye Author Arrest

Today, when we come across various malware, exploit kits and botnets that are in the wild, we think about an effective Antivirus solution or a Security Patch, but the most effective solution is always "The arrest of malware authors and culprits who are involved in the development of Malware." Til...

Dexter (CasinoLoader) Panel - SQL Injection Exploit

Exploit for multiple platform in category web applications import pycurl import urllib import cStringIO import base64 import argparse import sys import string import pygeoip version = "0.1-httpbots-PoC" def PrintHelp: global version print "usage: dexter.PoC.py -h action gateway url" print "" prin...

UBUNTU-CVE-2014-1869

Multiple cross-site scripting XSS vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters aka loaderInfo.parameters...

Linux Kernel (Ubuntu 11.10/12.04) - binfmt_script Stack Data Disclosure

Source: http://www.halfdog.net/Security/2012/LinuxKernelBinfmtScriptStackDataDisclosure/ Introduction Problem description: Linux kernel binfmtscript handling in combination with CONFIGMODULES can lead to disclosure of kernel stack data during execve via copy of data from dangling pointer to stack...

[Sandcat Browser 4.4] The fastest web browser combined with the fastest scripting language packed with features for pen-testers

Sandcat Browser is the fastest web browser combined with the fastest scripting language packed with features for pen-testers. Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team. The Sandcat Browser is built on top...

Fedora 19 : gimp-2.8.10-4.fc19 (2013-22776)

This update fixes buffer overflows in the XWD loader. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Solr: directory traversal when loading XSL stylesheets and Velocity templates

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. dot dot or full pathname in the tr parameter to solr/select/, when the response writer wt parameter is set to XSLT. NOTE: this can be leveraged using a separa...