GNU Make For IBM AIX 4.3.3 CC Path Local Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9903/info GNU make for IBM AIX has been reported to be prone to a buffer overflow vulnerability, the issue is reported to exist due to a lack of sufficient boundary checks performed when reading the path to the CC compile...

S.u.S.E 6.4/7.0/7.1/7.2 Berkeley Parallel Make Shell Definition Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3572/info Parallel Make pmake is a freely available version of the make program, originally distributed with Berkeley Unix. It is designed to execute Makefiles and build programs. pmake is not typically setuid root,...

Wordpress Make A Statement (MaS) Theme - CSRF Vulnerability

No description provided by source. Title : Wordpress Make A Statement Themes CSRF File Upload Vulnerability Author : DevilScreaM Date : 11/17/2013 - 17 November 2013 Category : Web Applications Type : PHP Version : 1.x.x Vendor : http://themes.mas.gambit.ph/ Greetz : 0day-id.com |...

openSUSE Security Update : miniupnpc (openSUSE-SU-2014:0815-1)

miniupnpc was updated to 1.9 to fix a potential buffer overrun in miniwget.c CVE-2014-3985. Besides that the following issues were fixed : - added argument remoteHost to UPNPGetSpecificPortMappingEntry - increment APIVERSION to 10 - --help and -h arguments in upnpc.c - define MAXHOSTNAMELEN if no...

Towelroot : One-Click Android Rooting Tool Released By Geohot

Waiting for the root access for your AT&T or Verizon Android phone? Then there is really a Great News for you! Geohot aka George Hotz - a famed cracker who was responsible for hacking the PlayStation 3 and subsequently being sued by Sony - has built and released a root tool called Towelroot on...

openSUSE Security Update : icedtea-web (openSUSE-SU-2012:0371-1)

update to 1.2 - New features : - Signed JNLP support - Support for client authentication certificates - Cache size enforcement now supported via itweb-settings - Applet parameter passing through JNLP files now supported - Better icons for access warning dialog - Security Dialog UI revamped to...

php-font-lib 0.3 Cross Site Scripting

========================================================== php-font-lib - Subset maker makesubset.php Reflected Cross-site Scripting Revision 1.0 ========================================================== Author: Daniel C. Marques @0xc0da Release date: 2014-03-23 Reference:...

[SSLsplit] Transparent and scalable SSL/TLS interception

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original...

PostgreSQL 'make check' 本地权限提升漏洞

BUGTRAQ ID: 65721 CVECAN ID: CVE-2014-0067 PostgreSQL是一款高级对象－关系型数据库管理系统，支持扩展的SQL标准子集。 PostgreSQL 9.3.3, 9.2.7, 9.1.12, 9.0.16, 8.4.20之前版本通过"make check"在构造树内运行回归测试时，服务器进程允许同一台机器上的用户作为超级用户登录，另外一个本地用户也可以获取操作系统用户的权限。 0 PostgreSQL PostgreSQL 8.x 厂商补丁： PostgreSQL ----------...

PostgreSQL -- multiple privilege issues

PostgreSQL Project reports: This update fixes CVE-2014-0060, in which PostgreSQL did not properly enforce the WITH ADMIN OPTION permission for ROLE management. Before this fix, any member of a ROLE was able to grant others access to the same ROLE regardless if the member was given the WITH ADMIN...

WordPress Theme Make A Statement (MaS) - Cross-Site Request Forgery

Title : Wordpress Make A Statement Themes CSRF File Upload Vulnerability Author : DevilScreaM Date : 11/17/2013 - 17 November 2013 Category : Web Applications Type : PHP Version : 1.x.x Vendor : http://themes.mas.gambit.ph/ Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesi...

WordPress Theme Make A Statement (MaS) - Cross-Site Request Forgery

WordPress Theme Make A Statement MaS - Cross-Site Request Forgery Title : Wordpress Make A Statement Themes CSRF File Upload Vulnerability Author : DevilScreaM Date : 11/17/2013 - 17 November 2013 Category : Web Applications Type : PHP Version : 1.x.x Vendor : http://themes.mas.gambit.ph/ Greetz ...

WordPress Make A Statement Cross Site Request Forgery Vulnerability

WordPress Make A Statement theme suffers from a cross site request forgery vulnerability. Title : Wordpress Make A Statement Themes CSRF File Upload Vulnerability Author : DevilScreaM Date : 11/17/2013 - 17 November 2013 Category : Web Applications Type : PHP Version : 1.x.x Vendor :...

pmake: Insecure temporary file usage

Background pmake is Debian’s version of NetBSD’s make, a tool to build programs in parallel. Description /usr/share/mk/bsd.lib.mk and /usr/share/mk/bsd.prog.mk create temporary files insecurely, with predictable names /tmp/dependPID, and without using $TMPDIR. Impact The make include files allow...

CVE-2013-4379

The Make Meeting Scheduler module for Drupal (6.x-1.x, affected prior to 6.x-1.3) allows remote attackers to bypass access restrictions by requesting a poll via the node URL instead of the hashed URL. Root cause: insufficient access validation when a poll is accessed directly through its node URL...

[Capture the flag] Remaster Linux Live CD images for wargames

Remaster Linux Live CD images for the purpose of creating ready to use security wargames with pre-installed vulnerabilities to exploit. Requirements You will need the following in order to build the Live CD using the scripts in this project: Linux, with root access using sudo git make, gcc -- for...

CVE-2013-5587

Cross-site scripting XSS vulnerability in Request Tracker RT 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions...

Android Vulnerability Bypasses App's Digital Signature

A vulnerability exists in the Android code base that would allow a hacker to modify a legitimate, digitally signed Android application package file APK and not break the app’s cryptographic signature—an action that would normally set off a red flag that something is amiss. Researchers at startup...

automake security update

CentOS Errata and Security Advisory CESA-2013:0526 An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base...

Beat Websites 1.0 SQL Injection

.:. Author : Metropolis .:. Home : www.metropolis.fr.cr .:. Script : Beat Websites .:. Version : 1.0 .:. Download Script: http://beatwebsites.com/ .:. .:. Information Script: .:. You to Can Make Money Running Your Own Beat Website and Keep 100% of Your Profits! .:. Take full control of your beat...