CVE-2012-2649

The Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allow remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site...

Siemens SiPass Server Buffer Overflow

OVERVIEW This advisory provides mitigation details provided by Siemens for a vulnerability that impacts the Siemens SiPass server. Siemens has reported a buffer overflow vulnerability in the Siemens SiPass server. Lucas Apa of IOActive discovered this vulnerability and reported it directly to...

X-Cart Gold 4.5 - products_map.php?symb Cross-Site Scripting

X-Cart Gold 4.5 - productsmap.php?symb Cross-Site Scripting Exploit Title: X-Cart Gold 4.5 productsmap.php symb parameter XSS Vulnerability Date: Jul 21 2012 Author: muts Version: X-Cart Gold 4.5 Vendor URL: http://www.x-cart.com/ X-Cart Gold implements a degree of XSS filtering but it is...

X-Cart Gold 4.5 - 'products_map.php?symb' Cross-Site Scripting

Exploit Title: X-Cart Gold 4.5 productsmap.php symb parameter XSS Vulnerability Date: Jul 21 2012 Author: muts Version: X-Cart Gold 4.5 Vendor URL: http://www.x-cart.com/ X-Cart Gold implements a degree of XSS filtering but it is incomplete. The "symb" parameter of "productsmap.php" is vulnerable...

sip-methods NSE Script

Enumerates a SIP Server's allowed methods INVITE, OPTIONS, SUBSCRIBE, etc. The script works by sending an OPTION request to the server and checking for the value of the Allow header in the response. Script Arguments sip.timeout See the documentation for the sip library. Example Usage nmap...

HP Device Access Manager for Protect Tools Information Store ActiveX memory corruption

Buffer overflows in different methods...

Key Stuxnet LNK Spreading Mechanism Stops Working

One of the key infection methods for the Stuxnet worm was hard-coded to stop working on June 24, removing one of its techniques for propagation. Researchers say that the date, which is found in coded form in the worm’s instructions, is nearly three years to the day from the date that the first...

IBM WebSphere Sensor Events多个输入验证漏洞

BUGTRAQ ID: 53859 IBM WebSphere Sensor Events可提供创建和管理企业级传感器的中间件基础架构。 IBM WebSphere Sensor Events在实现上存在P001414 XSS、文件路径遍历、不安全HTTP方法、searchView.jsp中的deferredView.jsp XSS问题内的P001538跨站脚本执行漏洞, 攻击者可利用这些漏洞窃取Cookie身份验证凭证、执行非法操作或泄漏敏感信息。 0 IBM WebSphere Sensor Events 7.0 厂商补丁： IBM ---...

RedHat Update for Red Hat Enterprise Linux 6.1 kernel RHSA-2011:0542-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

ajp-methods NSE Script

Discovers which options are supported by the AJP Apache JServ Protocol server by sending an OPTIONS request and lists potentially risky methods. In this script, "potentially risky" methods are anything except GET, HEAD, POST, and OPTIONS. If the script reports potentially risky methods, they may...

McAfee Web Gateway URL Filtering Bypass

Exploit Title: McAfee Web Gateway URL Filtering Bypass Date: 16/04/2012 Author: Gabriel Menezes Nunes Version: McAfee Web Gateway Tested on: McAfee Web Gateway 7.0 CVE: CVE-2012-2212 I found a vulnerability in McAfee Web Gateway 7 that allows access to filtered sites. The appliance believes in th...

Quest Toad for Oracle ActiveX unauthorized access

It's possible to access files via unsafe methods...

CVE-2011-4044

An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods...

CVE-2012-1098

Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...

UBUNTU-CVE-2012-1097

The regset aka register set feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service NULL pointer dereference or possibly have unspecified other impact via a 1 PTRACEGETREGSET or 2 PTRACESETREGSE...

Advantech Studio ISSymbol ActiveX Buffer Overflow

Overview This advisory is a follow-up to the original alert titled ICS-ALERT-11-131-01 - Advantech Studio ISSymbol ActiveX Buffer Overflow Vulnerabilities that was published May 11, 2011, on the ICS-CERT web page. A remote attacker could exploit these vulnerabilities; publicly available exploit...

http TRACE cross-site attacks a vulnerability test with the defense fix-bug warning-the black bar safety net

From the bad wolf's blog Web Presence: http TRACE cross-site attack vulnerabilities. Scan results: http TRACE cross-site attacks His webserver supports the TRACE and/or TRACK methods. TRACE and TRACK is used to debugweb serverthe connection to the HTTP way. Support the way of a presence Server...

US Congressmen Call Foul on Facebook's Tracking Methods

Two congressmen have accused Facebook of dodging questions about whether it tracks the activity of its 800 million members. On Monday, Representatives Ed Markey D-Mass and Joe Barton R-Tex. questioned the reasoning behind a recent patent application by the site that suggests it may use informatio...

Social network poisoning - They are Following you Everywhere !

Note : This Article is taken from Most Comprehensive and Informative IT Security Magazine by The Hacker News - December Edition Download Here "Be Social" is the imperative of the last years. We live alternative lives, weave dense networks of relationships; we feel the irrepressible urge to be par...

Low: Red Hat Security Advisory: JBoss Enterprise Application Platform 5.1.2 update

JBoss Enterprise Application Platform 5.1.2, which fixes two security issues, various bugs, and adds several enhancements is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System...