CVE-2011-1720

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service...

openSUSE Security Update : OpenOffice_org (openSUSE-SU-2011:0337-1)

Maintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOfficeorg packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the...

RealNetworks RealGames StubbyUtil.ProcessMgr.1 ActiveX Control (InstallerDlg.dll v2.6.0.445) Multiple Remote Commands Execution Vulnerabilities

RealNetworks RealGames StubbyUtil.ProcessMgr.1 ActiveX Control InstallerDlg.dll v2.6.0.445 Multiple Remote Commands Execution Vulnerabilities tested against Internet Explorer 9, Vista sp2 download url: http://www.gamehouse.com/ background: When choosing to play with theese online games ex. the ga...

Mc.Graw Hill – Hacking Exposed 3rd Edition 2011

The latest Web app attacks and countermeasures from world-renowned practitioners. Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web...

CA Internet Security / CA Host-Based Intrusion Prevention System code execution

SetXml and Save methods of HIPSEngine component allows to save file to any location...

Authentication flaw

Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to bypass authentication and invoke arbitrary methods via a malformed SOAP request, aka Bug ID CSCtc59562...

discuz 7.2 code execution vulnerability using the method of two-vulnerability and early warning-the black bar safety net

Use the exp while only the machine testing, and other purposes at your own risk! The first method: First register a user and then put form method="post" action=" http://www.xxx.com/bbs/misc.php" enctype="multipart/form-data" Post ID, specify the presence of a post:input type="text" name="tid"...

Microsoft SQL Server - Payload Execution (via SQL Injection) (Metasploit)

$Id: mssqlpayloadsqli.rb 11730 2011-02-08 23:31:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Shenzhen College of Information Technology V3. 0 injection vulnerability-vulnerability warning-the black bar safety net

Publishing author: xiaokis Affected version: V3. 0 Vulnerability type: SQL injection Vulnerability description: File: the newss. asp % on error resume next sql="update news set hits=hits+1 where id="&cstrrequest"id" conn. execute sql set rs=server. createobject"adodb. recordset" sql="select from...

Microsoft SQL Server Payload Execution via SQL Injection

This module will execute an arbitrary payload on a Microsoft SQL Server, using a SQL injection vulnerability. Once a vulnerability is identified this module will use xpcmdshell to upload and execute Metasploit payloads. It is necessary to specify the exact point where the SQL injection...

[DSECRG-00143] SAP Crystal Reports 2008 - ActiveX insecure methods

DSECRG-11-002 Internal DSECRG-00143 SAP Crystal Report Server 2008 scriptinghelpers.dll ActiveX component - Insecure methods The component contains insecure methods by which you can overwrite any file in the OS, run the executable file, kill process, delete the file. Application: SAP Crystal Repo...

Oracle Document Capture empop3.dll Insecure Methods

Exploit for windows platform in category remote exploits Application: Oracle Document Capture Versions Affected: Release 10gR3 Vendor URL: www.oracle.com Bugs: insecure method, File overwriting, File deleting Exploits: YES Reported: 22.03.2010 Vendor response: 31.03.2010 Date of Public...

Oracle Document Capture - empop3.dll Insecure Methods

Oracle Document Capture - empop3.dll Insecure Methods Source: http://packetstormsecurity.org/files/view/97868/DSECRG-11-005.txt ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-11-005 internal DSECRG-00154 Application: Oracle Document Capture...

Oracle Document Capture Actbar2.ocx Insecure Method

ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-00153 Application: Oracle Document Capture Versions Affected: Release 10gR3 Vendor URL: www.oracle.com Bugs: insecure method, File overwriting Exploits: YES Reported: 22.03.2010 Vendor response:...

Hackers learning new ways to hijack smartphones !

How safe is your cell phone? Thieves are coming up with new ways to hijack the most popular smartphones. ABC Action News investigative reporter Michael George enlisted the help of a hacking expert to find out how these programs work, and how to beat them. Droids, iPhones, and BlackBerries are jus...

CVE-2010-4254

Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call...

CVE-2010-4254

Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call...

JavaSnoop-1.0 FINAL - Latest Release

"JavaSnoop is a tool that lets you intercept methods, alter data and otherwise hack Java applications running on your computer." This is the change log for the current release: Added granular logging on the agent still controlled by the main UI menu Fixed Jython/BeanShell bug had to remove...

CVE-2010-4254

Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call...

NSA: Our Development Methods Are in the Open Now

WASHINGTON–Despite its reputation for secrecy and technical expertise, the National Security Agency doesn’t have a set of secret coding practices or testing methods that magically make their applications and systems bulletproof. In fact, one of the agency’s top technical experts said that virtual...