Upload vulnerability science[2]-js validation-vulnerability warning-the black bar safety net

On the file upload vulnerability, presumably to play the web safety of the students comes in contact with, before the station also published an article to introduce file upload vulnerabilities of the various bypass methods, but just have the document but there is no demo code, recently gave the...

[Lynis 1.4.2] Security and System Auditing Tool to Harden Linux Systems

Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information,...

CVE-2014-0032

The getresource function in repos.c in the moddavsvn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via vectors related to the server root and request methods other than GET, as...

Command injection

The getresource function in repos.c in the moddavsvn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via vectors related to the server root and request methods other than GET, as...

CVE-2014-0032

The getresource function in repos.c in the moddavsvn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via vectors related to the server root and request methods other than GET, as...

Oracle Linux 5 : piranha (ELSA-2014-0174)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2014-0174 advisory. 0.8.4-26.1.0.1 - Replace web/web/RedHat.gif with updated image in tarball 0.8.4-26.1 - Resolves: 1061903 - require authentication for all HTTP methods 0.8.4-26 ...

Mozilla: Inconsistent JavaScript handling of access to Window objects (MFSA 2014-13)

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines...

CVE-2014-1481

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines...

[OpenSSH 6.5] FREE version of the SSH Connectivity Tools

OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic including passwords to effectively...

DEBIAN-CVE-2014-0015

cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request...

[Lynis 1.4.0] Security and System Auditing Tool to Harden Linux Systems

Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information,...

reuse of wrong HTTP NTLM connection

libcurl can in some circumstances reuse the wrong connection when asked to do an NTLM-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion...

UAEPD Shopping Script SQL Injection

uaepd script – Multiple Sql Injection Vulnerabilty ==================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.uaepd.net/ .:. Dork :...

TestingWhiz - Test Automation Tool

TestingWhiz is a test automation tool for web, database, cloud, mobile and web services/API testing from Cygnet Infotech. It has a codeless architecture based on FAST Automation Engine with 290+ readily available test commands that provide easy, intuitive and fast automation solution without...

OpenJDK: key data leak via toString() methods (Libraries, 8011071)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to...

[Wapiti 2.3.0] Web Application Vulnerability Scanner

Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti act...

[SECURITY] Fedora 20 Update: ibus-pinyin-1.5.0-5.fc20

The Chinese Pinyin and Bopomofo input methods for IBus platform...

OpenJDK: key data leak via toString() methods (Libraries, 8011071)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to...

OpenJDK: key data leak via toString() methods (Libraries, 8011071)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to...

Obama Administration to Review NSA Capabilities

President Barack Obama has initiated a review of the procedures and methods that the NSA uses to collect intelligence at home and overseas to ensure that the agency isn’t overstepping its bounds in phone and Internet data collection. The review comes at a time when Congress is set to consider...