WinRM Authentication Method Detection

This module sends a request to an HTTP/HTTPS service to see if it is a WinRM service. If it is a WinRM service, it also gathers the Authentication Methods supported. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework cla...

Think Like a Hacker for Better Security

Computer hacking is truly an epidemic. It's not enough to apply the latest patches to your servers and workstations or otherwise defend yourself reactively. If you're in charge of your network's security, you must understand how hackers minds work and what tools they're using for their attacks...

Mozilla Seamonkey Multiple Vulnerabilities-01 (Windows)

The host is installed with Mozilla Seamonkey and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaseamonkeymultvuln01oct12win.nasl 6093 2017-05-10 09:03:18Z teissa $ Mozilla Seamonkey Multiple Vulnerabilities-01 Windows Authors: Arun Kallavi Copyright: Copyright c 20...

FreeBSD : mozilla -- multiple vulnerabilities (6e5a9afd-12d3-11e2-b47d-c8600054b392)

The Mozilla Project reports : MFSA 2012-74 Miscellaneous memory safety hazards rv:16.0/ rv:10.0.8 MFSA 2012-75 select element persistance allows for attacks MFSA 2012-76 Continued access to initial origin after setting document.domain MFSA 2012-77 Some DOMWindowUtils methods bypass security check...

Design/Logic Flaw

The Chrome Object Wrapper COW implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to...

CVE-2012-3986

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils aka nsDOMWindowUtils methods, which allows remote attackers to bypass intended access restrictions v...

Moderate: Red Hat Security Advisory: freeradius2 security update

Updated freeradius2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2012-3547

Stack-based buffer overflow in the cbtlsverify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service server crash and possibly execute arbitrary code via a long "not after" timestamp in a client certificate...

CVE-2012-3547

Stack-based buffer overflow in the cbtlsverify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service server crash and possibly execute arbitrary code via a long "not after" timestamp in a client certificate...

CVE-2012-3547

Stack-based buffer overflow in the cbtlsverify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service server crash and possibly execute arbitrary code via a long "not after" timestamp in a client certificate...

CVE-2012-3547

Stack-based buffer overflow in the cbtlsverify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service server crash and possibly execute arbitrary code via a long "not after" timestamp in a client certificate...

CVE-2012-4011

The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site...

Code injection

The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site...

Design/Logic Flaw

The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site...

Oracle Java SE 7 < Update 7 Multiple Vulnerabilities

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is earlier than 7 Update 7 and is, therefore, potentially affected the following vulnerabilities : - The 'getField' method in the 'sun.awt.SunToolkit class' provided by the bundled SunToolkit can be used ...

IBM WebSphere MQ File Transfer Edition Web Gateway Insufficient Access Control

Exploit for windows platform in category web applications Exploit Author: Nir Valtman Affected Platforms: Version 7.0.4 and all previous versions of WebSphereMQ File Transfer Editionrunning on all platforms are affected. Apparently they published the CVE above without mentioning my name, since I...

CVE-2012-2649

The Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allow remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site...

Siemens SiPass Server Buffer Overflow

OVERVIEW This advisory provides mitigation details provided by Siemens for a vulnerability that impacts the Siemens SiPass server. Siemens has reported a buffer overflow vulnerability in the Siemens SiPass server. Lucas Apa of IOActive discovered this vulnerability and reported it directly to...

X-Cart Gold 4.5 - products_map.php?symb Cross-Site Scripting

X-Cart Gold 4.5 - productsmap.php?symb Cross-Site Scripting Exploit Title: X-Cart Gold 4.5 productsmap.php symb parameter XSS Vulnerability Date: Jul 21 2012 Author: muts Version: X-Cart Gold 4.5 Vendor URL: http://www.x-cart.com/ X-Cart Gold implements a degree of XSS filtering but it is...

X-Cart Gold 4.5 - &#039;products_map.php?symb&#039; Cross-Site Scripting

Exploit Title: X-Cart Gold 4.5 productsmap.php symb parameter XSS Vulnerability Date: Jul 21 2012 Author: muts Version: X-Cart Gold 4.5 Vendor URL: http://www.x-cart.com/ X-Cart Gold implements a degree of XSS filtering but it is incomplete. The "symb" parameter of "productsmap.php" is vulnerable...