Saman Portal - Local File Inclusion

=========================================================== + Title: Iranian Saman portal LFI + Date: 2/28/12 + Author: TMT + Mail: taktazm2800a.tyahoo.com + Type: PHP + Vendor or Software Link: http://www.sis-eg.com + Customers: http://sis-eg.com/services/customers/ + Google dork:...

Saman Portal Local File Inclusion

=========================================================== + Title: Iranian Saman portal LFI + Date: 2/28/12 + Author: TMT + Mail: taktazm2800a.tyahoo.com + Type: PHP + Vendor or Software Link: http://www.sis-eg.com + Customers: http://sis-eg.com/services/customers/ + Google dork:...

Saman Portal Local File Inclusion Vulnerability

Exploit for php platform in category web applications =========================================================== + Title: Iranian Saman portal LFI + Date: 2/28/12 + Author: TMT + Mail: taktazm2800a.tyahoo.com + Type: PHP + Vendor or Software Link: http://www.sis-eg.com + Customers:...

SA-CONTRIB-2012-031 - Multiple Modules Unsupported - UC PayDutchGroup - Information leakage and Multisite Search sql injection

CVE: CVE-2012-1655 UC PayDutchGroup / WeDeal payment integrates the PayDutchGroup / WeDeal payment gateway with Ubercart. The module exposes account credentials for the store's PayDutchGroup account under certain circumstances allowing a malicious user to login to the PayDutchGroup site as the...

Cisco Releases Multiple Security Advisories

Cisco has released six security advisories to address vulnerabilities affecting the following products: Cius Wifi devices running Cius Software Version 9.21 SR1 and prior Cisco Unified Communications Manager Software versions 6.x, 7.x, and 8.x Cisco Business Edition 3000, 5000, and 6000 Cisco Uni...

Gazelle Anatasoft CMS v1.x - Multiple Web Vulnerabilities

Document Title: =============== Gazelle Anatasoft CMS v1.x - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=451 Release Date: ============= 2012-02-27 Vulnerability Laboratory ID VL-ID: ==================================== 4...

Metasploit Framework 4.2.0 : IPv6, VMware, and Tons of Modules!

Metasploit Framework 4.2.0 : IPv6, VMware, and Tons of Modules! Since last release in October, Metasploit added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads. Metasploit 4.2 now ships with thirteen brand new payloads, all added to support opening...

Apache 2.4 Comes Out, Major update after 6 years

Apache 2.4 Comes Out, Major update after 6 years The Apache Software Foundation officially released the Apache 2.4 today as the first major update to this leading open-source web-server in more than a half-decade. Apache 2.4 is slated to deliver superior performance to its 2.2 predecessor and...

PHP 5.2.x Remote Code Execution Vulnerability

Release Date: 17 February 2012 Affected Versions: 5.2.0 - 5.2.17 unsupported version ------------------------------------------------------------------------------------------ Description: If PHP bails out in startup stage before setting PGmodulesactivated to 1, the filterglobals struct is not...

[USN-1364-1] Linux kernel (OMAP4) vulnerabilities

========================================================================== Ubuntu Security Notice USN-1364-1 February 13, 2012 linux-ti-omap4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2012:0052 Updated kernel packages that fix one security issue and three bugs are now available for for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring...

CVE-2012-0040

Cross-site scripting XSS vulnerability in modules/core/www/nocookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter...

SA-CONTRIB-2012-006 XSS and CSRF in Multiple Modules - Supercron, Taxotouch, Admin:hover, Taxonomy Navigator no longer supported

CVE: CVE-2012-1628 SuperCron is a complete replacement for Drupal's built-in Cron functionality. The module is vulnerable to Cross Site Scripting. The vulnerability is mitigated by an attacker needing to gain an account with "access administration pages" permission. CVE: CVE-2012-1629 Taxotouch...

Plone and Zope Remote CMD Injection Exploit

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Plone and Zope...

Fedora Update for perl-PAR FEDORA-2011-16859

Check for the Version of perl-PAR OpenVAS Vulnerability Test Fedora Update for perl-PAR FEDORA-2011-16859 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

FreeBSD -- pam_ssh() does not validate service names

Problem Description: Some third-party applications, including KDE's kcheckpass command, allow the user to specify the name of the policy on the command line. Since OpenPAM treats the policy name as a path relative to /etc/pam.d or /usr/local/etc/pam.d, users who are permitted to run such an...

[SECURITY] Fedora 15 Update: perl-PAR-1.002-4.fc15

This module lets you use special zip files, called Perl Archives, as libraries from which Perl modules can be loaded...

Plone Request Parsing Remote Command Execution

The version of Plone hosted on the remote web server has a flaw that allows arbitrary access to Python modules. Using a specially crafted URL, this can allow an unauthenticated, remote attacker the ability to run arbitrary commands on the system through the Python 'os' module in the context of th...

Multiple Vulnerabilities Haunt Long List of PLC Modules

A long list of industrial-control modules manufactured by Schneider Electric and used to control operations at various industrial facilities contain multiple weaknesses and vulnerabilities that could allow an attacker to modify the firmware, login remotely and run arbitrary code on the vulnerable...

Fedora Update for pam FEDORA-2011-16365

Check for the Version of pam OpenVAS Vulnerability Test Fedora Update for pam FEDORA-2011-16365 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...