BeEF 0.4.2.12 alpha Browser Exploitation Framework Released

BeEF 0.4.2.12 alpha Browser Exploitation Framework Released The Browser Exploitation Framework BeEF is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks,...

BeEF 0.4.2.12 alpha Browser Exploitation Framework Released

BeEF 0.4.2.12 alpha Browser Exploitation Framework Released The Browser Exploitation Framework BeEF is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks,...

OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability

OpenSSH sshd with ChallengeResponseAuthentication enabled is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Directory traversal

Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 set or 2 module parameter to a OM/Core/Site/Admin/Application/templatesmodules/pages/info.php, b...

CVE-2011-4543

Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 set or 2 module parameter to a OM/Core/Site/Admin/Application/templatesmodules/pages/info.php, b...

CVE-2011-4544

Multiple cross-site scripting XSS vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the 1 address or 2 relativbasedir parameter to modules/mondialrelay/googlemap.php; the 3 relativbasedir, 4 Pays, 5 Ville, 6 CP, 7 Poids, 8 Action, or 9 num...

Cross site scripting

Cross-site scripting XSS vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains...

Volatility 2.0 - Advanced Memory Forensics [With Video Demonstration]

Volatility 2.0 - Advanced Memory Forensics With Video Demonstration The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory RAM samples. The extraction techniques ar...

The Mystery of Duqu: Part Two

Our investigation and research of Duqu malware continues. In our previous report, we made two points: there are more drivers than it was previously thought; it is possible that there are additional modules. Besides those key points, we concluded that unlike the massive Stuxnet infections, Duqu...

CVE-2011-3628

Untrusted search path vulnerability in pammotd aka the MOTD module in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.0...

Joomla NoNumber Framework Local File Inclusion / Shell Upload

Exploit Title: NoNumber Framework Joomla! Plugin Multiple Vulnerabilities Discovery Date: 10 October 2011 Reported Date: 11 October 2011 Patch Date: 17 October 2011 Release Date: 17 October 2011 Author: jdc Software Link: http://nonumber.nl The nnframework plugin by NoNumber! contains multiple...

CVE-2011-3587

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p class in OFS/misc.py and the use of Python modules...

Design/Logic Flaw

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p class in OFS/misc.py and the use of Python modules...

PYSEC-2011-26

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p class in OFS/misc.py and the use of Python modules...

PYSEC-2011-26

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p class in OFS/misc.py and the use of Python modules...

CVE-2011-3587

CVE-2011-3587 affects Zope 2.12.x and 2.13.x, as used by Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2. The underlying issue is an unspecified vulnerability in the p_ class in OFS/misc_.py and the use of Python modules that allows a remote attacker to execute arbitrary commands. Affected ...

CVE-2011-3587

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p class in OFS/misc.py and the use of Python modules...

Exploit Pack - An open source security framework

Exploit Pack - An open source security framework Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a Java GUI, Python as Engine and well-known exploits on the wild. It has an IDE to make the task of developing new exploits easier, instant searc...

Portable OpenSSH < 3.8p1 Multiple Vulnerabilities

According to its banner, a version of OpenSSH earlier than 3.8p1 is running on the remote host and is affected by the following issues: - There is an issue in the handling of PAM modules in such versions of OpenSSH. As a result, OpenSSH may not correctly handle aborted conversations with PAM...

Information disclosure

HelpCenter Live 2.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/HelpCenter/index.php and certain other files...