[Xenotix XSS Exploit Framework v4] Advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting XSS vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine Trident, WebKit, and Gecko embedded scanner. It is claimed to have the world’s 2nd...

DEBIAN-CVE-2013-4956

Puppet Module Tool PMT, as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to rea...

CVE-2013-4956

Puppet Module Tool PMT, as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to rea...

Code injection

Puppet Module Tool PMT, as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to rea...

Ubuntu 12.04 LTS / 12.10 / 13.04 : puppet vulnerabilities (USN-1928-1)

It was discovered that Puppet incorrectly handled the resourcetype service. A local attacker on the master could use this issue to execute arbitrary Ruby files. CVE-2013-4761 It was discovered that Puppet incorrectly handled permissions on the modules it installed. Modules could be installed with...

CVE-2013-4789

SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php...

Apache Httpd < 2.4.16 : ap_some_auth_required API unusable

A design error in the "apsomeauthrequired" function renders the API unusuable in httpd 2.4.x. In particular the API is documented to answering if the request required authentication but only answers if there are Require lines in the applicable configuration. Since 2.4.x Require lines are used for...

[SECURITY] Fedora 19 Update: node-gyp-0.10.6-1.fc19

node-gyp is a cross-platform command-line tool written in Node.js for compi ling native addon modules for Node.js, which takes away the pain of dealing with the various differences in build platforms. It is the replacement to the node-w af program which is removed for node v0.8...

[SECURITY] Fedora 18 Update: node-gyp-0.10.6-1.fc18

node-gyp is a cross-platform command-line tool written in Node.js for compi ling native addon modules for Node.js, which takes away the pain of dealing with the various differences in build platforms. It is the replacement to the node-w af program which is removed for node v0.8...

CVE-2013-3813

Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality and integrity via vectors related to Libraries/PAM-Unix...

SA-CONTRIB-2013-059 - Hostmaster (Aegir) - Access Bypass

This install profile and accompanying suite of modules enables you to install, upgrade, deploy, and backup Drupal sites among other things. The module doesn't sufficiently control access to running tasks on sites, under the scenario where a user successfully guesses a sites' path in the Aegir...

[SECURITY] Fedora 18 Update: ansible-1.2.2-1.fc18

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 17 Update: ansible-1.2.2-1.fc17

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 19 Update: ansible-1.2.2-1.fc19

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2015)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-2015 advisory. - sctp: fix to calc the INIT/INIT-ACK chunk length correctly is set CVE-2011-1573 - dccp: fix oops on Reset after close CVE-2011-1093 - bridge:...

Oracle Linux 4 : kernel (ELSA-2007-1104)

From Red Hat Security Advisory 2007:1104 : Updated kernel packages that fix various security issues and several bugs in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel package...

puppet -- multiple vulnerabilities

Puppet Labs reports: By using the resourcetype service, an attacker could cause puppet to load arbitrary Ruby files from the puppet master node's file system. While this behavior is not enabled by default, auth.conf settings could be modified to allow it. The exploit requires local file system...

Magnolia CMS Access Bypass Vulnerability

This host is running Magnolia CMS and is prone to access bypass vulnerability. OpenVAS Vulnerability Test $Id: gbmagnoliaaccessbypassvuln.nasl 6115 2017-05-12 09:03:25Z teissa $ Magnolia CMS Access Bypass Vulnerability Authors: Arun Kallavi Copyright: Copyright c 2013 Greenbone Networks GmbH,...

ZPanel 10.0.0.2 htpasswd Module Username Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "ZPanel 10.0.0.2...

CVE-2013-4612

Multiple cross-site scripting XSS vulnerabilities in REDCap before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving different modules...