SA-CONTRIB-2012-080 - Hostmaster (Aegir) - Access Bypass and Cross Site Scripting (XSS)

Cross Site Scripting CVE: CVE-2012-2708. Hostmaster displays a log from tasks executed in Aegir's backend component, provision. In certain circumstances these log messages were not escaped properly before being displayed to the user. This vulnerability is mitigated by the fact that people wishing...

[SECURITY] Fedora 16 Update: python-2.7.3-1.fc16

Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as t...

Citing Terms Of Service, Google Takes Down Blog Of Iranian Security Researcher

An Iranian man who revealed a vulnerability in a widely used point of sale POS system in Iran had his blog confiscated by Google, which cited violations of its Terms of Service. A Google spokesman acknowledged that the company pulled down the Blogger site that Khosrow Zarefarid, an Iranian IT...

Fedora Update for pam FEDORA-2011-16390

Check for the Version of pam OpenVAS Vulnerability Test Fedora Update for pam FEDORA-2011-16390 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Joomla 2.5 Modules Simple Spotlight Upload Shell

Exploit for php platform in category web applications Joomla 2.5 Modules Simple Spotlight Upload Shell 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 3 3 3 3 7 | | | | || | | | / \ | / | / / 3 1 | | | | | || | | | | | | | | || | / / 7 3 | Exploit Modules Joomla by...

Mercury v1.0 - Framework for bug hunters to find Android vulnerabilities

Mercury v1.0 - Framework for bug hunters to find Android vulnerabilities A free framework for bug hunters to find vulnerabilities, write proof-of-concept exploits and play in Android. Use dynamic analysis on Android applications and devices for quicker security assessments. Share publicly known...

PRE PRINTING STUDIO - SQL Injection

Exploit Title: PRE PRINTING STUDIO Sql Injection Date: 16/03/2012 Author: r45c4l Email: [email protected] Script url: http://www.preprojects.com/preprojects/printing.asp Version: N/A CVE : ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::...

Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities

Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities !-- Title: Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities Vendor: Zend Technologies Ltd. Product web page: http://www.zend.com Affected version: Zend Server 5.6.0 Zend Optimizer+ 4.1 Zend Code Tracing 1.0 Zen...

Saman Portal Local File Inclusion Vulnerability

Exploit for php platform in category web applications =========================================================== + Title: Iranian Saman portal LFI + Date: 2/28/12 + Author: TMT + Mail: taktazm2800a.tyahoo.com + Type: PHP + Vendor or Software Link: http://www.sis-eg.com + Customers:...

Saman Portal Local File Inclusion

=========================================================== + Title: Iranian Saman portal LFI + Date: 2/28/12 + Author: TMT + Mail: taktazm2800a.tyahoo.com + Type: PHP + Vendor or Software Link: http://www.sis-eg.com + Customers: http://sis-eg.com/services/customers/ + Google dork:...

Saman Portal - Local File Inclusion

=========================================================== + Title: Iranian Saman portal LFI + Date: 2/28/12 + Author: TMT + Mail: taktazm2800a.tyahoo.com + Type: PHP + Vendor or Software Link: http://www.sis-eg.com + Customers: http://sis-eg.com/services/customers/ + Google dork:...

SA-CONTRIB-2012-031 - Multiple Modules Unsupported - UC PayDutchGroup - Information leakage and Multisite Search sql injection

CVE: CVE-2012-1655 UC PayDutchGroup / WeDeal payment integrates the PayDutchGroup / WeDeal payment gateway with Ubercart. The module exposes account credentials for the store's PayDutchGroup account under certain circumstances allowing a malicious user to login to the PayDutchGroup site as the...

Cisco Releases Multiple Security Advisories

Cisco has released six security advisories to address vulnerabilities affecting the following products: Cius Wifi devices running Cius Software Version 9.21 SR1 and prior Cisco Unified Communications Manager Software versions 6.x, 7.x, and 8.x Cisco Business Edition 3000, 5000, and 6000 Cisco Uni...

Gazelle Anatasoft CMS v1.x - Multiple Web Vulnerabilities

Document Title: =============== Gazelle Anatasoft CMS v1.x - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=451 Release Date: ============= 2012-02-27 Vulnerability Laboratory ID VL-ID: ==================================== 4...

Metasploit Framework 4.2.0 : IPv6, VMware, and Tons of Modules!

Metasploit Framework 4.2.0 : IPv6, VMware, and Tons of Modules! Since last release in October, Metasploit added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads. Metasploit 4.2 now ships with thirteen brand new payloads, all added to support opening...

Apache 2.4 Comes Out, Major update after 6 years

Apache 2.4 Comes Out, Major update after 6 years The Apache Software Foundation officially released the Apache 2.4 today as the first major update to this leading open-source web-server in more than a half-decade. Apache 2.4 is slated to deliver superior performance to its 2.2 predecessor and...

PHP 5.2.x Remote Code Execution Vulnerability

Release Date: 17 February 2012 Affected Versions: 5.2.0 - 5.2.17 unsupported version ------------------------------------------------------------------------------------------ Description: If PHP bails out in startup stage before setting PGmodulesactivated to 1, the filterglobals struct is not...

[USN-1364-1] Linux kernel (OMAP4) vulnerabilities

========================================================================== Ubuntu Security Notice USN-1364-1 February 13, 2012 linux-ti-omap4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2012:0052 Updated kernel packages that fix one security issue and three bugs are now available for for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring...

CVE-2012-0040

Cross-site scripting XSS vulnerability in modules/core/www/nocookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter...