164 matches found
June 2016 Android Security Bulletin
Google today pushed out its monthly Android patches, addressing what is becoming a monthly custom of a critical Mediaserver vulnerability, in addition to a half-dozen critical flaws in different Qualcomm drivers. The Android Security Bulletin includes patches for eight critical flaws, and while...
GNU Libgcrypt Security Bypass Vulnerability
GNU Libgcrypt is a general-purpose cryptographic library developed by the GNU Project based on the GnuPG code. A security vulnerability exists in GNU Libgcrypt that allows attackers to perform unauthorized operations...
Devana SQL Injection vulnerability
No description provided by source. Exploit Title: Devana SQL Injection vulnerability Date: 28.03.2010 Author: Valentin Category: webapps/0day Version: Tested on: Debian lenny, Apache2, MySQL5 CVE : Code : :: General information :: Devana SQL injection vulnerability detected :: by Valentin Hoebel ...
[WebSploit Framework] Scan And Analysis Remote System From Vulnerability
WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability. WebSploit Is An Open Source Project For : Social Engineering Works Scan,Crawler & Analysis Web Automatic Exploiter Support Network Attacks +Autopwn - Used From Metasploit For Scan and Exploit Target Servic...
WebKit 'addChildNodesToDeletionQueue()'函数释放后重用远程代码执行漏洞
BUGTRAQ ID: 59517 CVECAN ID: CVE-2013-0905 WebKit是一个开源的浏览器引擎,也是苹果Mac OS X 系统引擎框架版本的名称,主要用于Safari,Dashboard,Mail和其他一些Mac OS X 程序。 WebKit 1.11.5、1.10.2将SVG动画处理为容器节点会产生无效的第一个字对象,此时函数 'addChildNodesToDeletionQueue'...
Backdoored PhpMyAdmin distributed at SourceForge site
A security issue has been reported in phpMyAdmin, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the distribution of a compromised phpMyAdmin source code package containing a backdoor, which can be exploited to e.g. execute...
WebSploit Toolkit 1.6 Released
WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability Description : +Autopwn - Used From Metasploit For Scan and Exploit Target Service +wmap - Scan,Crawler Target Used From Metasploit wmap plugin +format infector - inject reverse & bind payload into file form...
Attack Tool Released for WPS PIN Vulnerability
Just a day after security researcher Stefan Viehbock released details of a vulnerability in the WiFi Protected Setup WPS standard that enables attackers to recover the router PIN, a security firm has published an open-source tool capable of exploiting the vulnerability. The tool, known as Reaver,...
Mandriva Update for hornetq MDVA-2011:016 (hornetq)
Check for the Version of hornetq OpenVAS Vulnerability Test Mandriva Update for hornetq MDVA-2011:016 hornetq Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
Apple Patches Safari Browser Holes
Apple on Thursday issued updates for its Safari Web browser to fix more than two dozen vulnerabilities that left the browser open to Web-based attacks. The company released Safari versions 5.0.3 and 4.1.3 for Mac OS X and Windows XP SP2, Vista and Windows 7. The updated versions fix 27 reported...
Earn Rewards for Finding Security Flaws in Gmail, YouTube, and More
Google is on the hunt for hackers to find security vulnerabilities in popular web applications like Gmail, Blogger, and YouTube. The tech giant is offering rewards starting at $500 per bug. For vulnerabilities that are "severe or unusually clever," the payout can reach up to $3,133.70...
Devana v1.6.6 SQL Injection vulnerability
Exploit for php platform in category web applications ========================================= Devana v1.6.6 SQL Injection vulnerability ========================================= Exploit Title: Devana SQL Injection vulnerability Date: 28.03.2010 Author: Valentin Category: webapps/0day Version:...
Devana - SQL Injection
Devana - SQL Injection Exploit Title: Devana SQL Injection vulnerability Date: 28.03.2010 Author: Valentin Category: webapps/0day Version: Tested on: Debian lenny, Apache2, MySQL5 CVE : Code : :: General information :: Devana SQL injection vulnerability detected :: by Valentin Hoebel ::...
WebKit Style Tag Remote Denial of Service Vulnerability
Exploit for multiple platform in category dos / poc ======================================================= WebKit Style Tag Remote Denial of Service Vulnerability ======================================================= Vulnerable: WebKit Open Source Project WebKit 0 Google Chrome 4.0.249 .89...
jetty 6.x 7.x - Cross-Site Scripting Information Disclosure Injection
jetty 6.x 7.x - Cross-Site Scripting Information Disclosure Injection Jetty 6.x and 7.x Multiple Vulnerabilities Name Multiple Vulnerabilities in Jetty Systems Affected Jetty 7.0.0 and earlier versions Severity Medium Impact CVSSv2 Medium 5/10, vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Vendor...
OpenCORE pvmp3_huffman_parsing.cpp MP3文件解析整数下溢漏洞
BUGTRAQ ID: 33673 CVECAN ID: CVE-2009-0475 OpenCORE是开放源码的多媒体解码子系统。 OpenCORE的pvmp3huffmanparsing.cpp文件在Huffman解码期间存在整数下溢,导致在写入到堆分配缓冲区时出现错误的边界检查。如果用户受骗打开了恶意的mp3文件,就可以触发这个溢出,导致播放器崩溃或执行任意代码。 Android Open Source Project OpenCORE = 2.0 厂商补丁: Android Open Source Project ---------------------------...
Fez 1.3/2.0 RC1 (list.php) Remote SQL Injection Vulnerability
No description provided by source. ------------------------------------------------------------------------------ Fez software Version 1.3 AND 2.0 RC1 list.php - SQL Injection Vulnerability http://sourceforge.net/projects/fez About:- Fez is an open source project to produce and maintain a highly...
Fez 1.3/2.0 RC1 - 'list.php' SQL Injection
------------------------------------------------------------------------------ Fez software Version 1.3 AND 2.0 RC1 list.php - SQL Injection Vulnerability http://sourceforge.net/projects/fez About:- Fez is an open source project to produce and maintain a highly flexible web interface to FEDORA fo...
Nagasaki Electronic Prefectural Office System SQL injection vulnerability
Overview Nagasaki Prefectural Government has developed an open source electronic prefectural office system. The system contains SQL injection vulnerabilities. Impact A remote attacker may view or modify the database contents. Solution None...
aspReadySQL.txt
The free, open source project called "aspReady FAQ" is open for SQL-injection. This results is admin access with the ability change/delete the entire database. An example on SQL-inject that works could be: 1'or'1'='1 After doing a google search, I've found out that some companies are actually usi...