Netcraft Toolbar 1.8.1 Code Execution

// runs calc.exe var shellc...

CERT Issues Advisory On RealPlayer Holes

US CERT has issued an advisory following the release, late last week, of a critical patch from RealNetworks for seven vulnerabilities in its common RealPlayer software. CERT recommended users and administrators to review the advisory from Realnetworks to determine which RealPlayer products were...

Mandriva Update for pcmanfm MDVA-2010:192 (pcmanfm)

Check for the Version of pcmanfm OpenVAS Vulnerability Test Mandriva Update for pcmanfm MDVA-2010:192 pcmanfm Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

New Jailbreak Could Defy Patching on iPhones, iPads

Code that allows Apple customers to circumvent that company’s exclusive content protection features was released on Wednesday, with security researchers warning that the hack could be impossible for Apple to fix on devices that have already been manufactured. The Chronic Development Team, a group...

Third-Party Apps Seen as Biggest Security Risk Now

A new report shows that the number of reported vulnerabilities in major commercial software products is accelerating, and that Apple’s products now have more vulnerabilities than those of any other major vendor. Perhaps more importantly, though, is the fact that third-party applications now accou...

Mandriva Update for kdebase MDVSA-2010:074 (kdebase)

Check for the Version of kdebase OpenVAS Vulnerability Test Mandriva Update for kdebase MDVSA-2010:074 kdebase Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

MS Will Patch Unknown Windows 7 Bug

Later today, Microsoft will play it safe by patching a Windows 7 bug that it says can’t be exploited. Read the full article. Computerworld...

Limny 2.0 - Cross-Site Request Forgery (Create Admin User)

Limny 2.0 - Cross-Site Request Forgery Create Admin User /¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯\ :Limny 2.0 CSRF : / /Discovered By: \ |Luis Santana | / Overview ¯¯¯¯¯¯¯¯¯¯ The Limny 2.0 CMS is vulnerable to a Cross-Site-Request Forgery exploit which allows for a malicious attacker to create their own...

FreeBSD ZFS ZIL不安全文件权限漏洞

Bugraq ID: 37657 FreeBSD是一款基于BSD的操作系统。 FreeBSD ZFS存在安全漏洞，本地攻击者可以利用漏洞获得敏感信息或提升特权。 当重播setattr事务时，重播代码默认会以不安全的权限设置属性，当记录这些事务信息时没有再次更改这些属性。 系统崩溃或掉电等情况下会把部分文件以07777属性设置。这可导致获得敏感信息或提升特权。 FreeBSD FreeBSD 8.0-STABLE FreeBSD FreeBSD 8.0-RELEASE FreeBSD FreeBSD 7.2-STABLE FreeBSD FreeBSD 7.1-STABLE FreeBSD...

phpwind 7.5 apps/groups/index.php远程包含漏洞

apps/groups/index.php 里$route和$basePath变量没有初始化,导致远程包含或者本地包含php文件,导致执行任意php代码 ?php if $route == "groups" requireonce $basePath . '/action/mgroups.php'; elseif $route == "group" requireonce $basePath . '/action/mgroup.php'; elseif $route == "galbum" requireonce $basePath . '/action/mgalbum.php';...

CentOS 5 : krb5 (CESA-2009:0408)

Updated krb5 packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authentica...

AIX 530007 : U826224

The remote host is missing AIX PTF U826224 which is related to the security of the package devices.chrp.IBM.lhea.rte You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc...

FreeBSD Security Advisory FreeBSD-SA-09:13.pipe

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:13.pipe Security Advisory The FreeBSD Project Topic: kqueue pipe race conditions Category: core Module: kern Announced: 2009-10-02 Credits: Przemyslaw Frasunek...

Dnsmasq < 2.50 Heap Overflow & Null pointer Dereference Vulns

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server 1. Advisory Information Title: Dnsmasq Heap Overflow and...

Discuz! Plugin Crazy Star < = 2.0 Sql injection Vulnerability-vulnerability warning-the black bar safety net

========================Author============================ + Founded : ZhaoHuAn + Contact : ZhengXingatshandagamesdotcom + Blog : http://www.patching.net/zhaohuan/ + Date : August, 26th 2 0 0 9 Double Seventh Festival ========================Soft Info========================= Software: Discuz!...

Discuz! Plugin Crazy Star <= 2.0 (fmid) SQL Injection Vulnerability

Exploit for unknown platform in category web applications =================================================================== Discuz! Plugin Crazy Star = 2.0 fmid SQL Injection Vulnerability ===================================================================...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

osTicket Admin Login Blind SQL Injection

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-007 osTicket Admin Login Blind SQL Injection Application: osTicket v1.6 RC4 Vendor: osTicket Vendor website: http://www.osticket.com Author: Adam Baldwin [email protected] I. BACKGROUND "osTicket is a widely-us...

FreeBSD Security Advisory FreeBSD-SA-09:09.pipe

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:09.pipe Security Advisory The FreeBSD Project Topic: Local information disclosure via direct pipe writes Category: core Module: kern Announced: 2009-06-10...

Mandriva Linux Security Advisory : mysql (MDVSA-2008:017)

MySQL 5.0.x did not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement CVE-2007-6303. The federated engine in MySQL...