IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)

Two classes of persistent XSS issues we reported in IBM Maximo a month or two back are now fixed: http://www.pentestpartners.com/blog/further-ibm-maximo-asset-management-vulnerabilities-reported/ Individual bulletins linked from the above, but tl;dr is I would suggest patching, as this could...

Intelligence Insiders Disclose Bug Information With Tor

The executive director of the Tor Project told the BBC that U.S. and U.K. intelligence agencies are in an internal cat and mouse game, with one faction trying to break the anonymity network, and another one sharing bugs anonymously with Tor developers. Andrew Leman, in an extensive...

TomatoCart 1.x - SQL Injection Vulnerability

No description provided by source. Title: TomatoCart v1.x latest-stable Remote SQL Injection Vulnerability Background: TomatoCart is open source ecommerce solution developed and maintained by a number of 64,000+ users from 50+ countries and regions. It's distributed under the terms of the GNU...

Car Hacking Enters Remote Exploitation Phase at Black Hat

LAS VEGAS – Charlie Miller and Chris Valasek have proven to be adept backseat drivers. Noted for their car-hacking exploits, Miller and Valasek have gained fame at hacking conferences and on Fox News for forcing automobiles to do their bidding. However, until today’s talk at the Black Hat 2014...

System vulnerability what is patched what is the meaning of-vulnerability warning-the black bar safety net

System vulnerabilities may often hear the word, but there are some novice friends do not know loopholes in the system? Simply put, the system vulnerability is theoperating systemsome of the possible security risks of the procedures and components, these vulnerabilities might allow your computer t...

Harnessing the Power of an Android Cluster for Security Research

When the topic of mobile security comes up, users and researchers often discuss Android as if it’s one monolithic operating system like iOS is. But the fact is that there are nearly as many versions of Android as there are Android devices, which has led to plenty of confusion when it’s time to fi...

DESTOON 补丁没补好导致的注射

简要描述： 2014-07-22 .应该对关键的地方打补 详细说明： $post = daddslashesdstripslashes$post; 打的补丁只是对 修改资料的$post做了daddslashes的措施 但是 注册的时候还是能注册特殊字符的 .找了一处 可以利用的地方 extract$USER, EXTRPREFIXALL, ''; //common.inc.php中的初始化（登录） /module/quote/price.inc.php 24-28 if$userid $post'company' = $company;//这里使用了 require...

Application Enhancer (APE) 2.0.2 - Local Privilege Escalation Exploit

No description provided by source. !/usr/bin/ruby Exploit Of The Apes: A practical pwnage for Application UNEnhancer aka APU c 2006 LMH lmh at info-pull.com and Johnny Pwnerseed. This goes dedicated to macdev. For the childish flaming and great brain lag. Lesson: Don't talk about stuff you have N...

Nagios3 statuswml.cgi Ping Command Execution

No description provided by source. $Id: nagios3statuswmlping.rb 9829 2010-07-14 18:23:47Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

WordPress LeagueManager Plugin 3.8 - SQL Injection

No description provided by source. !/usr/bin/ruby Exploit Title: WordPress LeagueManager Plugin v3.8 SQL Injection Google Dork: inurl:/wp-content/plugins/leaguemanager/ Date: 13/03/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://wordpress.org/extend/plugins/leaguemanager/ Software Link...

freeBSD 4.8 realpath() Off-By-One Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8315/info The 'realpath' function is a C-library procedure to resolve the canonical, absolute pathname of a file based on a path that may contain values such as '/', './', '../', or symbolic links. A vulnerability that wa...

Discuz! Plugin Crazy Star <= 2.0 (fmid) SQL Injection Vulnerability

============================================================ Discuz! Plugin Crazy Star = 2.0 Sql injection Vulnerability ============================================================ ========================Author============================ + Founded : ZhaoHuAn + Contact :...

Concrete5 <= 5.4.2.1 - Multiple Vulnerabilities

No description provided by source. Exploit Title: Concrete5 = 5.4.2.1 SQL Injection and XSS Vulnerabilities Date: 2011-10-04 Author: Ryan Dewhurst ryandewhurst at gmail @ethicalhack3r www.ethicalhack3r.co.uk Software Link: http://sourceforge.net/projects/concretecms/files/concrete5/5.4.2.1/...

WORK System E-Commerce <= 3.0.1 - Remote Include Vulnerability

No description provided by source. ============================================================================================ WORK System E-Commerce ginclude Remote File Inclusion Vulnerability ============================================================================================...

wu-ftpd 2.6.2, 2.6.0, 2.6.1 realpath() Off-By-One Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8315/info The 'realpath' function is a C-library procedure to resolve the canonical, absolute pathname of a file based on a path that may contain values such as '/', './', '../', or symbolic links. A vulnerability that wa...

Dramatic Drop in Vulnerable NTP Servers Used in DDoS Attacks

While patching of webservers vulnerable to the Heartbleed OpenSSL bug may have stalled, the same cannot be said about repairs to NTP servers that could be leveraged in devastating amplification attacks. A spate of distributed denial-of-service attacks DDoS tore through companies in January and...

SSL Pulse Scans Quantify Vulnerable OpenSSL Servers

Certain mitigating factors made the recent OpenSSL man-in-the-middle vulnerability a notch or two below Heartbleed in terms of criticality. With that in consideration, it’s probably no surprise that patching levels for CVE-2014-0224 aren’t as high out of the gate as they were for Heartbleed. Ivan...

openSUSE Security Update : PackageKit (openSUSE-SU-2013:0889-1)

The PackageKit zypp backend was fixed to only allow patches to be updated. Otherwise a regular user could install new packages or even downgrade older packages to ones with security problems. CVE-2013-1764 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...

VMware Patches ESXi Against OpenSSL Flaw, But Many Other Products Still Vulnerable

While the group of vulnerabilities that the OpenSSL Project patched last week hasn’t grown into the kind of mess that the Heartbleed flaw did, the vulnerabilities still affect a huge range of products. Vendors are still making their way through the patching process, and VMware has released an...

OpenSSL 'ChangeCipherSpec' MiTM Potential Vulnerability

The OpenSSL service on the remote host is potentially vulnerable to a man-in-the-middle MiTM attack, based on its response to two consecutive 'ChangeCipherSpec' messages during the incorrect phase of an SSL/TLS handshake. This flaw could allow a MiTM attacker to decrypt or forge SSL messages by...