Secunia PSI 3.0 : Automatic Patching Of Insecure Applications

Secunia PSI 3.0 : Automatic Patching Of Insecure Applications Secunia Personal Software Inspector PSI is a free program that scans the system for programs that are installed in an outdated version.The developers have just released the first beta version of Secunia PSI 3.0 for Windows. A new versi...

SQL-Injection (Error-Patching) - Basic Lesson #1

Document Title: =============== SQL-Injection Error-Patching - Basic Lesson 1 References: =========== Download: http://www.vulnerability-lab.com/resources/videos/446.wmv View: http://www.youtube.com/watch?v=Yd6fu0X9epQ Release Date: ============= 2012-02-26 Vulnerability Laboratory ID VL-ID:...

SQL-Injection (Error-Patching) - Basic Lesson #1

Document Title: =============== SQL-Injection Error-Patching - Basic Lesson 1 References: =========== Download: http://www.vulnerability-lab.com/resources/videos/446.wmv View: http://www.youtube.com/watch?v=Yd6fu0X9epQ Release Date: ============= 2012-02-26 Vulnerability Laboratory ID VL-ID:...

Fedora 15 : java-1.6.0-openjdk-1.6.0.0-63.1.10.6.fc15 (2012-1721)

The update contains the following security fixes : - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700,...

State of SCADA Security 'Laughable', Researchers Say

CANCUN–For people who follow the developments in the security and research communities, it’s easy to get discouraged by the current state of affairs, given the rash of serious hacks on certificate authorities, military networks and companies such as RSA and VeriSign. But, if you think things are...

Market Fail: Regulations May Be Only Hope For Securing Critical Infrastructure

Threatpost’s exclusive interview with Ralph Langner continues, as our conversation shifts from the legacy of the Stuxnet worm to larger issues facing the critical infrastructure sector including mounting attacks, tensions between vendors and security researchers over responsible disclosure, and...

Zimbra Desktop 7.1.2 Script Injection

Title: ====== Zimbra Desktop v7.1.2 - Persistent Software Vulnerability Date: ===== 2012-01-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=378 VL-ID: ===== 378 Introduction: ============= The Zimbra offline client also Zimbra Desktop for Microsoft Windows, Apple Mac...

ColdFusion Zero day vulnerability : Remote File Disclosure of Password Hashes

ColdFusion Zero day vulnerability : Remote File Disclosure of Password Hashes Yesterday Blackhatacademy Released Fully automated MySQL5 boolean based enumeration tool. Today Another post expose the most critical ColdFusion vulnerability affects about a tenth of all ColdFusion servers at the...

OrderSys <= 1.6.4 Sql Injection Vulnerabilities

Dear All, I have found multiple sql injection vulnerabilities in OrderSys = 1.6.4. The vendor knows the vulnerabilities and he is fixing them as stated in the enclosed advisory. See also http://www.bioinformatics.org/phplabware/labwiki/index.php?page=releasenotes Since the developer is currently...

Apple To Fix iPad 2 Smart Cover Flaw with iOS 5.0.1

Apple will fix an iPad 2 security flaw with the upcoming 5.0.1 build of its iOS operating system, it’s been reported. The fix should solve a problem publicized last month with the device’s locking feature that could’ve let someone access the iPad by bypassing its Smart Cover. According to...

Concrete5 5.4.2.1 Cross Site Scripting / SQL Injection

Exploit Title: Concrete5 = 5.4.2.1 SQL Injection and XSS Vulnerabilities Date: 2011-10-04 Author: Ryan Dewhurst ryandewhurst at gmail @ethicalhack3r www.ethicalhack3r.co.uk Software Link: http://sourceforge.net/projects/concretecms/files/concrete5/5.4.2.1/ Version: 5.4.2.1 tested 1.Vulnerability...

Concrete5 CMS < 5.4.2.1 - Multiple Vulnerabilities

Exploit Title: Concrete5 = 5.4.2.1 SQL Injection and XSS Vulnerabilities Date: 2011-10-04 Author: Ryan Dewhurst ryandewhurst at gmail @ethicalhack3r www.ethicalhack3r.co.uk Software Link: http://sourceforge.net/projects/concretecms/files/concrete5/5.4.2.1/ Version: 5.4.2.1 tested 1.Vulnerability...

JagoanStore CMS Arbitary file upload vulnerability

Software: JagoanStore CMS Vendor: www.jagoanstore.com Price: Rp.900.000 IDR Vuln Type: Arbitary file upload Author: eidelweiss contact: eidelweissatwindowslivedotcom Home: www.eidelweiss-advisories.blogspot.com Gratz: Devilzc0de, YOGYACARDERLINK, and YOU !!! References:...

Planeteria Design ASP SQL Injection

+------------------------------------------------------------------------------------------+ |------------------ Planeteria Design ASP MsSQL Injection Vulnerability -----------------| +------------------------------------------------------------------------------------------+ + Google Dork :...

JagoanStore CMS Arbitary file upload vulnerability

Exploit for php platform in category web applications =================================================================== JagoanStore CMS Arbitary file upload vulnerability =================================================================== Software: JagoanStore CMS Vendor: www.jagoanstore.com...

JagoanStore CMS Shell Upload

=================================================================== JagoanStore CMS Arbitary file upload vulnerability =================================================================== Software: JagoanStore CMS Vendor: www.jagoanstore.com Price: Rp.900.000 IDR Vuln Type: Arbitary file upload...

Video: Take a Look Inside Adobe's Bug Patching Program

In this video, courtesy of Kaspersky’s Lab Matters, Ryan Naraine talks with David Lenoe, Head of the Product Security Incident Response Team, Adobe, about that company’s process for responding to security vulnerabilities in its products. Among other things, Lenoe talks about Adobe’s guidelines fo...

Fedora 14 : java-1.6.0-openjdk-1.6.0.0-54.1.9.9.fc14 (2011-9523)

PR744: icedtea6-1.10.2 : patching error - PR748: Icedtea6 fails to build with Linux 3.0. - RH718164, CVE-2011-2513: Home directory path disclosure to untrusted applications Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory...

Joomla! Component mod_spo - SQL Injection

Exploit Title: Simple Page Option LFI Google Dork: inurl:modspo Date: 15/07/2011 Author: SeguridadBlanca.Blogspot.com or SeguridadBlanca Software Link: http://joomlacode.org/gf/download/frsrelease/11841/47776/modspo1.5.16.zip Version: 1.5.x Tested on: Backtrack and Windows 7 Simple Page Option –...

AIX 610005 : U841422

The remote host is missing AIX PTF U841422 which is related to the security of the package bos.rte.security.6.1 You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...