WordPress Holding Pattern Theme <= 0.6 - Unrestricted File Upload

This vulnerability allows an attacker to upload arbitrary files. The application uses limited validation which means unauthorized upload is allowed. Solution Update the theme...

Next Generation Snort IPS: Snort3

The Snort++ project has been hard at work for a while now and we have released the third alpha of the next generation Snort IPS Intrusion Prevention System. This file will show you what Snort++ has to offer and guide you through the steps from download to demo. If you are unfamiliar with Snort yo...

Crunch - Password Cracking Wordlist Generator

Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations. Features crunch generates wordlists in both combination and permutation ways it can breakup output by number of lines or fi...

F5 Networks BIG-IP : Linux kernel vulnerability (SOL15852)

The trytounmapcluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service system crash by triggering a memory-usage pattern that requires removal of page-table mappings. C Tenable...

SOL15852 - Linux kernel vulnerability CVE-2014-3122

The trytounmapcluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service system crash by triggering a memory-usage pattern that requires removal of page-table mappings. CVE-2014-3122...

SAP Netweaver Enqueue Server - Denial of Service

No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability Advisory ID:...

Oracle Linux 6 : kernel (ELSA-2014-1392)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1392 advisory. - kernel futex: Fix errors in nested key ref-counting Denys Vlasenko 1094458 CVE-2014-0205 Tenable has extracted the preceding description block direct...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel Security (ELSA-2014-3083)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3083 advisory. - ALSA: control: Don't access controls outside of protected regions Lars-Peter Clausen Orabug: 19817787 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 -...

SAP Netweaver Enqueue Server Trace Pattern Denial Of Service

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability Advisory ID: CORE-2014-0007 Advisory URL:...

file security and bug fix update

5.04-21 - fix typographical error in changelog 5.04-20 - fix 1037279 - better patch for the bug from previous release 5.04-19 - fix 1037279 - display 'from' field on 32bit ppc core 5.04-18 - fix 664513 - trim white-spaces during ISO9660 detection 5.04-17 - fix CVE-2014-3479 cdfcheckstreamoffset...

[SECURITY] Fedora 20 Update: rubygem-activerecord-4.0.0-5.fc20

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

CVE-2014-3170

extensions/common/urlpattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character...

[SECURITY] Fedora 19 Update: rubygem-activerecord-3.2.13-2.fc19

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

Design/Logic Flaw

HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, and J06.03 through J06.17.01 does not properly evaluate the DISKFILE-PATTERN ACL of a program object file, which allows remote authenticated users to bypass intended restrictions on program access via vectors related to...

PWGen - Generator of cryptographically-strong passwords

PWGen is a professional password generator capable of creating large amounts of cryptographically-secure passwords or passphrases consisting of words from a word list. It uses a “random pool ” technique to generate random data based on user inputs keystrokes, mouse handling and volatile system...

Joomla Health & Fitness Stats Persistent XSS Vulnerability

No description provided by source. Name : Joomla Health & Fitness Stats Persistent XSS Vulnerability Date : july 12,2010 Critical Level : HIGH vendor URL :http://joomla-extensions.instantiate.co.uk/jcomponents/healthstats Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd...

Coppermine Photo Gallery <= 1.4.14 Remote SQL Injection Exploit

No description provided by source. ?php RST/GHC PRIVATE CPG 1.4.10 sql injection exploit Date: 17.05.07 bug: SQL injection in private album function through array indexes with COOKIE errorreporting EERROR; inisetmaxexecutiontime,0; intro; if $argc 4 print Usage: . $argv0 . host dir force table...

DMXReady Members Area Manager Persistent XSS Vulnerability

No description provided by source. Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title: DMXReady Members Area Manager Persistent XSS Vendor url:http://www.dmxready.com/ Version:2 Price:295$ Published: 2010-09-06 GThanx to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic...

nginx 0.6.38 - Heap Corruption Exploit

No description provided by source. !/usr/bin/env python Exploit Title: nginx heap corruption Date: 08/26/2010 Author: aaron conole [email protected] Software Link: http://nginx.org/download/nginx-0.6.38.tar.gz Version: = 0.6.38, = 0.7.61 Tested on: BT4R1 running nginx 0.6.38 locally CVE: 2009-26...

Joomla SocialAds Component com_socialads Persistent XSS Vulnerability

No description provided by source. 1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Joomla comsocialads Persistent Xss Vulnerability Date : july 3,2010 Critical Level : HIGH vendor URL :http://techjoomla.com/...