Directory traversal

Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. dot dot in a repository name...

Arbitrary resource file download in urlrewrite.xml

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-26888. panel There is an arbitrary resource file download vulnerability triggered by a third party library...

libxslt: Use-after-free when processing an invalid XPath expression

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service application crash via a crafted XSLT expression that is not properly identified during XPath navigation, related to 1 the...

Fedora Update for rubygem-activerecord FEDORA-2012-9635

Check for the Version of rubygem-activerecord OpenVAS Vulnerability Test Fedora Update for rubygem-activerecord FEDORA-2012-9635 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Fedora Update for rubygem-activerecord FEDORA-2012-8901

Check for the Version of rubygem-activerecord OpenVAS Vulnerability Test Fedora Update for rubygem-activerecord FEDORA-2012-8901 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Analysis Shows Traces of Wiper Malware, But No Links to Flame

One of the things about the investigation into the Flame malware that’s remained unclear for several months now is what ever became of the so-called Wiper virus that had been seen erasing data on machines in Iran and that led researchers to eventually discover Flame. No actual samples of Wiper ha...

Sensitive data in human brain successfully extract by Hackers

It is now possible to hack the human brain ? YES ! This was explained researchers at the Usenix Conference on Security, held from 8 to 10 August in Washington State. Using a commercial off-the-shelf brain-computer interface, the researchers have shown that it's possible to hack your brain, forcin...

RealPlayer Plus 14.0.4.53 RealAudio Integer Division

Exploit for windows platform in category local exploits Title : RealPlayer Plus 14.0.4.53 RealAudio Integer Division By Zero CVE : 2012-3235 References : http://service.real.com/realplayer/security/06292012player/en/ Auther : Senator of Pirates E-Mail : email protected FaceBook :...

[SECURITY] Fedora 17 Update: rubygem-activerecord-3.0.11-3.fc17

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

Fedora Update for rubygem-activerecord FEDORA-2012-8982

Check for the Version of rubygem-activerecord OpenVAS Vulnerability Test Fedora Update for rubygem-activerecord FEDORA-2012-8982 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Airlock WAF 4.2.4 - Overlong UTF-8 Sequence Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Airlock WAF overlong UTF-8 sequence bypass product: Airlock vulnerable version: = 4.2.4 without hotfix HF4213 fixed version: 4.2.5 impact: critical homepage:...

Fedora Update for rubygem-activerecord FEDORA-2012-8972

Check for the Version of rubygem-activerecord OpenVAS Vulnerability Test Fedora Update for rubygem-activerecord FEDORA-2012-8972 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

[SECURITY] Fedora 16 Update: rubygem-activerecord-3.0.10-2.fc16

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

smb-ls NSE Script

Attempts to retrieve useful information about files shared on SMB volumes. The output is intended to resemble the output of the UNIX ls command. Script Arguments smb-ls.path the path, relative to the share to list the contents from default: root of the share smb-ls.pattern the search pattern to...

Fedora Update for rubygem-activerecord FEDORA-2011-11386

Check for the Version of rubygem-activerecord OpenVAS Vulnerability Test Fedora Update for rubygem-activerecord FEDORA-2011-11386 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

OS X Gather Colloquy Enumeration

This module will collect Colloquy's info plist file and chat logs from the victim's machine. There are three actions you may choose: INFO, CHATS, and ALL. Please note that the CHAT action may take a long time depending on the victim machine, therefore we suggest to set the regex 'PATTERN' option ...

OS X Gather Adium Enumeration

This module will collect Adium's account plist files and chat logs from the victim's machine. There are three different actions you may choose: ACCOUNTS, CHATS, and ALL. Note that to use the 'CHATS' action, make sure you set the regex 'PATTERN' option in order to look for certain log names which...

Typing Test

Researchers at the American University of Beirut in Lebanon have been working on software that doesn’t analyze what passwords are typed, but rather how words are typed. Researchers Ravel Jabbour, Wes Mastri and Ali El-Hajj have found that examining the speed and rhythm of the user’s keystrokes...

Mandriva Linux Security Advisory : apache (MDVSA-2012:003)

Multiple vulnerabilities has been found and corrected in apache : Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file...

Apache mod_proxy Reverse Proxy Exposure

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache HTTP Server Security Advisory ==================================== Title: modproxy reverse proxy exposure CVE: CVE-2011-3368 Date: 20111005 Product: Apache HTTP Server Versions: httpd 1.3 all versions, httpd 2...