SAP ConfigServlet - OS Command Execution (Metasploit)

SAP ConfigServlet - OS Command Execution Metasploit require 'msf/core' class Metasploit3 'SAP ConfigServlet OS Command Execution', 'Description' = %q This module allows execution of operating system commands through the SAP ConfigServlet without any authentication. , 'Author' = 'Dmitry Chastuhin'...

[SECURITY] Fedora 18 Update: drupal7-views-3.6-1.fc18

The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...

OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: th...

OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: th...

OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: th...

Multiple critical vulnerabilities in Maxthon and Avant browsers

Hi, Below you can find a short summary of discovered vulnerabilities in Maxthon and Avant browsers. Such vulnerabilities were demonstrated during HITBAMS2012 security conference and more recently at HackPra. Affected Products - Maxthon www.maxthon.com - Avant Browser www.avantbrowser.com Security...

[SECURITY] Fedora 18 Update: php-symfony-symfony-1.4.20-2.fc18

Symfony is a complete framework designed to optimize the development of web applications by way of several key features. For starters, it separates a w eb application's business rules, server logic, and presentation views. It contains numerous tools and classes aimed at shortening the development...

SQL Injection framework: Seringa

Seringa – SQL Injection framework Seringa Romanian for seringe is an SQL injection framework featuring high customizability and a user-friendly interface. It is completely open source. Uses the .NET 4.0 framework and Windows Presentation FoundationWPF for the GUI. With regard to design it utilize...

[SECURITY] Fedora 18 Update: php-Smarty-3.1.11-1.fc18

Although Smarty is known as a "Template Engine", it would be more accurately described as a "Template/Presentation Framework." That is, it provides the programmer and template designer with a wealth of tools to automate tasks commonly dealt with at the presentation layer of an application. I stre...

[SECURITY] Fedora 16 Update: php-symfony-symfony-1.4.18-1.fc16

Symfony is a complete framework designed to optimize the development of web applications by way of several key features. For starters, it separates a w eb application's business rules, server logic, and presentation views. It contains numerous tools and classes aimed at shortening the development...

[SECURITY] Fedora 15 Update: libreoffice-3.3.4.1-5.fc15

LibreOffice is an Open Source, community-developed, office productivity sui te. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites...

WordPress Plugin VideoWhisper Video Presentation 3.17 - vw_upload.php Arbitrary File Upload

WordPress Plugin VideoWhisper Video Presentation 3.17 - vwupload.php Arbitrary File Upload source: https://www.securityfocus.com/bid/53851/info The VideoWhisper Video Presentation plug-in for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs becaus...

Wordpress VideoWhisper Video Presentation Plugin 3.17 Arbitrary File Upload

Exploit for php platform in category web applications Description : Wordpress Plugins - VideoWhisper Video Presentation Arbitrary File Upload Vulnerability Version : 3.17 Link : http://wordpress.org/extend/plugins/videowhisper-video-presentation/ Plugins :...

[SECURITY] Fedora 16 Update: libreoffice-3.4.5.2-15.fc16

LibreOffice is an Open Source, community-developed, office productivity sui te. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites...

Design/Logic Flaw

Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service application hang via crafted requests to a Windows Presentation Foundation WPF application, aka ".NET Framework Index Comparison Vulnerability."...

CVE-2012-0164

Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service application hang via crafted requests to a Windows Presentation Foundation WPF application, aka ".NET Framework Index Comparison Vulnerability."...

Android Security - Boot Camp Workshop & Presentation #2

Document Title: =============== Android Security - Boot Camp Workshop & Presentation 2 References: =========== Mirror: http://www.vulnerability-lab.com/resources/documents/471.rar Release Date: ============= 2012-03-07 Vulnerability Laboratory ID VL-ID: ==================================== 471...

Android Security - Boot Camp Workshop & Presentation #2

Document Title: =============== Android Security - Boot Camp Workshop & Presentation 2 References: =========== Mirror: https://www.vulnerability-lab.com/resources/documents/471.rar Release Date: ============= 2012-03-07 Vulnerability Laboratory ID VL-ID: ==================================== 471...

HITB2011KUL - SAPocalypse Now, CrushingSAPs J2EE

Document Title: =============== HITB2011KUL - SAPocalypse Now, CrushingSAPs J2EE References: =========== View: http://www.youtube.com/watch?v=bu6JnwqhRV0 Release Date: ============= 2012-03-05 Vulnerability Laboratory ID VL-ID: ==================================== 469 Discovery Status:...

Android Security - Boot Camp Workshop & Presentation #1

Document Title: =============== Android Security - Boot Camp Workshop & Presentation 1 References: =========== http://www.vulnerability-lab.com/resources/documents/454.rar Release Date: ============= 2012-02-26 Vulnerability Laboratory ID VL-ID: ==================================== 454 Discovery...