Point Market System 3.1x vbulletin plugin SQLi Vulnerability

No description provided by source. +Exploit Title: Point Market System 3.1x vbulletin plugin SQL Injection Vulnerability +Author : Net.Edit0r + E-mail : [email protected] + dork : intext:Point Market System 3.1x + Versian : 3.1x + Category : Web Apps SQl + Platform : Tested on: linux +...

Schneider Electric PLC ETY Series Ethernet Controller - Denial of Service

No description provided by source. Telnet server of Schenider Electric ETY Series Controllers have a security problem. We noticed that while we are connected to the PLC through telnet, if we call telnet instance inside VxWorks again it can cause the device to crash. The telnet instance name is...

Network Associates Gauntlet Firewall 5.0 - Denial of Service Attack

No description provided by source. source: http://www.securityfocus.com/bid/556/info There is a vulnerability in Gauntlet Firewall 5.0 which allows an attacker to remotely cause a denial of service. The vulnerability occurs because Gauntlet Firewall cannot handle a condition where an ICMP Protoco...

SAMBA 2.0.7 SWAT Symlink Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/1872/info The Samba software suite is a collection of programs that implements the SMB protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes...

SAMBA 2.0.7 SWAT Symlink Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/1872/info The Samba software suite is a collection of programs that implements the SMB protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes...

Microsoft IIS 4.0 - Buffer Overflow Vulnerability (4)

No description provided by source. source: http://www.securityfocus.com/bid/307/info Microsoft IIS reported prone to a buffer overflow vulnerability in the way IIS handles requests for several file types that require server side processing. This vulnerability may allow a remote attacker to execut...

Uebimiau Webmail <= 2.7.2 - Multiple Vulnerabilities.

No description provided by source. Exploit Title: Uebimiau Webmail = 2.7.2 Multiple Vulnerabilities. Date: 13/03/10 Author: cp77fk4r | empty0pageSHIFT+2gmail.comhttp://gmail.com | www.DigitalWhisper.co.ilhttp://www.DigitalWhisper.co.il Software Link: http://www.uebimiau.org/ Version: = 2.7.2 Test...

HP-UX 11.0 SWVerify Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3279/info HP-UX is the UNIX Operating System variant distributed by Hewlett-Packard, available for use on systems of size varying from workgroup servers to enterprise systems. A problem has been discovered in the operatin...

[oss-security] CVE request -- Linux kernel: sctp: sk_ack_backlog wrap-around problem

Description of the problem: For a TCP-style socket, while processing the COOKIEECHO chunk in sctpsfdo51Dce, after it has passed a series of sanity check, a new association would be created in sctpunpackcookie, but afterwards, some processing maybe failed, and sctpassociationfree will be called to...

PlayDrone Reveals Secret Keys from Thousands of Play Store Android Apps

Google's Android Mobile operating system for smartphones and tablets have Google's own Play Store that provides its Android users the most visible way to access the world of millions of apps. App developers produce more than thousands of applications each year, but majority of newbie and...

openSUSE Security Update : libreoffice-34 (openSUSE-SU-2011:1143-1)

LibreOffice 3.4 includes new interesting features and fixes, see http://www.libreoffice.org/download/3-4-new-features-and-fix es/ The update fixes the following security issue : - 704311: libreoffice Lotus Word Pro filter multiple vulnerabilities CVE-2011-2685 - 722075: LibreOffice: Out-of-bounds...

openSUSE Security Update : nagios (openSUSE-SU-2013:1158-1)

This nagios update fixes a authorization problem inside host/service views. - added nagios-CVE-2013-2214.patch fixing unauthorized host/service views displayed in servicegroup view bnc827020 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

openSUSE Security Update : fail2ban (openSUSE-SU-2013:0566-1)

This update of fail2ban fixes a startup related startup-problem and a security problem fixed upstream CVE-2012-5642. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-267. The text...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0777-1)

java-160-openjdk was updated to 1.12.5 bnc817157 - Security fixes - S6657673, CVE-2013-1518: Issues with JAXP - S7200507: Refactor Introspector internals - S8000724, CVE-2013-2417: Improve networking serialization - S8001031, CVE-2013-2419: Better font processing - S8001040, CVE-2013-1537: Rework...

Google Play App Permissions Privacy, Security Concerns

Google’s revamped app permissions for Google Play are not being well received by Android users. Reddit threads are rife with adjectives such as “stupid” and “dangerous,” primarily because Google’s attempt to simplify permissions granted to automatically updated applications may in fact expose use...

Directory traversal

dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of t...

[SECURITY] [DSA 2860-1] parcimonie security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2860-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 11, 2014 http://www.debian.org/security/faq -...

SuSE 11.3 Security Update : strongswan (SAT Patch Number 9089)

The following security issue is fixed by this update : - strongswan has been updated to fix an authentication problem where attackers could have bypassed the IKEv2 authentication. CVE-2014-2338. bnc870572 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks...

Mandriva Linux Security Advisory : apache-commons-fileupload (MDVSA-2014:056)

Updated apache-commons-fileupload packages fix security vulnerability : It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition CVE-2014-0050...

Fixing Trust Through Certificate Transparency

SAN FRANCISCO–The security of data being transmitted over the Web relies on a large number of moving parts, from the integrity of the machine sending the data, to the security of the browser, to the implementation of encryption, to the fragility of the certificate authority system. Experts have...