Fake Facebook Alert Emails Link to Black Hole Sites

Attackers are sending spoofed “pending notification” emails to Facebook users, claiming that the recipients overlooked some alert on the world’s largest social network, and providing them with a link that supposedly leads to the allegedly neglected content but which, in reality, funnels users to ...

CVE-2012-5851

html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting XSS protection mechanism via a crafted string, aka...

XSS Vulnerability in Apple website

A 16 years old Spanish Whitehat hacker going by name "The Pr0ph3t" found XSS Vulnerability on Apple website. The Vulnerability reported in Apple subdomain - https://locate.apple.com, where users can choose a service center location. About Cross site scripting : Cross-Site Scripting attacks are a...

Hong Kong stock exchange Hacker sentenced for 9 Months Jail

Tse Man- lai, 28-year-old businessman, owner of an information technology company, launched denial-of-service DoS attacks on Hong Kong stock exchange last year on August 12 and 13 , was sentenced to nine months in jail on Friday. According to SCMP, Tse Man- lai, who had pleaded not guilty to two...

[SECURITY] [DSA 2567-1] request-tracker3.8 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2567-1 [email protected] http://www.debian.org/security/ Florian Weimer October 26, 2012 http://www.debian.org/security/faq -...

Critical Flaw Reported in CloudStack

The Apache Software Foundation is warning users about a configuration problem in the open-source CloudStack platform that could allow an attacker to take a number of unwanted actions, including deleting all of the virtual machines on a system. CloudStack is a project that’s under incubation at th...

CVE-2012-5308

Cross-site request forgery CSRF vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action...

CVE-2012-5308

Cross-site request forgery CSRF vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action...

CVE-2012-5308

The CVE-2012-5308 entry concerns IBM Lotus Notes Traveler (servlet/traveler) with a CSRF vulnerability that, through to version 8.5.3.3 Interim Fix 1, allows remote attackers to hijack the authentication of arbitrary users via requests that create problem reports using a getReportProblem upload a...

Researcher Charlie Miller Joins Twitter Security Team

Twitter quietly is assembling a serious security team, with the most recent addition being Charlie Miller, the security researcher known for finding a long line of bugs in the iPhone and other Apple products. Miller, a respected and prolific researcher, will join the social network’s security tea...

Slackware Advisory SSA:2004-049-01 Kernel security update

The remote host is missing an update as announced via advisory SSA:2004-049-01. OpenVAS Vulnerability Test $Id: esoftslkssa200404901.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

Slackware Advisory SSA:2008-191-02 bind

The remote host is missing an update as announced via advisory SSA:2008-191-02. OpenVAS Vulnerability Test $Id: esoftslkssa200819102.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

Slackware Advisory SSA:2009-015-01 bind 10.2/11.0 recompile

The remote host is missing an update as announced via advisory SSA:2009-015-01. OpenVAS Vulnerability Test $Id: esoftslkssa200901501.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

Slackware Advisory SSA:2003-346-01 lftp security update

The remote host is missing an update as announced via advisory SSA:2003-346-01. OpenVAS Vulnerability Test $Id: esoftslkssa200334601.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

Slackware: Security Advisory (SSA:2005-310-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

About mysql explosion serious compilation vulnerabilities in login authentication problem description-bug warning-the black bar safety net

A while back,mysql explosion of a more serious compilation vulnerabilities in login authentication problem The affected version has All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 arevulnerable. MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not. MySQL versions from...

Windows Service Trusted Path Privilege Escalation

Exploit for windows platform in category local exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...

Windows Service Trusted Path Privilege Escalation

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/post/common' require...

Microsoft Windows - Service Trusted Path Privilege Escalation (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/post/common' require...

Windows Service Trusted Path Privilege Escalation

This module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths:...