CVE-2013-4277

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option...

CVE-2013-4277

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option...

[DLL Finder v1.5] Tool to quickly find the matching DLL in all running Processes

DLL Finder is the command-line tool to quickly find the matching DLL in all running Processes. For each discovered DLL in a process it displays, Target Process Name Process ID Full DLL Name DLL Base Address DLL Load Count DLL File Path On 64 bit system, 32-bit processes are shown with suffix "32"...

Bug Bounty to Reward Researchers with Redeemable Points

IntegraXor, a manufacturer of supervisory control and data acquisition SCADA equipment, announced last week that it would implement a bug bounty program offering points redeemable for company services to researchers that disclose security vulnerabilities in their IGX SCADA system. In most bug...

Cisco Unified Communications Domain Manager Memory Exhaustion Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager could allow an authenticated, remote attacker to exhaust available memory and crash several critical processes. The vulnerability is due to improper memory allocation when the affected system receives crafted HTTP...

CVE-2013-2872

CVE-2013-2872 affects Google Chrome on Mac OS X prior to 28.0.1500.71. The issue is that the entropy source for renderer processes may be insufficient, potentially allowing remote attackers to bypass cryptographic protections in third‑party components via unspecified vectors. Impacts are describe...

[DEP Process Scanner] Tool to scan and show all the DEP enabled Processes

DEP Process Scanner is the free command-line tool to scan and show all the DEP enabled Processes. Data Execution Prevention DEP is a security feature introduced since Windows XP SP2 onwards and designed to prevent an application executing code from a non-executable memory regions such as Stack or...

qemu guest agent (qga) insecure file permissions

ISSUE DESCRIPTION The qemu guest agent creates files with insecure permissions when started in daemon mode. IMPACT The qemu guest agent is not used by default in Xen systems. If it is used in a particular guest, unprivileged guest processes might be able to escalate their privilege to that of the...

K-Shell by kikicoco VHS version 1.2 edition (.aspx)

Данная утилита предназначенна для системных администраторов для удаленного управления своим сервером. Любое незаконное использование скрипта преследуется по закону. last update: 06.05.2013 21:20 Что может: Wso-style Server IP Client IP HostName Username OS Version IIS Version System Dir...

[SECURITY] Fedora 17 Update: qemu-1.0.1-6.fc17

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

[SECURITY] Fedora 18 Update: qemu-1.2.2-11.fc18

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

7T Interactive Graphical SCADA RMS Reports Buffer Overflow

7-Technologies' IGSS is a Supervisory Control and Data Acquisition SCADA system used for monitoring and controlling industrial processes. Multiple buffer overflow vulnerabilities have been reported in 7T Interactive Graphical SCADA System IGSS. The vulnerability is due to boundary errors in the...

Attacks on SCADA, ICS Honeypots Modified Critical Operations

With antiquated gear running the country’s industrial control systems that oversee critical infrastructure, it’s no shock attackers targeting SCADA networks do their fair share of reconnaissance looking for weak spots in that equipment. A researcher decided to put that theory to a practical test...

[SET v4.7] The Social-Engineer Toolkit

The Social-Engineer Toolkit SET version 4.7 codename “ Headshot ” has been released. This version of SET introduces the ability to specify multi-powershell injection which allows you to specify as many ports as you want and SET will automatically inject PowerShell onto the system on all of the...

Third-Party Applications to Blame for 87 Percent of Vulnerabilities Last Year

Third-party applications accounted for a whopping percentage of vulnerabilities last year, many more than security flaws found in Microsoft programs according to a report released this week by Danish vulnerability research firm Secunia. Eighty-seven percent of the vulnerabilities found in the top...

Design/Logic Flaw

Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors...

CVE-2013-0910

Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access restrictions via vectors involving a blocked plug-i...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 176882 High CVE-2013-0902: Use-after-free in frame loader. Credit to Chamal de Silva. 176252 High CVE-2013-0903: Use-after-free in browser navigation handling. Credit to "chromium.khalil". 172926 172331 High CVE-2013-0904: Memory corruption in Web Audio. Credit to...

[RemoteDLLInjector] Command-line Tool to Inject DLL into Remote Process

Remote DLL Injector is the free command-line tool to Inject DLL into remote process. Currently it supports DLL injection using the CreateRemoteThread technique. If you are looking for advanced and more user friendly GUI version then check out our popular RemoteDll tool. Being a command-line tool...

Nmap NSE 6.01: smb-enum-processes

Pulls a list of processes from the remote server over SMB. This will determine all running processes, their process IDs, and their parent processes. It is done by querying the remote registry service, which is disabled by default on Vista; on all other Windows versions, it requires Administrator...