Infoproject Biznis Heroj Cross Site Scripting / SQL Injection

Infoproject Biznis Heroj XSS/SQLi Multiple Remote Vulnerabilities Vendor: Infoproject DOO Product web page: http://www.biznisheroj.mk Affected version: Plus, Pro and Extra Summary: Biznis Heroj or Business Hero Áèçíèñ Õåðî¼ is the first software on the Macedonian market that will help you manage...

CVE-2011-4339

ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...

CVE-2011-4339

ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...

Code injection

ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...

CVE-2011-4339

ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...

CVE-2011-4339

ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...

OpenIPMI: IPMI event daemon creates PID file with world writeable permissions

ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...

CVE-2011-1378

IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File UAF data, which allows local users to kill listener processes and the command server via a control command...

Facebook And Twitter Erode Your Company's Security From Within. Here's How To Stop It.

The “up side” of social networks like Facebook, Twitter and G+ are well known. But the down side of these networks for both users and for organizations that employ them are only now becoming clear. Worms, malware and spam are just the beginning of the security problems engendered by the social ne...

Volatility 2.0 - Advanced Memory Forensics [With Video Demonstration]

Volatility 2.0 - Advanced Memory Forensics With Video Demonstration The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory RAM samples. The extraction techniques ar...

Windows Gather Enumerate Domain Tokens

This module enumerates domain account tokens, processes running under domain accounts, and domain users in the local Administrators, Users and Backup Operator groups. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

Federal Trojan's Got A "Big Brother"

About two weeks ago, the German Chaos Computer Club CCC has published an analysis report of a backdoor trojan that they claim had been used by German police during investigations in order to capture VoIP and IM communication on a suspect’s PC. Our friends over at F-Secure published a blog post la...

Windows Gather Enumerate Domain Admin Tokens (Token Hunter)

This module enumerates Domain Admin account processes and delegation tokens. This module will first check if the session has sufficient privileges to replace process level tokens and adjust process quotas. The SeAssignPrimaryTokenPrivilege privilege will not be assigned if the session has been...

Kazakhstan calls for global cyber security treaty to deter hackers at United Nations

Kazakhstan calls for global cyber security treaty to deter hackers atUnited Nations Today's security professionals - whether they are black hats, white hats or something in between - all have one thing in common: The knowledge of their craft probably did not come from a book or a classroom. Today...

Kazakhstan calls for global cyber security treaty to deter hackers at United Nations

Kazakhstan calls for global cyber security treaty to deter hackers at United Nations Today's security professionals - whether they are black hats, white hats or something in between - all have one thing in common: The knowledge of their craft probably did not come from a book or a classroom...

Session Race Conditions and Session Puzzling – Now Simplified

Session Race Conditions and Session Puzzling – Now Simplified A few months ago Shay Chen, Senior Manager at Hacktics Advanced Security Center HASC published a paper about Session Puzzling, a new application level attack vector of critical severity and numerous uses, but for some bizarre reasons,...

7T Interactive Graphical SCADA System (IGSS) Directory Traversal (CVE-2011-1565)

A directory traversal vulnerability has been reported in 7T Interactive Graphical SCADA System IGSS. 7-Technologies' IGSS is a Supervisory Control and Data Acquisition SCADA system used for monitoring and controlling industrial processes. A remote attacker may exploit this vulnerability to read a...

7T Interactive Graphical SCADA System Arbitrary File Execution (CVE-2011-1566)

A file execution vulnerability has been reported in 7T Interactive Graphical SCADA System IGSS. 7-Technologies' IGSS is a Supervisory Control and Data Acquisition SCADA system used for monitoring and controlling industrial processes. A remote attacker may exploit this vulnerability to execute...

Apache - Remote Memory Exhaustion (Denial of Service)

Apache httpd Remote Denial of Service memory exhaustion By Kingcope Year 2011 Will result in swapping memory to filesystem on the remote side plus killing of processes when running out of swap space. Remote System becomes unstable. use IO::Socket; use Parallel::ForkManager; sub usage print "Apach...

Apache httpd Remote Denial of Service (memory exhaustion)

Exploit for windows platform in category dos / poc Apache httpd Remote Denial of Service memory exhaustion By Kingcope Year 2011 Will result in swapping memory to filesystem on the remote side plus killing of processes when running out of swap space. Remote System becomes unstable. use IO::Socket...