Debian: Security Advisory (DSA-3020-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-3013-1 s3ql - security update

Bulletin has no description...

Microsoft Releases EMET 5.0 Exploit Mitigation Tool

The latest version of Microsoft’s freely available stopgap against zero-day exploits was released today with two new exploit mitigations and a batch of new configuration options. The update to Microsoft’s Enhanced Mitigation Experience Tool kit, or EMET, comes six months after a technical preview...

[SECURITY] Fedora 20 Update: speech-dispatcher-0.8-9.fc20

Common interface to different TTS engines Handling concurrent synthesis requests =E2=80=93 requests may come asynchronously from multiple sources within an application and/or from more different applications. Subsequent serialization, resolution of conflicts and priorities of incoming requests...

CVE-2014-1996

Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call...

Early Review of LibreSSL Finds Problematic PRNG

When the OpenBSD foundation sent LibreSSL out the door last weekend, it was with the full intention of getting some feedback and scrutiny in return, all in the name of making the crypto library stable and secure. What they likely didn’t expect were claims surfacing that LibreSSL shared some of th...

Cybozu Garoon 3 API access restriction bypass vulnerability

Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability CWE-264 when using Garoon APIs. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Update the Software Update to the latest...

DeluxeBB <= 1.2 - Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl -------------------------------------------------- DeluxeBB = 1.2 Remote Blind SQL Injection Exploit -------------------------------------------------- by athos - stakerathotmaildotit download on http://deluxebb.com...

PHP <= 5.2.8 gd library - imageRotate() Information Leak Vulnerability

No description provided by source. PHP - gd library - imageRotatefunction Information Leak Vulnerability Discovered by: Hamid Ebadi, Further research and exploit: Mohammad R. Roohian CSIRT Team Members Amirkabir University APA Laboratory Introduction PHP is a popular web programming language whic...

OneOrZero Helpdesk 1.4 Install.PHP Administrative Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7611/info OneOrZero Helpdesk has been reported prone to an issue that may result in an attacker obtaining unauthorized administrative access. The issue presents itself due to a programming error in a Helpdesk script...

MinaliC Webserver 2.0.0 - Buffer Overflow

No description provided by source. !/usr/bin/env python Exploit Title: MinaliC Webserver buffer overflow Date: 12 Apr 2013 Exploit Author: superkojiman - http://www.techorganic.com Vendor Homepage: http://minalic.sourceforge.net/ Version: MinaliC Webserver 2.0.0 Tested on: Windows XP Pro SP2,...

Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability

No description provided by source. Title : Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability Author : Prabhu S Angadi SecPod Technologies www.secpod.com Vendor : http://www.netmechanica.com Advisory : http://secpod.org/blog/?p=481...

WFTPD 3.3 - Remote REST DoS

No description provided by source. WFTPD 3.3 unhandled exception xdmnt 2010 -- coding: windows-1252 -- import socket import sys, time def helpinfo: print Usage: wftpdkill host login password existingfle\n def dosithostname, username, passwd, exfile: sock = socket.socketsocket.AFINET,...

BigAnt Server 2.52 - Remote Buffer Overflow Exploit (2)

No description provided by source. !/usr/bin/python BigAnt Server 2.52 remote buffer overflow exploit 2 Author: DouBleZer0 Vulnerability discovered by Lincoln a another version of the original exploit by Lincoln application is little hazy.. import sys,socket host = sys.argv1 buffer= \x90 20...

Crob FTP Server <= 3.6.1 - Remote Stack Overflow Exploit

No description provided by source. / CrobFTP remote stack overflow PoC --------------------------------- Tested on Crob FTP Server 3.6.1, Windows XP Coded by Leon Juranic [email protected] LSS Security / http://security.lss.hr / include stdio.h include windows.h include time.h pragma comment...

Free MP3 CD Ripper 2.6 - 0day (1)

No description provided by source. Exploit Title: Free MP3 CD Ripper 2.6 wav 0-day Date: 30/03/2010 Author: Richard leahy Software Link: http://www.soft32.com/Download/Free/FreeMP3CDRipper/4-250188-1.html Version: 2.6 Tested on: Windows Xp Sp2 to exploit this open up the application select file -...

Virtual Programming VP-ASP 5.00 shopexd.asp SQL Injection Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/8159/info It has been reported that VP-ASP does not sufficiently sanitize user input passed to the shopexd.asp script contained in the software. As a result, it may be possible for remote attackers to embed SQL commands...

Prozilla 1.3.6 - Remote Stack Overflow Exploit

No description provided by source. / 20/10/2004 This is a private work of Serkan Akpolat [email protected] for the unpublished prozilla-1.3.6 format string/buffer overflow vulnerability , though this version only exploits the stack overflow. Tested against current gentoo/slack/debian/suse wi...

TANne 0.6.17 Session Manager SysLog Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6553/info TANne is a freely available, open source session management package. It is available for Unix and Linux operating systems. Due to programming error, it may be possible to exploit a format string vulnerability. A...

Python 1.5/1.6/2.0/2.1.x Pickle Class Constructor Arbitrary Code Execution

No description provided by source. source: http://www.securityfocus.com/bid/5257/info Python is an open source, object oriented programming language. The Python Pickle module is provided to convert object variables into a serialized form pickling, and later recover the data back into an object...