This Week In Security: Black Hat, Spammers and Trusted Rootkits

The old saying that there’s nothing new under the sun is just as true in the security industry as it is anywhere else. Many new attacks are variants or tweaks of existing ones, new software fails in exactly the same way as old software and new technologies crop up to solve problems that are 30...

White House Cybersecurity Meeting Produces Cautious Optimism

The meeting convened Wednesday at the White House by the country’s top cybersecurity official, Howard Schmidt, which included more than 100 security experts from the private sector and various government agencies, didn’t end with Schmidt revealing any new programs or initiatives, but some of the...

My Kazaam Notes Management System SQL Injection / Cross Site Scripting

Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title: My Kazaam Notes Management System Multiple Vulnerability Vendor url:http://www.mykazaam.com Version:1 Published: 2010-07-11 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j. Special Greetz:...

My Kazaam Notes Management System Multiple Vulnerability

Exploit for php platform in category web applications ======================================================== My Kazaam Notes Management System Multiple Vulnerability ======================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0...

My Kazaam Notes Management System - Multiple Vulnerabilities

My Kazaam Notes Management System - Multiple Vulnerabilities Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title: My Kazaam Notes Management System Multiple Vulnerability Vendor url:http://www.mykazaam.com Version:1 Published: 2010-07-11 Greetz to:r0073r inj3ct0r.com, Sid3^effects,...

My Kazaam Notes Management System - Multiple Vulnerabilities

Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title: My Kazaam Notes Management System Multiple Vulnerability Vendor url:http://www.mykazaam.com Version:1 Published: 2010-07-11 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j. Special Greetz:...

[SECURITY] Fedora 11 Update: condor-7.4.1-1.fc11

Condor is a specialized workload management system for compute-intensive jobs. Like other full-featured batch systems, Condor provides a job queueing mechanism, scheduling policy, priority scheme, resource monitoring, and resource management. Users submit their serial or parallel jobs to Condor,...

ecryptfs-utils security, bug fix, and enhancement update

75-4 - fix EOF handling 499367 - add icon to gui desktop file 75-3 - ask for password confirmation when creating openssl key 500850 - removed executable permission from ecryptfs-dot-private 500817 - ecryptfs-rewrite-file: improve of progress output 500813 - dont error out when unwrapping and addi...

Progress WS_FTP Server Version Detection (credentialed check)

Progress WSFTP Server formerly known as Ipswitch WSFTP Server, a commercial FTP server for Windows, is installed on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid40770; scriptversion"1.22"; scriptsetattributeattribute:"pluginmodificationdate",...

Counterpoint: The need for a cybersecurity czar is real

As everyone prepares to examine the results of the Obama Administration’s cyber-security review, one of the largest issues in play remains to what extent the White House will embrace recommendations to create a Cabinet-level position to address the matter or some role superior to today’s “cyber...

Mandriva Update for ia_ora-gnome MDKA-2007:059 (ia_ora-gnome)

Check for the Version of iaora-gnome OpenVAS Vulnerability Test Mandriva Update for iaora-gnome MDKA-2007:059 iaora-gnome Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Progress WS_FTP Server Detection (FTP)

FTP based detection of Progress WSFTP Server. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Unfixed XSS vulnerability at www.progresspublicationsmusic.com

Security researcher SaMTHG, has submitted on 15/11/2008 a cross-site-scripting XSS vulnerability affecting www.progresspublicationsmusic.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 14/09/2009. I...

ProCheckUp Security Advisory 2007.31

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PR07-31: Unauthenticated SQL Injection, XSS and Username Enumeration on DPSnet Case Progress Vulnerabilities Found: 23 May 2007 Vendor Contacted: 10 July 2007, 31 August 2007, 17 September 2007, 12 December 2007 Note: the vendor stopped responding on ...

C6 Messenger - ActiveX Remote Download and Execute

!-- C6 Messenger Installation Url DownloaderActiveX Control Remote Download & Execute Exploit by Nine:Situations:Group::SnoopyAssault site: http://retrogod.altervista.org/ "C6 Messenger is an instant messaging program produced by Telecom Italia Group, specifically by Alice distribution, Icon Spa...

EasyWay CMS (index.php mid) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ======================================================== EasyWay CMS index.php mid Remote SQL Injection Exploit ======================================================== php '.$argv0.' http://www.site.com 1 '; if $argc == 3 echo "\nExploiti...

CMS Easyway - 'mid' SQL Injection

source: https://www.securityfocus.com/bid/29461/info CMS Easyway is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

CVE-2004-2743

CVE-2004-2743 concerns upload.cgi in Mega Upload Progress Bar before 1.45. It allows remote attackers to copy or overwrite arbitrary files via parameters related to uploaded file names. The NVD entry lists a CVSSv2 base score of 6.4 (Medium), with Network attack vector, Low complexity, and no aut...

CVE-2004-2743

upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attackers to copy or overwrite arbitrary files via unspecified parameters related to names of uploaded files...

Exploits Remote eavesdropping with SIP Phone GXV-3000

No description provided by source. !/usr/bin/perl use IO::Socket::INET; die "Usage $0 dst port username src port username" unless $ARGV5; $socket=new IO::Socket::INET-new Proto='udp', LocalPort = $ARGV4, PeerPort=$ARGV1, PeerAddr=$ARGV0; $sdp= "v=0\r o=username 0 0 IN IP4 $ARGV3\r s=The Funky...