Webfroot Shoutbox < 2.32 (Apache) Remote Exploit

No description provided by source. !/usr/bin/perl Webfroot Shoutbox 2.32 on apache exploit use IO::Socket; my $host = 127.0.0.1; my $port = 80; my $shoutbox = shoutbox.php?conf=; my $shoutboxpath = /shoutbox; my $cmd = ls -l; my $conn; my $type; my @logs = /etc/httpd/logs/acceslog,...

Mac OS X <= 10.3.3 AppleFileServer Remote Root Overflow Exploit

No description provided by source. !/usr/bin/perl Priv8security com remote root exploit for AppleFileServer. PUBLIC VERSION!!!! Bug found by Dave G. and Dino Dai Zovi. URL: http://www.atstake.com/research/advisories/2004/a050304-1.txt wsxz@localhost buffer$ perl priv8afp.pl -h 10.4.12.199 -t 0...

Kwik Pay Payroll 4.10.3 - (.mdb) Crash PoC

No description provided by source. Exploit Title: Kwik Pay Payroll .mdb Crash PoC Date: April 1, 2010 Version: 4.10.3 Tested on: Windows XP SP3 Cost: 100.00 AU Author: anonymous Site: http://www.setfreesecurity.com Usage: Run Script, Open the program File - Import Payroll Data Select From Data...

20-Year Old Vulnerability Patched in Compression Algorithm

A 20-year old vulnerability in the Lempel-Ziv-Oberhumer LZO compression algorithm – used in some Android phones, the Linux kernel, and even Mars Rovers – was finally patched this week. Code stemming from the algorithm’s library function has existed in the wild for two decades, but was recycled ov...

PT-2014-1826 · Red Hat +5 · Red Hat +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.15.2 Red Hat Enterprise Linux affected versions not specified Description: The issue involves multiple integer overflows in the lzo1x decompress safe function in the LZO decompressor, which can be exploited by...

openSUSE Security Update : inn (openSUSE-SU-2012:1171-1)

fix starttls command injection issue CVE-2012-3523, bnc776967 - handle /var/run on tmpfs. bnc778439 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-600. The text description of...

openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141)

Mozilla XULRunner 1.9.1 was updated to version 1.9.1.13, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based...

CVE-2013-0210

The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands...

Command injection

The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands...

CVE-2013-0210

The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands...

CVE-2013-0210

The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands...

CVE-2013-0210

CVE-2013-0210 affects Foreman’s smart proxy Puppet run API (Foreman) prior to version 1.2.0. The issue permits remote command execution via vectors related to escaping and Puppet commands. The NVD entry assigns a base score of 7.5 (HIGH) with network attack vector and no authentication, indicatin...

Run a Command on Multiple Servers: ClusterSSH

Run a Command on Multiple Servers How to run a command on multiple servers at once? If you maintain multiple Linux servers, there are cases where you want to run the same commands on all the servers. For example, you may want to install/upgrade packages, patch the kernel, and update configuration...

USN-2184-2 unity vulnerabilities

USN-2184-1 fixed lock screen vulnerabilities in Unity. Further testing has uncovered more issues which have been fixed in this update. This update also fixes a regression with the shutdown dialogue. We apologize for the inconvenience. Original advisory details: Frédéric Bardy discovered that Unit...

UBUNTU-CVE-2014-2893

The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names...

DEBIAN-CVE-2012-0871

The sessionlinkx11socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/...

java-1.7.0-openjdk security update

1.7.0.55-2.4.7.1.0.1.el510 - Add oracle-enterprise.patch - Fix DISTRONAME to 'Enterprise Linux' 1.7.0.55-2.4.7.1.el5 - regenerated sources to fix TCK failure - Resolves: rhbz1085000 1.7.0.55-2.4.7.0.el5 - bumped to future icedtea-forest 2.4.7 - updatever set to 55, buildver se to 13, release rese...

Beware of Zeus Banking Trojan Signed With Valid Digital Signature

A new dangerous variant of ZeuS Banking Trojan has been identified by Comodo AV labs which is signed by stolen Digital Certificate which belongs to Microsoft Developer to avoid detection from Web browsers and anti-virus systems. Every Windows PC in the world is set to accept software "signed" wit...

Over 20Gbps DDoS attacks Now Become Common for Hackers

The Distributed Denial of Service DDoS attack has become more sophisticated and complex and therefore has become one of the favorite weapon for the cyber criminals to temporarily suspend the services of any host connected to the Internet and till now nearly every big site had been a victim of thi...

initramfs-tools未明安全漏洞

Bugtraq ID:66414 initramfs-tools是一款linux下生成initramfs的工具。 initramfs-tools没有用noexec选项不正确安装/run，可导致不明漏洞。 0 initramfs-tools Ubuntu linux用户可参考如下厂商提供的安全公告获得补丁信息： http://www.ubuntu.com/usn/usn-2153-1/...