3757 matches found
Kemana Directory 1.5.6 (run param) Local File Inclusion Vulnerability
Summary Experience the ultimate directory script solution with Kemana. Create your own Yahoo or Dmoz easily with Kemana. Unique Kemana's features including: CMS engine based on our qEngine, multiple directories support, user friendly administration control panel, easy to use custom fields,...
Ubuntu: Security Advisory (USN-2153-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
initramfs-tools weak permissions
/run is mounted withour noexec option...
USN-2153-1: initramfs-tools vulnerability
Kees Cook discovered that initramfs-tools incorrectly mounted /run without the noexec option, contrary to expected behaviour...
UBUNTU-CVE-2013-4433
Cross-site scripting XSS vulnerability in XHProf before 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the run parameter...
CVE-2013-4433
Cross-site scripting XSS vulnerability in XHProf before 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the run parameter...
Safari User-Assisted Download and Run Attack
This module abuses some Safari functionality to force the download of a zipped .app OSX application containing our payload. The app is then invoked using a custom URL scheme. At this point, the user is presented with Gatekeeper's prompt: "APPNAME" is an application downloaded from the internet. A...
Stable Channel Update for Chrome OS
Update: Samsung Chromebook has been updated to 33.0.1750.124 Platform version: 5116.88.2 The Stable channel has been updated to 33.0.1750.124 Platform version: 5116.88.0 for all Chrome OS devices except Samsung Chromebook. This build contains a number of bug fixes, security updates and feature...
JGroups: Authentication via cached credentials
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...
Android 4.3 Superuser Root Privilege Escalation Vulnerability
The Superuser package for Android 4.3 allows a user to spawn /system/xbin/su with manipulated environment variables to execute code as root. Current releases of the CyanogenMod/ClockWorkMod/Koush Superuser package may allow restricted local users to execute arbitrary commands as root in certain,...
Threat Outbreak Alert: Fake Payroll Alert Notification Email Messages on October 30, 2013
Medium Alert ID: 31567 First Published: 2013 October 30 19:00 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a payroll alert notification for the recipient. The text in the email message attempts to convince the recipie...
[Web-Sorrow v1.5] Versatile security scanner for the information disclosure and fingerprinting phases of pentesting
Web-Sorrow is a perl based tool for misconfiguration, version detection, enumeration, and server information scanning. It's entirely focused on Enumeration and collecting Info on the target server. Web-Sorrow is a "safe to run" program, meaning it is not designed to be an exploit or perform any...
DEBIAN-CVE-2013-4112
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...
Windows Gather Prefetch File Information
This module gathers prefetch file information from WinXP, Win2k3 and Win7 systems and current values of related registry keys. From each prefetch file we'll collect filetime converted to utc of the last execution, file path hash, run count, filename and the execution path. This module requires...
There is no FIB [summary.xml] in the specified restore point
Challenge During a job run or a restore, the following error occurs: There is no FIB summary.xml in the specified restore point. FIB in this error stands for F ile I n B ackup. Cause This error occurs when the file summary.xml is not found within the restore point. This may occur for several...
Microsoft Update to Improve Cryptography and Digital Certificate Handling (2854544)
This host is missing an important security update according to Microsoft Security Advisory 2854544. OpenVAS Vulnerability Test $Id: secpodcryptndigitalcerthandlingupdate.nasl 5347 2017-02-19 09:15:55Z cfi $ Microsoft Update to Improve Cryptography and Digital Certificate Handling 2854544 Authors:...
DEBIAN-CVE-2013-3670
The rleunpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service out-of-bounds array access and application crash via crafted RLE data. NOTE: the vendor has listed this as ...
MS13-033: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2820917)
The Windows Client/Server Run-time Subsystem CSRSS on the remote host has a privilege escalation vulnerability due to an improper handling of objects in memory. An attacker who successfully exploits this vulnerability can execute arbitrary code in the context of the local system. The attacker cou...
RubyGems 'thumbshooter'远程命令执行漏洞
BUGTRAQ ID: 58706 RubyGems thumbshooter可以通过webkit和qt4创建thumbshots网站。 thumbshooter因未对用户输入进行充分检查而致使存在命令执行漏洞,攻击者成功利用后可在受影响应用中执行任意命令。 0 rubygems thumbshooter 厂商补丁: rubygems -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://rubygems.org/gems/thumbshooter 1012 command "xvfb-run -a...
Fedora 17 : tor-0.2.3.25-1702.fc17 (2013-3773)
Significant package cleanup, including : - remove dependency on fedora-usermgmt - merge tor-core, tor-systemd and torify into previously empty tor package - remove unnecessary /var/run/tor - disallow group read for /var/log/tor - use --defaults-torrc as recommended by upstream - increase...