WordPress Pingback Vulnerability Could Lead to DDoS Attacks

A pingback vulnerability exists in the WordPress blogging platform that could leak information and lead to distributed denial of service DDoS attacks if the right script is run, according to web application security firm Acunetix. A pingback is technically something blog owners rely on to track w...

Leave information on scanned hosts

This routine stores information about the scan on the scanned host, provided it is a unixoid system offering ssh access with a standard shell. The information cover hostname, scan start time and scan end time. No details about the actual scan results are stored on the scanned host. By default, th...

MySQL - Stuxnet Technique Windows Remote System

MySQL - Stuxnet Technique Windows Remote System MySQL Scanner & MySQL Server for Windows Remote SYSTEM Level Exploit Version 1.0 By Kingcope In the Year of 2012 https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/23083.zip use this on a fast scan server! How to use...

Symantec Legacy Decomposer Code Execution (SYM12-017)

The version of Symantec Endpoint Protection or Symantec Scan Engine installed on the remote Windows host is potentially affected by a code execution vulnerability. The legacy decomposer engine fails to properly handle bounds-checking when parsing files from some versions of CAB archives. C Tenabl...

X-Ray 2.0 - VirusTotal frontent version for Suspicious Files Auto Submit

Raymond announce X-Ray 2.0, a program which is frontend for VirusTotal multi scanner. X-Ray will provide users with automatic submission of files that you think are suspicious to 35 Agnitum, Antiy Labs, Avast, AVG, Avira, Bitdefender, QuickHeal, ClamAV, Comodo, Dr.Web, Emsisoft, ESET, F-Prot,...

Modbus Unit ID and Station ID Enumerator

Modbus is a cleartext protocol used in common SCADA systems, developed originally as a serial-line RS232 async protocol, and later transformed to IP, which is called ModbusTCP. default tcp port is 502. This module sends a command 0x04, read input register to the modbus endpoint. If this command i...

linux/x86 - Nmap Default Router Services Scan - 73 bytes

/ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x Official Website: http://www.1337day.com 0 1 x...

CVE-2012-3012

The Arbiter Power Sentinel 1133A device with firmware before 11Jun2012 Rev 421 allows remote attackers to cause a denial of service Ethernet outage via unspecified Ethernet traffic that fills a buffer, as demonstrated by a port scan...

Buffer overflow

The Arbiter Power Sentinel 1133A device with firmware before 11Jun2012 Rev 421 allows remote attackers to cause a denial of service Ethernet outage via unspecified Ethernet traffic that fills a buffer, as demonstrated by a port scan...

CVE-2012-3012

The Arbiter Power Sentinel 1133A device with firmware before 11Jun2012 Rev 421 allows remote attackers to cause a denial of service Ethernet outage via unspecified Ethernet traffic that fills a buffer, as demonstrated by a port scan...

ManageEngine OpUtils 6.0 - Persistent Cross-Site Scripting

Author: loneferret of Offensive Security Product: ManageEngine OpUtils Version: 6 Vendor Site: http://www.manageengine.com Software Download: http://www.manageengine.com/products/oputils/download.html Software Description: http://www.manageengine.com/products/oputils/oputils.html The toolset can ...

reflected xss in the pageId request parameter in 500page.jsp

A scanner picked up that the pageId parameter in 500page.jsp is a potentially reflected xss bug. This can be exploited through a url like the following: https://example.com/pages/viewtrash.vm;editpage?pageId=%22%3E%3Cscript%3Ealert1%3C/script%3E code /images/icons/emoticons/warning.png" You can...

Scientific Linux Security Update : kdelibs on SL5.x, SL4.x i386/x86_64

Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. CVE-2007-0242, CVE-2007-0537 A flaw was found in KDE JavaScript implementation. A web page containing...

Solaris 10 (x86) : 148871-01 (deprecated)

Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: mailx1. Supported versions that are affected are 8, 9, 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update,...

Synel SY-780/A terminal denial-of-service vulnerability

Overview Synel SY-780/A terminals contain a denial-of-service vulnerability when specific ports of the device are scanned. Description According to Synel's website the SY-780/A terminal is a stand-alone device used for time & attendance monitoring, production floor control, job costing, and acces...

Unable to collect files information from datastore in a timely manner due to high vCenter server load

Challenge Veeam ONE Reporter collects data from datastores using the SearchDatastoreSubFoldersTask tasks, which are pre-defined by vSphere. During that process, if a datastore becomes unavailable or experiences performance issues, Veeam ONE Reporter may be unable to complete data collection tasks...

Race condition

Race condition in the scangetnextrmapitem function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging KSM is enabled, allows local users to cause a denial of service NULL pointer dereference or possibly have unspecified other impact via a crafted application...

Managing Your Nexpose Scan Engines through the API

Here's a walk-through of a Ruby script that uses the nexpose gem to add and configure your Nexpose Scan Engines. This script configures the Dynamic Scan Pool feature. A Scan Engine pool is a group of shared Scan Engines that can be bound to a site so that the load is distributed evenly across the...

Like Those Wikipedia Ads? They Mean You're Infected With Malware!

The Wikimedia Foundation is warning its millions of visitors that if they’re seeing ads appearing on any of the Foundation’s Web sites, then their computer is probably infected with malware. The Foundation issued a statement on Monday clarifying that it never runs ads on the Web site for Wikipedi...

CVE-2012-0736

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site...