985 matches found
PAExec - The Redistributable PsExec (Launch Remote Windows Apps)
PAExec lets you launch Windows programs on remote Windows computers without needing to install software on the remote computer first. For example, you could launch CMD.EXE remotely and have the equivalent of a terminal session to the remote server. PAExec is useful for doing remote installs,...
TextSecure Provides Seamless Encryption for All Levels
TextSecure, the secure messaging app developed by the encrypted communication provider WhisperSystems, is no longer merely a private short messaging service SMS application. According to a blog post penned by WhisperSystems co-founder Moxie Marlinspike, TextSecure is now a private, asynchronous...
ownCloud 6.0.0a - Multiple Vulnerabilities
Exploit Title: ownCloud 6.0.0a File Deletion XSS and CSRF Protection Bypass Vendor Homepage: www.ownCloud.org OwnCloud Version: 6.0.0a Browsers tested: Iceweasel 22.0; Internet Explorer 11; Server: Debian. Default LAMP set-up. Exploit Author: James Sibley absane Blog: http://blog.noobroot.com...
PT-2013-1067 · Debian +2 · Nbd +2
Name of the Vulnerable Software and Affected Versions: nbd versions prior to 3.5 Description: The issue concerns multiple vulnerabilities in the nbd package of the Debian GNU/Linux operating system, which can be exploited to compromise the confidentiality, integrity, and availability of protected...
CVE-2013-5008
The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across different customers' installations, which makes it easier for local users to obtain sensitive...
Code injection
The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across different customers' installations, which makes it easier for local users to obtain sensitive...
Cleartext Credential Found in ICS Device Firmware
Industrial control systems are rife with security issues, not the least of which is the use of hard-coded credentials. In order to minimize downtime, developers and administrators build in passwords to expedite remote troubleshooting in the event of a system crash or failure. Problems arise when ...
ZPanel 10.0.0.2 Remote Command Execution
One of our expert team members [email protected] who is assigned to do the security audit of ZPanel code has found the follwoing security vulnerability with ZPanel 10.0.0.2 which will allow anyone to escalate the root accress and access the server by anyone. The security audit states the...
j2ee external parameters of the reference implementation, The steering functions caused by the security Directory Access bypass security issue-vulnerability warning-the black bar safety net
j2ee external parameter references a URL for steering forward function to cause the security Directory Access bypass security issues with! //Recently issued a vulnerability, let me produce one doubts. Today just to achieve a bit of URL jump, find the problem cause is actually very simple. First...
CVE-2011-4515
Siemens WinCC TIA Portal 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging 1 physical access or 2 Sm@rt Server access...
Design/Logic Flaw
Siemens WinCC TIA Portal 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging 1 physical access or 2 Sm@rt Server access...
CVE-2011-4515
Siemens WinCC TIA Portal 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging 1 physical access or 2 Sm@rt Server access...
Microsoft SharePoint Directory Traversal (MS13-024; CVE-2013-0084)
An elevation of privilege exists in Microsoft SharePoint Server. The vulnerability is due to an error in the way Microsoft SharePoint handles specially crafted URLs. A remote attacker may exploit this issue by enticing a target user to open a specially crafted web page. An attacker who successful...
Unofficial Pakistan Intelligence website hacked
While the rest of the world engaged in cyber security conferences and Anonymous operations, an Indian patriotic hacker used the time to attack Unofficial Pakistan Intelligence agency ISI. Hacker going by name "Godzilla" today claimed to hack into one of the server belongs to ISI website...
CVE-2013-0472
The Web GUI in the client in IBM Tivoli Storage Manager TSM 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain unspecified server access, via unknown vectors...
BlackBerry Vulnerability Could Allow Access to Enterprise Server
A vulnerability exists in some components of BlackBerry mobile devices that could grant attackers access to instances of the company’s Enterprise Server BES, according to Research in Motion RIM, which issued an alert and released a patch for the vulnerability last week via its Knowledge Base...
SVN wc.db Scanner
Scan for servers that allow access to the SVN wc.db file. Based on the work by Tim Meddin. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SVN wc.db Scanner', 'Description' = %q Scan for server...
EMC Avamar Client for VMware weak encryption
Server access password is stored locally in cleartext...
nginx+cgi to parse php is prone to a vulnerability-vulnerability warning-the black bar safety net
The title is a bit large, when we analyze carefully after, in fact, are generally configuration issues. If someone wants to attack the server, it will scan the machine where there is vulnerability can upload a malicious script file, the upload script is the first step, When a malicious php script...
Hacker leaks source code of NASA website belongs to US Government computer
A Hacker going by name - "LegitHacker97" claiming that he successfully access a NASA subdomain website , that actually belongs to a US Government computer, as mentioned on homepage. WARNING This is a US Government computer Hacker also dump a 82.51 MB compressed or 337 MB uncompressed Archive five...