[SECURITY] Fedora 18 Update: lighttpd-1.4.32-1.fc18

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...

Modsecurity Cross Site Scripting Bypass

Product: Modsecurity Author: Rafay Baloch Company: RHAINFOSEC Website: http://services.rafayhackingarticles.net Reported: 8/8/2013 Fixed: 25/8/2013 Status: Fixed ============ Introduction ============ The ModSecurity firewall is one of the most known WAF around, It has anonline smoke test where w...

UBUNTU-CVE-2013-4127

Use-after-free vulnerability in the vhostnetsetbackend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service OOPS and system crash via vectors involving powering on a virtual machine...

Kernel: tracing: NULL pointer dereference

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact by leveraging the CAPSYSADMIN capability for write access to the 1 setftracepid or 2 setgraphfunction file...

CVE-2013-4125

The fib6addrt2node function in net/ipv6/ip6fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement RA messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred for...

UBUNTU-CVE-2013-4125

The fib6addrt2node function in net/ipv6/ip6fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement RA messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred for...

Fedora 19 : xen-4.2.2-10.fc19 (2013-11837)

XSA-45/CVE-2013-1918 breaks page reference counting let pygrub handle set default='$nextentry' line in F19 libxl: Set vfb and vkb devid if not done so by the caller add upstream patch for PCI passthrough problems after XSA-46 xenstore permissions not set correctly by libxl XSA-57 Note that Tenabl...

Oracle Linux 5 / 6 : perl (ELSA-2013-0685)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0685 advisory. - Resolves: 915692 - CVE-2012-5526 newline injection due to improper CRLF escaping in Set-Cookie and P3P headers - Resolves: 915692 - CVE-2012-6329...

Mod_Security Cross Site Scripting Bypass

Product: Modsecurity Author: Rafay Baloch Status: Fixed Details: The ModSecurity firewall is one of the most known WAF around, It has an online smoke test where we can check if a vector bypassed the regular expressions. Payload: It was though detecting null bytes, but it was generating a false...

imacs CMS Unrestricted File Upload Exploit

Exploit for php platform in category web applications ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit...

imacs CMS 0.3.0 Shell Upload

?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : imacs CMS Unrestricted File Upload Exploit Date...

DEBIAN-CVE-2013-2000

Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service crash and possibly execute arbitrary code via crafted length or index values to the 1 XDGAQueryModes and 2 XDGASetMode functions...

ZPanel 10.0.0.2 Remote Command Execution Vulnerability

ZPanel version 10.0.0.2 suffers from a remote root command execution vulnerability. One of our expert team members email protected who is assigned to do the security audit of ZPanel code has found the follwoing security vulnerability with ZPanel 10.0.0.2 which will allow anyone to escalate the ro...

[SET v5.1] The Social-Engineer Toolkit codename “Name of the Doctor”

The Social-Engineer Toolkit SET version 5.1 codename “ Name of the Doctor ” has been released. This version adds a complete rewrite of the MSSQL Bruter as well as a new attack vector utilizing the PSExec functionality within Metasploit. The MSSQL Bruter now incorporates UDP port 1434 quick...

OPC UA Set Triggering Request Command

...

OPC UA Set Publishing Mode Response Command

...

OPC UA Set Triggering Response Command

...

OPC UA Set Publishing Mode Request Command

...

DEBIAN-CVE-2013-1979

The scmsetcred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application...

Opera Multiple Vulnerabilities-01 May13 (Mac OS X)

The host is installed with Opera and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvuln01may13macosx.nasl 6125 2017-05-15 09:03:42Z teissa $ Opera Multiple Vulnerabilities-01 May13 Mac OS X Authors: Arun Kallavi Copyright: Copyright c 2013 Greenbone Networks Gmb...