Gmail - Spoof email from any sender (Warning and Alert Bypass)

By using this bug you can send a email from any email address to any gmail user and no warning or yellow triangle or else is shown except your message and sender's email. Example: From: email protected To: email protected Subject: Blah blah.. Message : any message Now the victim sees that the...

ipa security, bug fix, and enhancement update

4.1.0-18.0.1 - Replace login-screen-logo.png 20362818 - Drop subscription-manager requires for OL7 - Drop redhat-access-plugin-ipa requires for OL7 - Blank out header-logo.png product-name.png 4.1.0-18 - Fix ipa-pwd-extop global configuration caching 1187342 - group-detach does not add correct...

Python rhn-setup Security Bypass Vulnerability

Python rhn-setup is a Python package. A security bypass vulnerability exists in Python rhn-setup. An attacker can exploit this vulnerability to conduct a man-in-the-middle attack and impersonate a trusted server...

phpok the latest version of the CSRF getshell-a vulnerability warning-the black bar safety net

In the rear of the Typhoon the grid management service is by a get-type request to delete a template, the directory and file name to install lock file install. lock: http://localhost/phpok/admin.php?c=tpl&f=delfile&id=1&folder=./../../ data/&title=The install. lock After the request returns ok,...

Signal 2.0 — Free iPhone App for Encrypted Calls and Texts

An open source software group, Open Whisper Systems, has announced the release of Signal 2.0 — the second version of its free and open source messaging application for iPhone and iPad users. Signal app is specifically designed to make secure and easy-to-use encrypted voice calling. But that’s wha...

[SECURITY] Fedora 21 Update: android-tools-20141219git8393e50-2.fc21

The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...

PT-2015-4553 · Red Hat +2 · Kexec-Tools +3

Name of the Vulnerable Software and Affected Versions: kexec-tools versions prior to 2.0.7-19 Description: The issue allows local users to write to arbitrary files via a symlink attack on a temporary file. This is related to the Red Hat module-setup.sh script for kexec-tools in Red Hat Enterprise...

WhatsSpy - Trace the moves of a WhatsApp user

WhatsSpy Public is an web-oriented application that tracks every move of whoever you like to follow. This application is setup as an Proof of Concept that Whatsapp is broken in terms of privacy. Once you've setup this application you can track users that you want to follow on Whatsapp. Once it's...

Streisand

The Internet can be a little unfair. It’s way too easy for ISPs, telecoms, politicians, and corporations to block access to the sites and information that you care about. But breaking through these restrictions is tough . Or is it? Introducing Streisand A single command sets up a brand new server...

Administrator role has access to restricted pages

Setting up e.g. a personal space and giving only the owner full access, anonymous access denied, some people administrators? still have access can view, change permission and add comments. This is regardless of space or site restriction. We are using the build-in security systems shared with JIRA...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream -longterm 3.14.27 and fixes the following security issues: arch/x86/kernel/tls.c in the Thread Local Storage TLS implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier...

Sitecom-MD-25x

Exploit Title: Sitecom MD-253 and MD-254 Network Storage Reverse Shell Exploit Date: 09/11/12 Exploit Author: Mattijs van Ommeren mattijs at alcyon dot nl Vendor Homepage: http://www.sitecom.com Software Link: http://www.sitecom.com/download/5012/SitecomNas.2.4.17.bin Version: 2.4.17 and below...

AdaptCMS 3.0.3 Remote Command Execution Exploit

Summary AdaptCMS is a Content Management System trying to be both simple and easy to use, as well as very agile and extendable. Not only so we can easily create Plugins or additions, but so other developers can get involved. Using CakePHP we are able to achieve this with a built-in plugin system...

CVE-2011-5306

Cross-site request forgery CSRF vulnerability in cgi-bin/admin/setupedit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin parameters...

CVE-2011-5306

CVE-2011-5306 describes a Cross-Site Request Forgery (CSRF) vulnerability in CosmoShop ePRO 10.05.00. The flaw affects the CGI component cgi-bin/admin/setup_edit.cgi and enables remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action. T...

CVE-2011-5300

CVE-2011-5300 affects poMMo Aardvark PR16.1. a CSRF in admin/setup/config/users.php allows remote attackers to hijack administrator authentication by submitting requests that modify credentials via certain admin_ parameters. Root cause is a CSRF in the credential-modification flow. Impact describ...

Security update for clamav (important)

clamav was updated to version 0.98.5 to fix two security issues. These security issues were fixed: - Segmentation fault when processing certain files CVE-2013-6497. - Heap-based buffer overflow when scanning crypted PE files CVE-2014-9050. The following non-security issues were fixed: - Support f...

Code injection

Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System RTLS Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack...

CVE-2014-9408

The CVE-2014-9408 entry concerns Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, RTLS Controller 6.0.5-FINAL, and Activator 3, where parts of the MAC address are used in the RC4 setup key. This design allows brute-force guessing of the key by remote attackers, per the provided records. The co...