ionCube loader-wizard.php Accessible

ionCube, an encoding and PHP file security tool written in PHP, is running on the remote host. The 'loader-wizard.php' script that contains setup and configuration assistance and provides access to sensitive information about the web server is accessible to remote, unauthenticated users...

DEBIAN-CVE-2013-7348

Double free vulnerability in the ioctxalloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service system crash or possibly have unspecified other impact via vectors involving an error condition in the aiosetupring function...

UBUNTU-CVE-2013-7348

Double free vulnerability in the ioctxalloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service system crash or possibly have unspecified other impact via vectors involving an error condition in the aiosetupring function...

CSGuestbook csGuestbook.cgi setup Parameter Code Execution - Ver2 (CVE-2002-1750)

A code execution vulnerability has been reported in Cgiscript.net Csguestbook. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2011-3196

The setup script in Domain Technologie Control DTC before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file...

Design/Logic Flaw

The setup script in Domain Technologie Control DTC before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file...

CVE-2011-3196

The CVE-2011-3196 issue affects Domain Technologie Control (DTC) prior to version 0.34.1. The root cause is world-readable permissions on /etc/apache2/apache2.conf, which allowed local users to read a configuration file and obtain the dtcdaemons MySQL password. Impact was local, with confidential...

Exploits for Two-Year-Old PHP Security Vulnerability Found

Close to two years ago, a serious vulnerability in PHP was accidentally disclosed after it was discovered months prior during a hacking contest. A patch was released in relatively short order, and one would assume that given PHP’s prevalence as a web development framework, the fix would have been...

[WakeMeOnLan] Turn on computers on your network with Wake-on-LAN packet

This utility allows you to easily turn on one or more computers remotely by sending Wake-on-LAN WOL packet to the remote computers. When your computers are turned on, WakeMeOnLan allows you to scan your network, and collect the MAC addresses of all your computers, and save the computers list into...

CVE-2013-2671

Multiple cross-site scripting XSS vulnerabilities in the Brother MFC-9970CDW printer with firmware L 1.10 allow remote attackers to inject arbitrary web script or HTML via the 1 id or 2 val parameter to admin/adminmain.html; 3 id, 4 val, or 5 arbitrary parameter name QUERYSTRING to...

Palo Alto Networks PAN-OS 5.0.9 Multiple Vulnerabilities

The remote host is running version 5.0.9 of Palo Alto Networks PAN-OS. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists due to an inability to handle IP packets larger than 1480 bytes through an Active/Active VWire setup. An attacker can exploit...

CSNews csNews.cgi setup Parameter Code Execution - Ver2 (CVE-2002-1751)

A code execution vulnerability has been reported in Cgiscript.net Cslivesupport. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2013-4541

The usbdevicepostload function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setuplen or setupindex value...

UBUNTU-CVE-2013-4541

The usbdevicepostload function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setuplen or setupindex value...

DEBIAN-CVE-2011-1835

The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps...

CVE-2011-1835

The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps...

Hyper-V Guest processing skipped (check guest OS VSS state and integration components version)

Challenge Guest VMs will fail to engage VSS when Application-Aware Processing is enabled, generating the error: Error Guest processing skipped check guest OS VSS state and integration components version System.Exception Solution Most Common Solution At the time this article was written in 2014,...

SEC Consult SA-20140122-0 :: Critical vulnerabilities in T-Mobile HOME NET Router LTE (Huawei B593u-12)

SEC Consult Vulnerability Lab Security Advisory 20140122-0 ======================================================================= title: Multiple critical vulnerabilities product: T-Mobile HOME NET Router LTE / Huawei B593u-12 vulnerable version: V100R001C54SP063 T-Mobile Austria fixed version:...

Fedora 20 : xen-4.3.1-8.fc20 (2014-1552)

PHYSDEVOPprepare,releasemsix exposed to unprivileged pv guests, Out-of-memory condition yielding memory corruption during IRQ setup Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically...

Fedora 19 : xen-4.2.3-14.fc19 (2014-1559)

PHYSDEVOPprepare,releasemsix exposed to unprivileged pv guests, Out-of-memory condition yielding memory corruption during IRQ setup Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically...