Websense TRITON 7.8 Source Code Disclosure

The version of Websense TRITON running on the remote web server contains a flaw in handling a JSP script request having an appended double quote character. This causes the source code of the script to be returned instead of it being executed. An unauthenticated, remote attacker can exploit this...

Forma LMS 1.3 - Multiple SQL Injections

Forma LMS 1.3 Multiple SQL Injections + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-03Formalms.pdf + Info:...

Microsoft Windows - Local Privilege Escalation (MS15-051)

Source: https://github.com/hfiref0x/CVE-2015-1701 Win32k LPE vulnerability used in APT attack Original info: https://www.fireeye.com/blog/threat-research/2015/04/probableapt28useo.html Credits R136a1 / hfiref0x Compiled EXE: x86 +...

Microsoft Windows - Local Privilege Escalation (MS15-051)

Microsoft Windows - Local Privilege Escalation MS15-051 Source: https://github.com/hfiref0x/CVE-2015-1701 Win32k LPE vulnerability used in APT attack Original info: https://www.fireeye.com/blog/threat-research/2015/04/probableapt28useo.html Credits R136a1 / hfiref0x Compiled EXE: x86 +...

PHP multipart/form-data remote DOS vulnerability-vulnerability warning-the black bar safety net

PHP parse multipart/form-datahttp request the body part of the request header, the duplicate copy of the string resulting in DOS. A remote attacker by sending a maliciously constructed multipart/form-data requests, causing the server CPU resource is exhausted, so a remote DOS Server. Affect range...

focused Web Crawler: ACHE

ACHE is a focused Web crawler that can be customized to search for pages the belong to a given topic or have a given property. To configure ACHE, you need to: define a topic of interest e.g., Ebola, terrorism, cooking recipes; create a model to detect Web pages that belong to this topic; and...

Upcoming Google Password Alert 1.7 Update Could Disable Phishing Warning Feature

Google Chrome browser's new Anti-Phishing Password Alert extension is in controversies right after its launch last Wednesday, but now the search engine giant has effectively pulled off Password Alert from its store. Password Alert was not bypassed once, twice, but every time Google introduced a n...

Graudit - Find potential security flaws in source code using grep

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very...

WordPress Simple Ads Manager SQL Injection

SQL injection vulnerability in WordPress Simple Ads Manager plugin sam-ajax-admin.php Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

New Utility Decrypts Files Lost to TeslaCrypt Ransomware

Crypto-ransomware variants have enterprises on edge because of the threat of irreversibly damaged files. Some organizations, including most recently the Tewksbury, Ma., police department have gone as far as to pay hundreds of dollars in ransom for the recovery key. Some technology companies are...

CVE-2015-0113

The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next...

CVE-2015-0113

The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next...

Multiple IBM Rational Products Jazz Help System Information Disclosure Vulnerabilities

IBM Rational CLM, Rational Team Concert RTC, and Rational Engineering Lifecycle Manager are collaborative lifecycle management solutions; Rational Quality Manager RQM is a set of collaborative, Web-based quality management solutions; Rational Requirements Composer and Rational DOORS Next Generati...

FireEye Trojan analysis engine (MAS) 6.4.1 – multiple vulnerabilities-vulnerability warning-the black bar safety net

FireEye Trojan analysis system MAS web login section there are multiple serious vulnerabilities. Multiples Vulnerabilities 3 XSS reflected 1 CSRF 1 NoSQLi Json object 1 PostGreSQL SQLi Exploitable? 1 File and Path Disclosure 1 Source code Info-leak XSS: The Cross-Station 1...

java-1.8.0-openjdk security update

1:1.8.0.45-30.b13 - repacked sources - Resolves: RHBZ1209076 1:1.8.0.45-7.b13 - Re-add %name prefix to patches to avoid conflicts with OpenJDK 7 versions. - Remove ppc64le test case now fix has been verified. - Resolves: rhbz1194378 1:1.8.0.45-27.b13 - updated to security u45 - minor sync with 7....

BSD x64 Execute Command

Execute an arbitrary command This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exec ---- Executes an arbitrary command. module MetasploitModule CachedSize = 31 include Msf::Payload::Single include Msf::Payload::Bsd def...

Shopify: Force 500 Internal Server Error on any shop (for one user)

There is very strange behavior. If user open urls like below: - https://whashp.myshopify.com/?previewthemeid=11288717 - or https://lmfshp.myshopify.com/?previewthemeid=11290937 He got redirect to shop https://whashp.myshopify.com/ and 500 Internal Server Error response, and reload does not help i...

FreeBSD-SA-15:07.ntp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:07.ntp Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities of ntp Category: contrib Module: ntp Announced: 2015-04-07 Credits: Network Time...

How to Run Linux Kernel on Canon DSLRs Cameras

Last month, I Got a Canon's amazing and powerful video-capable DSLR Camera and was wondering if I could play a hack on it. Yes, Just like last time I installed and run Linux on my PlayStation 3 gaming console and the popular game console, the Nintendo Wii. What If I could port Linux Kernel to my...

CVE-2015-0902

The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code...