Merak Mail Server 7.4.5 address.html Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. The vulnerabilities reported are: - Multiple cross-site scripting vulnerabilities - An HTML injection vulnerabili...

Mongoose 2.8 Space String Remote File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38145/info Mongoose is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view the source code of files in the context ...

id Software Quake II Server 3.20/3.21 Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4744/info Quake II is a multiplayer game released by id Software. The source code has been made publically available, and versions are available for Windows and Linux. A vulnerability has been reported in some versions of...

Apache ActiveMQ 5.2/5.3 Source Code Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/39636/info Apache ActiveMQ is prone to a vulnerability that lets attackers access source code because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary fil...

CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...

用友专业顾问管理平台源码泄露

简要描述： 上次用友私信说有礼物了，别让小弟失望！ 详细说明： 源码：http://yytals.yonyou.com/web.rar 漏洞证明： 如上...

Versatility of Zeus Framework Encourages Criminal Innovation

A new report on the Zeus trojan’s evolution shows that the malware was moved from harvesting online banking credentials to controlling botnets and launching distributed denial of service attacks attributes the evolution to the highly customized and incredibly versatile framework Zeus is today...

web_spider

This plugin is a classic web spider, it will request a URL and extract all links and forms from the response. Three configurable parameter exist: onlyforward ignoreRegex followRegex IgnoreRegex and followRegex are commonly used to configure the webspider to spider all URLs except the "logout" or...

Fortify SCA analysis code vulnerabilities the whole solution-vulnerability warning-the black bar safety net

The last describes the use of FindBugs-assisted analysis of code vulnerability, this time a tools: Fortify SCA Demo 4.0.0。 Fortify is a security aspect of the quite famous company, there is not much to say. First introduce the protagonist: the Fortify SCA Demo 4.0.0, although do not know now...

FreeBSD-SA-14:12.ktrace

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:12.ktrace Security Advisory The FreeBSD Project Topic: ktrace kernel memory disclosure Category: core Module: kern Announced: 2014-06-03 Credits: Jilles...

Pixie CMS 1.04 Cross Site Scripting

Pixie CMS v1.04 Contact form POST XSS Vulnerabilities Vendor: Pixie CMS Product web page: http://www.getpixie.co.uk Affected version: 1.04 Severity: Medium CVE: CVE-2014-3786 Demo page: http://demo.getpixie.co.uk Discovered by: Filippos Mastrogiannis @filipposmastro & Simone Memoli @Simon90Italy...

Zeus-Carberp Hybrid Trojan Pops Up

UPDATE–Researchers have discovered a hybrid Trojan that combines elements of two of the more notorious crimeware strains of the last few years: Zeus and Carberp. It’s not uncommon for malware writers to steal bits and pieces of code from one another, but both Zeus and Carberp were once exclusivel...

optee_os

OP-TEE Trusted OS This git contains sou...

Mail.ru: https://217.69.135.63/rb/: money.mail.ru sources disclosure

Money.mail.ru source code disclosure...

CVE-2013-2756

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code...

CVE-2 0 1 3-4 5 4 7 Nginx parsing vulnerability in-depth use and analysis-vulnerability warning-the black bar safety net

0x00 background Nginx historically there have been many times parsing vulnerability, such as 80sec found parsing vulnerability, as well as the extension directly after add%0 0 truncation lead to code execution resolves vulnerabilities. But in 2 0 1 3 year-end, nginx again broke Vulnerability, CVE...

bug vulnerability handling mechanism system-bugtracker-bug warning-the black bar safety net

For the company configured a Bug tracking system, 找到BugTracker.NET,read a bit, the translation of which is configuration. After a research experience then put up to share. A friend in need can be the following URL to download http://sourceforge.net/project/showfiles.php?groupid=66812 BugTracker...

FreeBSD Security Advisory FreeBSD-SA-14:09.openssl [REVISED]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:09.openssl Security Advisory The FreeBSD Project Topic: OpenSSL use-after-free vulnerability Category: contrib Module: openssl Announced: 2014-04-30 Affects:...

Fedora 19 : syncevolution-1.4.1-1.fc19 (2014-5236)

Update to 1.4.1 stable release CVE-2014-1639 syncevolution: insecure temporary file usage in installcheck-local.sh It was found 1 that the installcheck-local.sh script of the syncevolution package creates temporary files in an insecure way. A local attacker could use these flaws to perform a...

New NIST AppVet Aims to Streamline Application Security

Apple and Google put developers’ apps through a relatively vigorous screening process before they make their way into their respective app stores. Now developers who produce apps intended for use on internal networks at government agencies can get a vetting process of their own. The National...