Directory traversal

Directory traversal vulnerability in Siemens WinCC TIA Portal 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL...

CVE-2013-0671

CVE-2013-0671 affects Siemens WinCC (TIA Portal) 11. The vulnerability is a Directory Traversal vulnerability in the HMI Web server, exploitable by manipulating the URL to read panel server-side source code and user-defined scripts. It requires authenticated access; exploitation is not remote wit...

Microsoft IIS 6. 0 and 7. 5 multiple vulnerabilities and the use of method-vulnerability warning-the black bar safety net

Microsoft IIS 6.0 install PHP to bypass authentication vulnerability Microsoft IIS with PHP 6.0, which is on PHP5 in Windows Server 2 0 0 3 SP1 test detail: An attacker can send a special request is sent to the IIS 6.0 Service, successfully bypass access restrictions The attacker can access the...

Google Chrome 21.0.1180.57 NULL Pointer

---| overview Vulnerability: Chrome Null Pointer in InspectDataSource::StartDataRequest Date: 03/14/2012 Author: @HeyderAndrade heyder.andradeatgmaildotcom Chrome Version: = 21.0.1180.57 stable Operating System Tested: Win XP SP2, WIN7, Mac OS X 10.6.8 10K549,Linux Ubuntu 12.04 Architecture: x86...

Path Traversal in AWS XMS

High-Tech Bridge Security Research Lab discovered path traversal vulnerability in AWS XMS, which can be exploited to read contents of arbitrary files. 1 Path Traversal in AWS XMS: CVE-2013-2474 The vulnerability exists due to insufficient filtration of "what" HTTP GET parameter passed to...

HTML5 browser exploit can flood your Hard Drive with junk data

Feross Aboukhadijeh, 22-year-old Web developer from Stanford has discovered HTML5 browser exploit can flood your Hard Drive with Cat and Dogs i.e junk data. Many times a website needs to leave a little data i.e 5-10KB on your computer like a cookie, but HTML5 allow sites to store larger amounts o...

HTML5 browser exploit can flood your Hard Drive with junk data

Feross Aboukhadijeh, 22-year-old Web developer from Stanford has discovered HTML5 browser exploit can flood your Hard Drive with Cat and Dogs i.e junk data. Many times a website needs to leave a little data i.e 5-10KB on your computer like a cookie, but HTML5 allow sites to store larger amounts o...

Researchers Find Stuxnet Older Than Previously Believed

Researchers on Tuesday said they have proof the Stuxnet worm used to cripple Iran’s nuclear program has been in the wild two years longer than first believed. There’s also now evidence the military-grade malware’s origins date back to 2005, and possibly earlier. According to an 18-page report,...

CVE-2013-0467

IBM Eclipse Help System IEHS, as used in IBM Data Studio 3.1 and 3.1.1 and other products, allows remote authenticated users to read source code via a crafted URL...

CVE-2013-0467

CVE-2013-0467 concerns a vulnerability in the IBM Eclipse Help System (IEHS) that is shipped with multiple IBM products (notably IBM WebSphere Application Server, IBM InfoSphere Information Server, SPSS Data Collection, Content Analytics/OmniFind, Content Collector, and related IEHS-integrated co...

CVE-2013-0467

IBM Eclipse Help System IEHS, as used in IBM Data Studio 3.1 and 3.1.1 and other products, allows remote authenticated users to read source code via a crafted URL...

Samsung's new OS Tizen 2.0 source code released

The Tizen 2.0 source code and SDK has officially been released. Tizen is a Linux-based open-source software platform backed by Intel and Samsung Electronics, that is designed for smartphones, tablets, smart TVs and in-car systems and it's designed to run apps written using web technologies...

Samsung's new OS Tizen 2.0 source code released

The Tizen 2.0 source code and SDK has officially been released. Tizen is a Linux-based open-source software platform backed by Intel and Samsung Electronics, that is designed for smartphones, tablets, smart TVs and in-car systems and it’s designed to run apps written using web technologies...

Basilic 1.5.14 RCE

Remote command execution vulnerability in Basilic diff.php Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Phil Zimmermann: 'We Really, Really Don't Have the Keys'

SAN JUAN, Puerto Rico–Phil Zimmermann has seen more changes in the the threat landscape in his career than he may care to remember. The inventor of the PGP encryption software and one of the key movers in the crypto wars of the early 1990s, Zimmermann is back in the game now with a new mobile...

SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)

This update to python 2.6.8 fixes the following bugs, among others : - XMLRPC Server DoS. CVE-2012-0845, bnc747125 - hash randomization issues. CVE-2012-1150, bnc751718 - insecure creation of .pypirc. CVE-2011-4944, bnc754447 - SimpleHTTPServer XSS. CVE-2011-1015, bnc752375 - functions can accept...

SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)

This update to python 2.6.8 fixes the following bugs, among others : - XMLRPC Server DoS. CVE-2012-0845, bnc747125 - hash randomization issues. CVE-2012-1150, bnc751718 - insecure creation of .pypirc. CVE-2011-4944, bnc754447 - SimpleHTTPServer XSS. CVE-2011-1015, bnc752375 - functions can accept...

A lightweight php framework full-Station injection-vulnerability warning-the black bar safety net

http://www.cephp.com/ Baidu search lightweight php framework, the first one is this CEPHP, hand cheap under test actually exists injection, download the source code and actually found the whole Station involved in the database operation of all the presence of injection, the variable is completely...

Serendipity 1.6.1 SQL Injection

SQL Injection vulnerability in Serendipity Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

The movable section(dkcms)vulnerability-vulnerability warning-the black bar safety net

The main is almost 3 versions of main, v2. 0 v3. 1 v4. 2 Google keyword: powered by dkcms The website turned out to find the source code download, Baidu, download this 3 source code, as is the asp source code, mostly to look at the default database, what are the three default database V2. 0...