Debian Security Advisory DSA 2795-2 (lighttpd - several vulnerabilities)

Several vulnerabilities have been discovered in the lighttpd web server. It was discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd. An upstream patch has now been applied that provides an appropriate identifier for client certificate...

[SECURITY] [DSA 2795-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2795-1 [email protected] http://www.debian.org/security/ Michael Gilbert November 13, 2013 http://www.debian.org/security/faq -...

DSA-2795-1 lighttpd - several

Bulletin has no description...

[SECURITY] Fedora 19 Update: nodejs-fstream-0.1.23-1.fc19

Provides advanced file system stream objects for Node.js. These objects are like FS streams, but with stat on them, and support directories and symbolic links, as well as normal files. Also, you can use them to set the stats on a file, even if you don't change its contents, or to create a symlink...

Setuid Nmap Exploit

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

Track That Stat <= 1.0.8 - Cross Site Scripting

The track-that-stat WordPress plugin was affected by a Cross Site Scripting security vulnerability...

WordPress Track That Stat Plugin 1.0.8 - Cross Site Scripting

WordPress Track That Stat plugin is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...

WordPress Plugin Track That Stat 1.0.8 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/53551/info The Track That Stat plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

WordPress Track That Stat 1.0.8 Cross Site Scripting

Hi We have used our tool, THAPS, to identify vulnerabilities in this WordPress plugin. We have confirmed at least one of the reported vulnerabilities and created a working exploit located below. Attached is one or more log files containing the output of our tool, identifying the location of the...

WordPress Plugin Track That Stat 1.0.8 - Cross-Site Scripting

WordPress Plugin Track That Stat 1.0.8 - Cross-Site Scripting source: https://www.securityfocus.com/bid/53551/info The Track That Stat plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this iss...

Security Concern : Internet Enabled TV can be hacked !

Security Concern : Internet Enabled TV can be hacked ! Is your Internet TV vulnerable to hackers? Internet TVs could be the newest avenue for cybercriminals to infiltrate your home or business. Last year, Researchers at Mocana, a security technology company in San Francisco, recently discovered...

ZDI-12-007 : Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-007 : Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-007 January 5, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Novell - --...

Novell Netware XNFS.NLM STAT Notify Remote Code Execution

Application: Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability Platforms: Novell Netware 6.5 SP8 Exploitation: Remote code execution CVE Number: Novell TID: 5117430 ZDI: ZDI-12-07 PRL: 2012-01 Author: Francis Provencher Protek Research Lab's Website:...

Novell Netware - XNFS.NLM STAT Notify Remote Code Execution

Novell Netware - XNFS.NLM STAT Notify Remote Code Execution Application: Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability Platforms: Novell Netware 6.5 SP8 Exploitation: Remote code execution CVE Number: Novell TID: 5117430 ZDI: ZDI-12-07 PRL: 2012-01 Author: Francis...

Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP...

zFTP FTP server buffer overflow

Buffer overflow on STAT and CWD commands processing...

Debian DSA-2305-1 : vsftpd - denial of service

Two security issue have been discovered that affect vsftpd, a lightweight, efficient FTP server written for security. - CVE-2011-2189 It was discovered that Linux kernels 2.6.35 are considerably slower in releasing than in the creation of network namespaces. As a result of this and because vsftpd...

USN-1204-1: Linux kernel (i.MX51) vulnerabilities

Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. CVE-2010-3859 Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local...

WordPress OdiHost Newsletter plugin &lt;= 1.0 SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress OdiHost Newsletter plugin = 1.0 SQL Injection Vulnerability Date: 2011-08-17 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/odihost-newsletter-plugin.zip Version: 1.0...

Ubuntu 8.04 LTS : linux vulnerabilities (USN-1170-1)

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. CVE-2010-4076, CVE-2010-4077 It was discovered that Xen did not correctly handle certain...