DNI, Justice Department Deny Targeting Americans for Surveillance Based on Religion, Politics

The Director of National Intelligence and the Department of Justice have denied a report based on leaked documents from Edward Snowden that United States intelligence and law enforcement agencies conduct surveillance of Americans based on their ethnicity, religious affiliation or political stance...

Autodesk VRED contains an unauthenticated remote code execution vulnerability

Overview Autodesk VRED contains an unauthenticated remote code execution vulnerability. Description CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection': Autodesk VRED Professional 2014 contains an unauthenticated remote code execution vulnerability...

Microsoft Says 'Technical Error' Led to Legitimate No-IP Customers Losing Service

In the course of its actions to take down a major malware operation, Microsoft seized more than 20 domains from No-IP.com, a hosting provider in Nevada. Microsoft now admits that the company made a technical mistake as part of that takedown, an errors that resulted in legitimate No-IP.com custome...

Symphony CMS 2.1.2 - Blind SQL Injection

No description provided by source. -------------------------------------------------------------------------------------------- 20110424 - Justanotherhacker.com : Symphony-cms blind sql injection JAHx111 - http://www.justanotherhacker.com/advisories/JAHx111.txt...

Wordpress Make A Statement (MaS) Theme - CSRF Vulnerability

No description provided by source. Title : Wordpress Make A Statement Themes CSRF File Upload Vulnerability Author : DevilScreaM Date : 11/17/2013 - 17 November 2013 Category : Web Applications Type : PHP Version : 1.x.x Vendor : http://themes.mas.gambit.ph/ Greetz : 0day-id.com |...

WordPress Mingle Forum plugin <= 1.0.31 SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Mingle Forum plugin = 1.0.31 SQL Injection Vulnerability Date: 2011-09-19 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/mingle-forum.1.0.31.zip Version: 1.0.31 tested...

MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/5408/info A serious design error in the Win32 API has been reported. The issue is related to the inter-window message passing system. This vulnerability is wide-ranging and likely affects almost every Win32 window-based...

MySQL 4/5 SUID Routine Miscalculation Arbitrary DML Statement Execution

No description provided by source. source: http://www.securityfocus.com/bid/19559/info MySQL is prone to these vulnerabilities: - A privilege-elevation vulnerability. A user with privileges to execute SUID routines may gain elevated privileges by executing certain commands and code with higher...

PHP 4.x/5.x MySQL Safe_Mode Filesystem Circumvention Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/4026/info PHP's 'safemode' feature may be used to restrict access to certain areas of a filesystem by PHP scripts. However, a problem has been discovered that may allow an attacker to bypass these restrictions to gain...

Oracle 9.x Database Parameter/Statement Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/9587/info Oracle database has been reported prone to multiple buffer overflow vulnerabilities when processing certain parameters and functions. Specifically the TIMEZONE parameter, NUMTOYMINTERVAL, NUMTODSINTERVAL and...

Ananta Gazelle CMS - Update Statement SQL Injection

No description provided by source. Exploit Title: Ananta Gazelle CMS - Update Statement Sql injection Google Dork: - Date: 07-02-2012 Author: hackme Software Link: http://sourceforge.net/projects/ananta/files/stable/Gazelle 1.0 stable/AnantaGazelle1.0.zip/ Version: 1.0 stable Tested on: backbox 2...

How2ASP.net Webboard <= 4.1 - Remote SQL Injection Vulnerability

No description provided by source. ========================================================== How2ASP.net Webboard 4.1 Remote SQL Injection Vulnerability ========================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Undergrou...

WikkaWiki <= 1.3.2 - Multiple Security Vulnerabilities

No description provided by source. ---------------------------------------------------- WikkaWiki = 1.3.2 Multiple Security Vulnerabilities ---------------------------------------------------- author............: Egidio Romano aka EgiX mail..............: n0b0d13satgmaildotcom software link.....:...

JVN#80006084: Web Kyukincho vulnerable to cross-site scripting

Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Update the Software Update to the latest...

Evernote official community hacked, user passwords exist leakage risk-vulnerability warning-the black bar safety net

Evernote official community by unknown hackers to attack and invade, hackers in some cases be able to obtain the user's login information and personal information. Evernote community Manager Geoff Barry, released today regarding the data breach statement: “https://discussion.evernote.com the...

Threat Outbreak Alert: Fake Credit Card Statement Email Messages on May 30, 2014

Medium Alert ID: 34428 First Published: 2014 May 30 18:36 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a credit card statement for the recipient. The text in the email message attempts to convince the recipient to ope...

Threat Outbreak Alert: Fake Account Statement Notification Email Messages on May 14, 2014

Medium Alert ID: 34227 First Published: 2014 May 14 17:34 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an account statement notification for the recipient. The text in the email message attempts to convince the...

Threat Outbreak Alert: Fake Bank Statement Notification Email Messages on May 7, 2014

Medium Alert ID: 34149 First Published: 2014 May 7 14:21 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a bank account statement for the recipient. The text in the email message attempts to convince the recipient to ope...

Threat Outbreak Alert: Fake Remittance Statement Notification Email Messages on May 5, 2014

Medium Alert ID: 34100 First Published: 2014 May 5 18:43 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a remittance statement for the recipient. The text in the email message attempts to convince the recipient to open...

Pearson eSIS Enterprise Student Information System SQL Injection

Advisory ID: hag201478 Product: Pearson eSIS Enterprise Student Information System Vendor: PearsonVue Vulnerable Versions: Any version Advisory Publication: April 06, 2014 Vendor Notification: March 05, 2014 Public Disclosure: April 06, 2014 Vulnerability Type: Improper Neutralization of Special...