CVE-2012-0884

The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack MMA adaptive chosen ciphertext...

Simple Posting System 1.0 Final Local File Inclusion

Exploit Title: Simple Posting System Multiple Google Dork: inurl:sps.php?old= or inurl:sps.php " Date: 14/03/2012 Author: n0tch aka andmuchmore Software Link: http://realize.be/files/sps.tar.gz Version: 1.0 Final Tested on: Windows 7 / LinuxUbuntu +-- LFI --+...

CVE-2012-0884

The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack MMA adaptive chosen ciphertext...

UBUNTU-CVE-2012-0884

The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack MMA adaptive chosen ciphertext...

Fedora 17 : python-mwlib-0.13.5-1.fc17 (2012-3138)

Update to version 0.13.5, which solves the following issues : It was reported that mwlib suffered from a flaw that could allow a remote attacker to perform a denial of service attack on a mwlib installation by forcing it to parse a specially crafted iferror magic function. This issue has been...

phxEventManager 2.0 Beta 5 SQL Injection

Exploit Title: phxEventManager 2.0 beta 5 search.php searchterms SQL Injection Vulnerability Date: 01/03/2012 Author: skysbsb Software Link: http://sourceforge.net/projects/phxeventmanager/ Version: Web Application Tested on: Apache/nix Dork: intext: "Powered by phxEventManager" Code : Exploited...

vixie-cron security, bug fix, and enhancement update

4:4.1-81 - 455664 adoptions of crontab orphans, forgot add buffer for list of orphans - Related: rhbz455664 4:4.1-80 - 654961 crond process ignores the changes of user's home directory needs bigger changes of code. The fix wasn't applied, detail in comment11. - Related: rhbz249512 4:4.1-79 -...

Ubuntu 10.04 LTS / 10.10 : xulrunner-1.9.2 vulnerabilities (USN-1353-1)

Jesse Ruderman and Bob Clary discovered memory safety issues affecting the Gecko Browser engine. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of t...

Mozilla Firefox 3.6.x < 3.6.26 Multiple Vulnerabilities

Binary data 6307.prm...

Mozilla Thunderbird 3.1.x Multiple Vulnerabilities

Binary data 801371.prm...

Mandriva Update for mozilla MDVSA-2012:013 (mozilla)

Check for the Version of mozilla OpenVAS Vulnerability Test Mandriva Update for mozilla MDVSA-2012:013 mozilla Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (MAC OS X)

The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbmozillaprdtsipv6literalsyntaxinfodiscvulnmacosx.nasl 6445 2017-06-27 12:31:06Z santu $ Mozilla Products IPv6 Literal Syntax Cross Domain...

RHEL 4 : seamonkey (RHSA-2012:0084)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0084 advisory. - Mozilla: Same-origin bypass using IPv6-like hostname syntax MFSA 2012-02 CVE-2011-3670 - Mozilla: memory safety hazards in 10.0/1.9.2.26...

Mozilla: Same-origin bypass using IPv6-like hostname syntax (MFSA 2012-02)

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and...

Firefox 3.6 < 3.6.26 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox 3.6 is earlier than 3.6.26. Such versions are potentially affected by multiple vulnerabilities : - A use-after-free error exists related to removed nsDOMAttribute child nodes.CVE-2011-3659 - The IPv6 literal syntax in web addresses is not being properly enforced...

Mozilla Thunderbird 3.1.x < 3.1.18 Multiple Vulnerabilities

The installed version of Thunderbird 3.1.x is earlier than 3.1.18 and is, therefore, potentially affected by the following vulnerabilities: - A use-after-free error exists related to removed nsDOMAttribute child nodes.CVE-2011-3659 - The IPv6 literal syntax in web addresses is not being properly...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-01 Miscellaneous memory safety hazards rv:10.0/ rv:1.9.2.26 MFSA 2012-02 Overly permissive IPv6 literal syntax MFSA 2012-03 iframe element exposed across domains via name attribute MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal o...

Overly permissive IPv6 literal syntax — Mozilla

For historical reasons Firefox has been generous in its interpretation of web addresses containing square brackets around the host. If this host was not a valid IPv6 literal address, Firefox attempted to interpret the host as a regular domain name. Gregory Fleischer reported that requests made...

vBSEO 3.6.0 - proc_deutf() Remote PHP Code Injection (Metasploit)

vBSEO 3.6.0 - procdeutf Remote PHP Code Injection Metasploit require 'msf/core' class Metasploit3 'vBSEO %q This module exploits a vulnerability in the 'procdeutf' function defined in /includes/functionsvbseocpabstract.php. User input passed through 'charrepl' POST parameter isn't properly...

Fully automated MySQL5 boolean based enumeration tool

Fully automated MySQL5 boolean based enumeration tool Blackhatacademy Developers releases Fully automated MySQL5 boolean based enumeration tool. By default, this script will first determine username, version and database name before enumerating the informationschema information. When the -q flag ...