Debian Security Advisory DSA 3020-1 (acpi-support - security update)

During a review for EDF, Raphael Geissert discovered that the acpi-support package did not properly handle data obtained from a user OpenVAS Vulnerability Test $Id: deb3020.nasl 6735 2017-07-17 09:56:49Z teissa $ Auto-generated from advisory DSA 3020-1 using nvtgen 1.0 Script version: 1.0 Author:...

[SECURITY] [DSA 3021-1] file security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3021-1 [email protected] http://www.debian.org/security/ Luciano Bello September 09, 2014 http://www.debian.org/security/faq -...

Adobe Flash Player security update September 2014

Adobe today released an updated Flash Player that patched a dozen vulnerabilities, and also announced that a scheduled security update for Reader and Acrobat has been postponed to the week of Sept. 15. Today’s release, which coincides with Microsoft’s monthly scheduled security updates, patches...

PHP Secure Configuration Checker - Check current PHP configuration for potential security flaws

Among the most tedious tasks of PHP security testing is the check for insecure PHP configuration. As a successor of our PHP Security Poster, we have created a script to help system administrators as well as security professionals to assess the state of php.ini and related topics as quickly and as...

DSA-3021-1 file - security update

Bulletin has no description...

zAnti - Android Penetration Testing Toolkit (Free!)

zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety. zANTI offers a comprehensive range of fully customizable scans to...

SAP HANA metadata.xsjs - SQL injection

Application: SAP HANA Versions Affected: 1.00.60.379371 Vendor URL: http://www.sap.com Bugs: SQL injection Exploits: YES Reported: 09.04.2014 Vendor response: 10.04.2014 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 2067972 Author: Dmitry Chastukhin ERPScan Description SQL...

XML Entity Cheatsheet

An XML Entity testing cheatsheet. Testing was done using an older vulnerable version of nokogiri. In IRB you can require previous versions of gems. Certain techniques e.g. XInclude may require additional settings in Nokogiri. XML Headers: 1 2 | ---|--- Vanilla entity test: 1 | ---|--- SYSTEM enti...

Android browser vulnerability Cheetah, 3 6 0, surf, etc. are affected-vulnerability warning-the black bar safety net

It is reported that the vulnerability is exposed after, the black bar safety net vulnerability reporting platform for this vulnerability has been tested, found that the vulnerability can be when a user visits a malicious web site that quietly steal the user the access to the site within the...

SAP Kernel - RCE, DoS

Application: SAP NetWeaver Dispatcher Versions Affected: SAP Kernel 7.00 32BIT, 7.40 64BIT Vendor URL: http://www.sap.com Bugs: Buffer Overflow – RCE, DoS Exploits: YES Reported: 25.08.2014 Vendor response: 25.08.2014 Date of Public Advisory: 15.12.2014 Reference: SAP Security Note 2059734 Author...

Viproy v2.0 - VoIP Penetration Testing and Exploitation Kit

Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It supports signalling analysis for SIP and Skinny protocols, IP phone services and network infrastructure. Viproy 2.0 is released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extentions support,...

A billion reasons to enhance your penetration testing

There are so many questions regarding those leaked Russian passwords. Is this for real? What sites are on that list? How can you tell if your sites users are in the "Russian Billion"? Isnt this just a matter of changing user passwords? Bottom line: As a company with websites that have user...

IBM Sametime Meet Server 8.5 Arbitrary File Upload

Exploit Title: IBM Sametime Meet Server 8.5 Arbitrary File Upload Google Dork: intitle:"New Meet - IBM Lotus Sametime" Date: 11/08/2014 CVSS Score: http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=AV:N/AC:M/Au:N/C:P/I:P/A:P CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-3088...

DSA-2984-2 acpi-support - regression update

Bulletin has no description...

Debian: Security Advisory (DSA-2999-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-2997-1 reportbug - security update

Bulletin has no description...

DSA-2995-1 lzo2 - security update

Bulletin has no description...

Social Connect 0.10.1 - diagnostics/test.php testing Parameter Reflected XSS

The Social Connect WordPress plugin was affected by a diagnostics/test.php testing Parameter Reflected XSS security vulnerability...

利用骑士cms的一次纠结的渗透测试过程(两个潜在而被忽略的漏洞分析)

简要描述： 今天下载了骑士cms的最新版本，由于好久以前一个哥们发了一个后台拿shell的漏洞，还有别人发的一个sql注入的漏洞，一个有意思的渗透测试过程就从这两个地方开始了，成功的拿下了某大型人才网站的服务器，过程算比较艰辛吧，由于附带了对其实cms的漏洞重新分析，并且加入了自己新的利用方法，所以这里提交到了通用漏洞 详细说明： 第一步 我们分析一个老的sql注入问题： 文件job/plus/ajaxcommon.php:lines:88-100 if empty$GET'query' exit; $gbkquery=trim$GET'query'; if...

Kali Linux 1.0.8 — New Release Supports UEFI Boot

Great news for Hackers and Backtrack Linux fans! Offensive Security, the developers of one of the most advance open source operating system for penetration testing known as 'KALI Linux', has finally announced the release of the latest version i.e. Kali Linux 1.0.8. Kali Linux is based upon Debian...