7422 matches found
DSA-2989-1 apache2 - security update
Bulletin has no description...
DSA-2984-1 acpi-support - security update
Bulletin has no description...
PwnPi - A Pen Test Drop Box distro for the Raspberry Pi
PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 200+ network security tools pre-installed to aid the penetration tester. It is built a stripped down version of the Debian Wheezy image from the Raspberry Pi foundation's website and uses Openbo...
Havex, It’s Down With OPC
FireEye recently analyzed the capabilities of a variant of Havex referred to by FireEye as “Fertger” or “PEACEPIPE”, the first publicized malware reported to actively scan OPC servers used for controlling SCADA Supervisory Control and Data Acquisition devices in critical infrastructure e.g., wate...
Egresser - Tool to Enumerate Outbound Firewall Rules
Egresser is a tool to enumerate outbound firewall rules, designed for penetration testers to assess whether egress filtering is adequate from within a corporate network. Probing each TCP port in turn, the Egresser server will respond with the client’s source IP address and port, allowing the clie...
释锐教育区校版电子书包教学平台XSS漏洞
简要描述: 看到http://www.wooyun.org/bugs/wooyun-2010-051965过了,我也来了 存储型xss 详细说明: 利用官方demo测试 http://demo.31390.com:8080/eLearning/user.html 随意点击一个用户 在留言处写入xss语句 点击留言试试 直接就给弹了。。 看看源代码 毫无过滤 测试地址:http://demo.31390.com:8080/eLearning/message/s800.html 其实本身是html文件,给予xss很大空间 测试一下通用性...
DSA-2977-1 libav - security update
Bulletin has no description...
ODAT - Oracle Database Attacking Tool
ODAT Oracle Database Attacking Tool is an open source penetration testing tool that test the security of Oracle Databases remotely. Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a val...
Cross site scripting
Cross-site scripting XSS vulnerability in diagnostics/test.php in the Social Connect plugin 1.0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the testing parameter...
CVE-2014-4551
Cross-site scripting XSS vulnerability in diagnostics/test.php in the Social Connect plugin 1.0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the testing parameter...
Pixie CMS 1.0 - Multiple Local File Inclusion Vulnerabilities
No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-09-005 Application: Pixie CMS Versions Affected: 1.0 Vendor URL: http://www.getpixie.co.uk/ Bug: Multiple Local File Include Exploits: YES Reported: 29.08.2008 Vendor Response: 30.08.2008 Solution: NONE Date...
redaxscript 0.3.2 - Multiple Vulnerabilities
No description provided by source. ================================== Vulnerability ID: HTB22805 Reference: http://www.htbridge.ch/advisory/pathdisclosureinredaxscript.html Product: Redaxscript Vendor: http://redaxscript.com/ http://redaxscript.com/ Vulnerable Version: 0.3.2 Vendor Notification: ...
velocity web-server 1.0 - Directory Traversal file download vulnerability
No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-028 Application: Velocity web-server a part of Velocity Security Management System Versions Affected: Old version 1.0 Vendor URL: http://hirschelectronics.com Bugs: Directory traversal File Download...
Microsoft Office Picture Manager 2010 Crash PoC
No description provided by source. Title : Microsoft Office Picture Manager 2010 memory corruption Version : Microsoft Office professional Plus 2010 Crash : http://img715.imageshack.us/img715/7364/pocl.png Date : 2012-10-24 Vendor : http://office.microsoft.com Impact : Med/High Contact : coolkave...
Lenovo Hotkey Driver <= 5.33 - Privilege Escalation
No description provided by source. Author: Chilik Tamir - Amdocs Power Security Testing Group Website: http://invalid-packet.blogspot.com/2010/03/full-disclosure-security-vulnerability.html Subject: Security vulnerability Privilege escalation in Lenovo Hotkey Driver and Access Connections version...
Ferdows CMS Pro <= 1.1.0 - Multiple Vulnerabilities
No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: Ferdows CMS Pro =1.1.0 Multiple Vulnerabilities Vendor: www.fcms.ir Exploit: Available Vulnerable Version: 1.1.0 Pro Impact: Medium Original Advisory: http://www.bugreport.ir/index77.htm Fix: N/A 1...
Masir Camp E-Shop Module <= 3.0 (ordercode) SQL Injection Vuln
No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: Masir Camp E-Shop Module = 3.0 SQL Injection Vendor: www.masir.net Vulnerable Version: 3.0 and prior versions Exploit: Available Impact: Medium Fix: N/A Original Advisory: http://bugreport.ir/index52.htm 1...
PHP Captcha / Securimage 2.0.2 - Authentication Bypass - SO-11-007
No description provided by source. Sense of Security - Security Advisory - SOS-11-007 Release Date. 20-May-2011 Last Update. - Vendor Notification Date. 04-Apr-2011 Product. Securimage / PHPCaptcha Platform. PHP Affected versions. 1.0.4 - 2.0.2 Severity Rating. Medium Impact. Authentication bypas...
MobileCartly 1.0 Arbitrary File Deletion Vulnerability
No description provided by source. Exploit Title: MobileCartly 1.0 = Arbitrary Delete Vulnerability Date: 09/08/2012 Author: GoLdM Vendor or Software Link: http://mobilecartly.com/mobilecartly.zip Version: 1.0 Category:: Arbitrary Delete Vulnerability Google dork: : Tested on: Xp SP 2 Ex :...
Linux Kernel 2.6.10 File Lock Local Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12949/info A local denial of service vulnerability reportedly affects the Linux kernel. This issue arises due to a failure of the kernel to properly handle malicious, excessive file locks. An attacker may leverage this...