[SET] Social-Engineer Toolkit 4.1.3

TrustedSec Release the latest version of Social-Engineer Toolkit SET as 4.1.3. As most of us know that, It is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing. It was designed...

HP Intelligent Management Center UAM Buffer Overflow

This module exploits a remote buffer overflow in HP Intelligent Management Center UAM. The vulnerability exists in the uam.exe component, when using sprint in a insecure way for logging purposes. The vulnerability can be triggered by sending a malformed packet to the 1811/UDP port. The module has...

Penetration Testing Frequently Asked Questions

You may have noticed this recent article about Googles contest that rewarded a hacker for discovering a vulnerability in Chrome. Once Google verified the vulnerability, they were able to fix the bug and issue the cash prize to the hacker. This is a very public example similar to what Coalfire Lab...

Layton Helpbox 4.4.0 Multiple Security Issues

Layton Helpbox 4.4.0 Multiple Security Issues: Layton Helpbox 4.4.0 Multiple SQL Injection Points CVE-2012-4971 http://www.reactionpenetrationtesting.co.uk/helpbox-sql-injection.html Layton Helpbox 4.4.0 Authorisation Bypass Vulnerability CVE-2012-4975...

IBM Rational ClearQuest Multiple Script Information Disclosure

The remote install of IBM WebSphere Application Server contains one or more testing and debugging scripts as well as sample applications, likely resulting from a deployment of IBM Rational ClearQuest. These scripts provide information such as system paths and versions, which may aid an attacker...

NASA Jet Propulsion Laboratory Vulnerable to Cross Site Scripting (XSS)

Yesterday, we report about the security breach in US Government computers belongs to NASA restricted area website and Hacker dump out the complete source code and files from server of the website. Today another hacker claim a quick XSS Cross site scripting Vulnerability in NASA's Jet Propulsion...

Layton Helpbox 4.4.0 Stored Cross Site Scripting

Layton Helpbox 4.4.0 Embedded Cross-Site Scripting by Joseph Sheridan Summary Layton Technologies Helpbox product version 4.4.0 is vulnerable to an embedded cross-site scripting vulnerability. CVE number: CVE-2012-4972 Impact: Medium Vendor homepage: http://www.laytontechnology.com Vendor notifie...

[SECURITY] [DSA 2563-1] viewvc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2563-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 23, 2012 http://www.debian.org/security/faq -...

Fedora Update for dnsperf FEDORA-2012-15965

Check for the Version of dnsperf OpenVAS Vulnerability Test Fedora Update for dnsperf FEDORA-2012-15965 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

DSA-2562-1 cups-pk-helper - privilege escalation

Bulletin has no description...

DSA-2564-1 tinyproxy - denial of service

Bulletin has no description...

Researcher Develops Patch for Java Zero-Day, Puts Pressure on Oracle to Deliver its Fix

A security researcher has submitted to Oracle a patch he said took him 30 minutes to produce that would repair a zero-day vulnerability currently exposed in Java SE. He hopes his actions will spur Oracle to issue an out-of-band patch for the sandbox-escape vulnerability, rather than wait for the...

SAP NetWeaver RSDDCVER_COUNT_TAB_COLS - Potential SQL Injection

Application: SAP NetWeaver Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SQL injection Exploits: NO Reported: 22.10.2012 Vendor response: 23.10.2012 Date of Public Advisory: 16.11.2013 Reference: SAP Security Note 1836718 CVSS:...

[SECURITY] Fedora 18 Update: dnsperf-2.0.0.0-3.fc18

This is dnsperf, a collection of DNS server performance testing tools. For more information, see the dnsperf1 and resperf1 man pages...

[SECURITY] Fedora 17 Update: dnsperf-2.0.0.0-2.fc17

This is dnsperf, a collection of DNS server performance testing tools. For more information, see the dnsperf1 and resperf1 man pages...

DSA-2559-1 libexif - several

Bulletin has no description...

FileBound 6.2 - Local Privilege Escalation

FileBound 6.2 - Local Privilege Escalation Sense of Security - Security Advisory - SOS-12-010 Release Date. 10-Oct-2012 Last Update. - Vendor Notification Date. 14-Aug-2012 Product. FileBound On-Site Platform. Windows Affected versions. All versions prior to 6.2 Severity Rating. High Impact...

soapbox Local Root / Privilege Escalation Vulnerability

----------------------------------- soapbox 0.3.1 = Local Root Exploit ----------------------------------- Vendor URI: http://dag.wieers.com/home-made/soapbox/ Credit: Jean Pascal Pereira [email protected] Description: "Soapbox allows to restrict processes to write only to those places you want...

Web Help Desk by SolarWinds - Persistent Cross-Site Scripting

Author: loneferret of Offensive Security Product: Web Help Desk by SolarWinds Version: 11.0.7 older versions may be affected Vendor Site: http://www.webhelpdesk.com Software Download: http://www.webhelpdesk.com/help-desk-software/ Discovered: August 18th 2012 Disclosure: August 19th 2012: Reporte...

XnView JLS File Decompression Heap Overflow

XnView JLS File Decompression Heap Overflow Summary XnView Formats PlugIn is prone to an overflow condition. The JLS Plugin xjpegls.dll library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, a...