httpd: mod_proxy denial of service

A denial of service flaw was found in the modproxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules MPM that would cause the httpd child process to crash...

Libsafe 2.0 Multi-threaded Process Race Condition Security Bypass Weakness

No description provided by source. source: http://www.securityfocus.com/bid/13190/info Libsafe will normally kill an application when certain types of memory corruption are detected, preventing exploitation of some buffer overflow and format string vulnerabilities. A weakness has been reported th...

DCForum 6.0 - Remote Admin Privilege Compromise Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2728/info DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. Versions of DCForum are vulnerable to attacks which can yield an elevation of privileges an...

Simple Machines Forum 1.1.3 - Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl Written By Michael Brooks contact: th3dotr00katgmaildotcom SMF 1.1.3 Extremely fast Blind SQL Injection Exploit! -Binary Search -Multi-Threaded -NO benchmark's Two SQL Injection flaws. Works with magicquotesgpc=On or Off. Total Bypass of SMF's SQL...

openSUSE Security Update : chromium (openSUSE-SU-2013:1556-1)

Update to Chromium 30.0.1599.66 : - Easier searching by image - A number of new apps/extension APIs - Lots of under the hood changes for stability and performance - Security fixes : + CVE-2013-2906: Races in Web Audio + CVE-2013-2907: Out of bounds read in Window.prototype object + CVE-2013-2908:...

triple-fault when executing from a threaded process

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-14:06.exec Errata Notice The FreeBSD Project Topic: triple-fault when executing from a threaded process Category: core Module: kern Announced: 2014-06-03 Credit...

Apache Httpd < 2.4.10 : mod_status buffer overflow

A race condition was found in modstatus. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessibl...

Apache Httpd < 2.2.29 : mod_status buffer overflow

A race condition was found in modstatus. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessibl...

CentOS 5 : mysql55-mysql (CESA-2014:0536)

Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

openssl multi-threaded multi-domain EXP, support for custom ports, save the binary file to save space-bug warning-the black bar safety net

!/ usr/bin/python Quick and dirty demonstration of CVE-2 0 1 4-0 1 6 0 by Jared Stafford [email protected] The author disclaims copyright to this source code. Multi process and bin dump version by [email protected] import sys import struct import socket import time import select impo...

WVS v9.5 - Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner WVS is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web...

Fedora Update for community-mysql FEDORA-2014-5369

Check for the Version of community-mysql OpenVAS Vulnerability Test Fedora Update for community-mysql FEDORA-2014-5369 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

[SECURITY] Fedora 20 Update: community-mysql-5.5.37-1.fc20

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

Debian Security Advisory DSA 2908-1 (openssl - security update)

Multiple vulnerabilities have been discovered in OpenSSL. The following Common Vulnerabilities and Exposures project ids identify them: CVE-2010-5298 A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a...

Hidden File Finder v3.0 - Free Tool to Find and Unhide/Remove all the Hidden Files

Hidden File Finder is the free software to quickly scan and discover all the Hidden files on your Windows system. It performs swift multi threaded scan of all the folders parallely and quickly uncovers all the hidden files. It automatically detects the Hidden Executable Files EXE, DLL, COM etc an...

Exploit for Out-of-bounds Read in Openssl

This tool allows you to scan multiple hosts for Heartbleed, in a...

Apache HTTP Server多个拒绝服务漏洞

BUGTRAQ ID: 66303 CVE ID: CVE-2013-6438,CVE-2014-0098 Apache HTTP Server是开源HTTP服务器。 Apache HTTP Server 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1在实现上存在安全漏洞，可被恶意利用造成拒绝服务。 1、记录截断cookie时，modlogconfig模块存在错误，可被利用造成工作线程崩溃。要成功利用此漏洞需要使用线程化MPM。 2、删除前导空格时，moddav模块存在边界错误，可被利用通过特制的DAV WRITE请求破坏内存。 0 Apache Gro...

Apache Httpd < 2.4.9 : mod_log_config crash

A flaw was found in modlogconfig. A remote attacker could send a specific truncated cookie causing a crash. This crash would only be a denial of service if using a threaded MPM...

Apache Httpd < 2.2.27 : mod_log_config crash

A flaw was found in modlogconfig. A remote attacker could send a specific truncated cookie causing a crash. This crash would only be a denial of service if using a threaded MPM...

[DirBuster] Brute Force Directories and Files Names on Web/Application Servers

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts...