Root Exploit Western Digital's WD TV Live SMP/Hub

Exploit for hardware platform in category remote exploits Introduction ============ The WD TV Live Streaming Media Player is a consumer device to play various audio and video formats. Additionally it allows access to multiple video streaming services like Netflix, Hulu or Youtube.1 The device...

[SECURITY] Fedora 15 Update: roundcubemail-0.7.2-2.fc15

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

UI Randomization, Statistical Analysis Could End Clickjacking

A PayPal researcher argues in a new paper that a combination of randomized user interfaces and back end screenshot comparison tools could effectively put an end to clickjacking attacks, one of the most prevalent online scams. Brad Hill of Paypal argues in a new paper for a method he calls “adapti...

Web page content may overlap the address field

The browser's user interface contains several pieces of security information. To preserve this information correctly, web page content should not be able to display over the user interface. Certain styling can cause Opera to allow the content to be displayed outside the page, over the address...

CVE-2011-3054

The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors...

DarkComet-RAT v5.1 Released - Remote Administration Tool

DarkComet-RAT v5.1 Released - Remote Administration Tool This new version of the famous darkcomet RAT , a remote management tool created by DarkCoderSc . DarkComet is also considered as the most stable RAT around and it is even regarded more stable than some professional ones. Change Log: - GUI...

Code injection

Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a craft...

Critical: Red Hat Security Advisory: firefox security and bug fix update

Updated firefox packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Mozilla: window.fullScreen writeable by untrusted content (MFSA 2012-18)

Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a craft...

PHP Calendar Extension “SdnToJulian()”远程整数溢出漏洞

BUGTRAQ ID: 46967 CVE ID: CVE-2011-1466 PHP是一种在电脑上运行的脚本语言，主要用途是在于处理动态网页，包含了命令行运行接口或者产生图形用户界面程序。 PHP 5.3.6之前版本的Calendar扩展中的SdnToJulian函数在实现上存在整数溢出漏洞，可使攻击者通过calfromjd函数的首个参数造成拒绝服务 0 PHP 5.3.x 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net...

[SECURITY] Fedora 15 Update: phpMyAdmin-3.4.9-1.fc15

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

[SECURITY] Fedora 14 Update: phpMyAdmin-3.4.7-1.fc14

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index =3D es, users, permissions, while you still have the ability to...

Metasploit Community Edition - Advance penetration testing tool by Rapid7

Metasploit Community Edition - Advance penetration testing tool by Rapid7 Open-source penetration testing "Metasploit Framework" Rapid7 a project funded by the U.S. on October 18 U.S. time, and penetration testing tools platform to Metasploit Framework "Metasploit Community Edition" was released...

Metasploit Community Edition - Advance penetration testing tool by Rapid7

Metasploit Community Edition - Advance penetration testing tool by Rapid7 Open-source penetration testing "Metasploit Framework" Rapid7 a project funded by the U.S. on October 18 U.S. time, and penetration testing tools platform to Metasploit Framework "Metasploit Community Edition" was released...

CVE-2011-3518

Unspecified vulnerability in the Siebel Core - UIF Client component in Oracle Siebel CRM 8.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to User Interface...

CVE-2011-3526

Unspecified vulnerability in the Siebel Core - UIF Server component in Oracle Siebel CRM 8.0.0 and 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to User Interface...

Design/Logic Flaw

Unspecified vulnerability in the Siebel Core - UIF Server component in Oracle Siebel CRM 8.0.0 and 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to User Interface...

CVE-2011-3526

Unspecified vulnerability in the Siebel Core - UIF Server component in Oracle Siebel CRM 8.0.0 and 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to User Interface...

CVE-2011-3518

Unspecified vulnerability in the Siebel Core - UIF Client component in Oracle Siebel CRM 8.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to User Interface...

Hcon's Security Testing Framework (Hcon STF) v0.1beta

Hcon's Security Testing Framework Hcon STF v0.1beta After the first demo of Hfox, many people asked about a Chromium based framework for penetration testing/ethical hacking. After 3 months of work and research, and some input from AJ, the following tool has been developed for the arsenal of Hcon'...