Apache Maven version 3.0.4 (with Apache Maven Wagon version 2.1) has introduced a non-secure SSL mode by default. This mode disables all SSL certificate checking, including: host name verification , date validity, and certificate chain. Not validating the certificate introduces the possibility of a man-in-the-middle attack.
54b8a3c9c72b613700cbc8a0df15bda1fc8bf0236fd7a3b9243695817a44ea7fThis Metasploit module exploits a vulnerability in Kordil EDMS version 2.2.60rc3. This application has an upload feature that allows an unauthenticated user to upload arbitrary files to the '/kordil_edms/userpictures/' directory.
c33960b0a5838ddb0853afe03218b7db5ca3b95debdf3a837b3c39d718e797fcThis Metasploit module exploits a file upload vulnerability found in PolarPear CMS. By abusing the upload.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.
d370b8ce0ea599ae7baa968d4166c255fd933b5c56eb77c490c0d1b8f597ef28CONFidence 2013 Call For Papers - This conference will take place from May 28th through the 29th, 2013 in Krakow, Poland.
c86a9dd23da0a4c48dac0e9bc8e4dc21c42a5762f7246b4015319678b8fc30acMTP Poll version 1.0 suffers from multiple stored cross site scripting vulnerabilities.
fd4383d0770c3c6af8f72b9815aae12605343398154a01d43ae44636bef6dc5dMTP Guestbook version 1.0 suffers from multiple stored cross site scripting vulnerabilities.
529efdafea4eb48f880aaa208c6bdf7dfbfaa5fd4e980cf47f3d7c5e2a66616eMTP Image Gallery version 1.0 suffers from a stored cross site scripting vulnerability.
61c1d4858ce3e719e8413ba6347af8e914ac284cf57610d197eed9aef84f1294Debian Linux Security Advisory 2631-1 - Squid3, a fully featured Web proxy cache, is prone to a denial of service attack due to memory consumption caused by memory leaks in cachemgr.cgi.
62ad006b2455956a38e0d73d9d4610a63b827cbb6ef605de9084d4d383314ac6This Metasploit module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February of 2013. Additionally, this module bypasses default security settings introduced in Java 7 Update 10 to run unsigned applet without displaying any warning to the user.
0abc5276937c182f0640b79c2c4ed49a2a0bde2a1aa762e63cc17c0ddad5fe4fphpMyRecipes version 1.2.2 suffers from multiple persistent cross site scripting vulnerabilities.
9ee74a35b8f01ce1962bdb0304e813e3d1601e6030bd495015c297cb735c1093WiFilet version 1.2 suffers from cross site request forgery, local file inclusion, and remote shell upload vulnerabilities.
9e42d3706a2f92089013ffd59637c2acb3ac7fa9a20c41a3158d9e48b2f1c6c3Mandriva Linux Security Advisory 2013-014 - Multiple security issues were identified and fixed in OpenJDK. MBeanServer access restrictions were added, improved TLS handling of invalid messages, and more.
8ac40eb4b2ce07209ddf331559853b548ca985e61c74804dcf0ddfa8c2e80994Ubuntu Security Notice 1746-1 - Chris Wysopal discovered that Pidgin incorrectly handled file transfers in the MXit protocol handler. A remote attacker could use this issue to create or overwrite arbitrary files. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10. It was discovered that Pidgin incorrectly handled long HTTP headers in the MXit protocol handler. A malicious remote server could use this issue to execute arbitrary code. Various other issues were also addressed.
cab8da5f6e98651feb98f652311a38e0a1209f3942cdce9adda737ce25ba333dUbuntu Security Notice 1747-1 - It was discovered that Transmission incorrectly handled certain micro transport protocol packets. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
f1a5e333f4463410577bb016b2bae709778d942ed9697ed337f84b18fede5ceaSecurity Explorations has discovered two new security issues in Java SE 7 Update 15.
6e34dc4dfaf21577b6c54c34aa6c280cdca75c13e6e64bafe3d587b41b47e888
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed