LACSEC 2014 Call For Presentations
LACSEC 2014 Call For Presentations - The 9th Network Security Event for Latin America and the Caribbean will be held in Cancun, Mexico May 4th through the 9th, 2014.
View ArticleNTP Spoofed "monlist query" Denial Of Service Proof Of Concept
NTP_SPQUERY.C is a spoofed "monlist query" program which can generate packets like those used in reflected amplification NTP attacks that were common in early 2014. Written entirely in C, it requires...
View ArticleQuantum vmPRO Backdoor Command
This Metasploit module abuses a backdoor command in vmPRO 3.1.2. Any user, even without admin privileges, can get access to the restricted SSH shell. By using the hidden backdoor "shell-escape" command...
View ArticleSecure rm 1.2.13
Secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery...
View ArticleLoadbalancer.org Enterprise VA SSH Private Key Exposure
Loadbalancer.org ships a public/private key pair on Enterprise virtual appliances version 7.5.2 that allows passwordless authentication to any other LB Enterprise box. Since the key is easily...
View ArticleChatNess 2.5 Session Fixation
ChatNess version 2.5 suffers from a session fixation vulnerability.
View Articlelitepublisher 5.72 Cross Site Scripting
litepublisher version 5.72 suffers from a cross site scripting vulnerability due to embedding a vulnerable version of swfupload.swf.
View ArticleSePortal 2.5 SQL Injection
SePortal version 2.5 suffers from a remote SQL injection vulnerability in the sp_id variable of staticpages.php. This version has already had known SQL injection vulnerabilities noted in 2011.
View ArticleGuppY 4.6.26 XSS / CRLF Injection
GuppY version 4.6.26 suffers from cross site scripting and CRLF injection vulnerabilities.
View ArticleBigace 2.7.5 LFI / XSS / SQL Injection
Bigace version 2.7.5 suffers from cross site scripting, local file inclusion, and remote blind SQL injection vulnerabilities.
View ArticleChat2 Cross Site Scripting / SQL Injection
Chat2 suffers from cross site scripting and remote blind SQL injection vulnerabilities.
View ArticleMeiuPic 2.1.2 Local File Inclusion
MeiuPic version 2.1.2 suffers from a local file inclusion vulnerability.
View ArticleDebian Security Advisory 2881-1
Debian Linux Security Advisory 2881-1 - Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, out of bound reads,...
View ArticleRed Hat Security Advisory 2014-0316-01
Red Hat Security Advisory 2014-0316-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing...
View ArticleOcportal 9.0.11 Cross Site Scripting / Local File Inclusion
Ocportal version 9.0.11 suffers from cross site scripting and local file inclusion vulnerabilities.
View Article