visit News18 Urdu for latest news, breaking news, news headlines and updates from Sitapur on politics, sports, entertainment, cricket, crime and more.

visit News18 Urdu for latest news, breaking news, news headlines and updates from Mamit on politics, sports, entertainment, cricket, crime and more.

visit News18 Urdu for latest news, breaking news, news headlines and updates from Lohit on politics, sports, entertainment, cricket, crime and more.

A deficiency in handling authentication and authorization has been found with Kguard 104/108/v2 models. While password-based authentication is used by the ActiveX component to protect the login page, all the communication to the application server at port 9000 allows data to be communicated directly with insufficient or improper authorization. Proof of concept exploit included.

G DATA TOTAL SECURITY version 25.4.0.3 suffers from an active-x buffer overflow vulnerability.

Ubuntu Security Notice 4058-1 - It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command.

Ubuntu Security Notice 4058-2 - USN-4058-1 fixed a vulnerability in bash. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command. Various other issues were also addressed.

Ubuntu Security Notice 4180-1 - It was discovered that Bash incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

This Metasploit module exploits a vulnerability that exists due to a lack of input validation when creating a user. Messages for a given user are stored in a directory partially defined by the username. By creating a user with a directory traversal payload as the username, commands can be written to a given directory. To use this module with the cron exploitation method, run the exploit using the given payload, host, and port. After running the exploit, the payload will be executed within 60 seconds. Due to differences in how cron may run in certain Linux operating systems such as Ubuntu, it may be preferable to set the target to Bash Completion as the cron method may not work. If the target is set to Bash completion, start a listener using the given payload, host, and port before running the exploit. After running the exploit, the payload will be executed when a user logs into the system. For this exploitation method, bash completion must be enabled to gain code execution. This exploitation method will leave an Apache James mail object artifact in the /etc/bash_completion.d directory and the malicious user account.

Odin Secure FTP Expert version 7.6.3 Site Info denial of service proof of concept exploit.

Nsauditor version 3.2.0.0 denial of service proof of concept exploit.

SpotAuditor version 5.3.4 Name denial of service proof of concept exploit.

Secunia Security Advisory - r0t has reported a vulnerability in QualityEBiz Quality PPC (QualityPPC), which can be exploited by malicious people to conduct cross-site scripting attacks.

Inout PPC Engine suffers from a cross site request forgery vulnerability.

Secunia Security Advisory - A vulnerability has been reported in Inout PPC Engine, which can be exploited by malicious people to conduct cross-site request forgery attacks.