Core Security Technologies Advisory - This advisory describes two vulnerabilities that provide access to any file stored in on a user's desktop system if it is running a vulnerable version of Internet Explorer. These vulnerabilities can be used in attacks combined with a number of insecure features of Internet Explorer to provide remote access to locally stored files without the need for any further action from the victim after visiting a website controlled by the attacker.
36320648119fe6322abfd8ce8887f87e
libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS, SECSH-USERAUTH, SECSH-CONNECTION, SECSH-ARCH, SECSH-FILEXFER, SECSH-DHGEX, SECSH-NUMBERS, and SECSH-PUBLICKEY.
24144c99908f377c2c4a9b3942102f0b
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
2fc31bc0c940fbe545a88d896b13cacf
tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.
51dc4a2e5bcbc0ff7dd1a420635c614e
ManageEngine OpUtils 5 suffers from multiple cross site scripting vulnerabilities in Login.DO.
b569e4cd245b6a5868965bb9949c002e
ManageEngine OpUtils 5 suffers from a remote SQL injection vulnerability in Login.DO.
ab4dbe3b908d1e7283e0f2d25720467e
UltraBB version 1.17 suffers from a cross site scripting vulnerability.
e70ce312039d9c06cb2a1e98484e24b7
The Hackito Ergo Sum 2010 Call For Papers has been announced. It will be held from April 8th to 10th, 2010 in Paris, France. HES2010 will focus on hardcore computer security, insecurity, vulnerability analysis, reverse engineering, research and hacking.
e4432de9993e8e01e8bf8e785aa4784e
Outlook Web Access (OWA) suffers from a vulnerability that allows direct access to files blocked by policy.
d8f70bc0f1a1bbc62540ee3043f2a50d
Hipergate version 4.0.12 suffers from a remote SQL injection vulnerability.
a5cc9759bc347aa210794009247813a5
Hipergate version 4.0.12 suffers from a reflected cross site scripting vulnerability.
c4ae14b95f6b97895fbde7eb9e9d3fa9
Hipergate version 4.0.12 suffers from a permanent cross site scripting vulnerability.
1d2b1c6e1e6be949e7cbd52c92882723
Hellcode Research has discovered a heap overflow vulnerability in AOL 9.5. Opening a malformed vCard file (.vcf) with AOL 9.5 causes a crash on "waol.exe". Successful exploitation may allow execution of arbitrary code.
4a4f33ee6e688f98ab47780495138ecf
Remote command execution exploit for the AMS2 (Alert Management Systems 2) component of multiple Symantec products.
f978f77e5fbeaf14861e8acc2a406f0e
The mobile interface of Facebook social network was affected by a cross site scripting vulnerability.
338251d4ffb06072b74d2b1c1c127482
Whitepaper called Reverse Honey Trap - Striking Deep Inside Online Web Antivirus Engines and Analyzers.
979913c772244ef601f8a0becdd79981
HP Security Bulletin - A potential security vulnerability has been identified with certain RMS (Record Management Services) patch kits for HP OpenVMS running on ALPHA platforms. The vulnerability could be locally exploited resulting in an escalation of privilege.
7f59caf4a03b1252f4de50f00137b2b3
Debian Linux Security Advisory 1990-1 - Stefan Goebel discovered that the Debian version of trac-git, the Git add-on for the Trac issue tracking system, contains a flaw which enables attackers to execute code on the web server running trac-git by sending crafted HTTP queries.
1bf01f60060ecfed6d59bc59620b1749
Debian Linux Security Advisory 1989-1 - Dan Rosenberg discovered a race condition in FUSE, a Filesystem in USErspace. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.
0b544879650be317a980053b30aee4fa
Debian Linux Security Advisory 1988-1 - Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework.
0fadcfbd4ac0cef554418c9945fd3bb0
PHP Car Rental Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2d12cc041c0ad3d7d5d158a6e7c3741a
Digital Amp MP3 version 3.1 local crash proof of concept exploit.
4f9a3b88e0975b5ba45f99cb81a7b8d3
This archive contains all of the 517 exploits added to Packet Storm in January, 2010.
7b95540b80dd588d186922b6943bce5e
Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.
2693e0f51f025572b3d3875fd0664c04
sydbox is a ptrace-based sandbox implementation. It intercepts system calls, checks for allowed filesystem prefixes, and denies them when checks fail. It has basic support for disallowing network connections. It has basic support to sandbox execve calls. It is based in part on catbox and strace.
a36c88a6abe919db2d138b3ad5b1f110