nessus-xmlrpc is a Ruby library for the Nessus XML-RPC interface. It comes with an example command line program that shows how easy it is to interact with the Nessus scanner.
23bdc28e21bcf552777d338a9f54b94e
Lenovo laptops running the Hotkey Driver and Access Connections software versions 5.33 and below suffer from a privilege escalation vulnerability. Full exploitation details provided.
197dc1c38c9c66cd38cc4d3ffe457f76
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
da10af8a789fa2e83e3635f3a1b76f5e
Ubuntu Security Notice 907-1 - It was discovered that gnome-screensaver did not correctly lock all screens when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. It was discovered that gnome-screensaver did not correctly handle keyboard grab when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. This issue only affected Ubuntu 9.10.
0779341d5cb6e3ff11a2489dcba18547
Tribisur versions 2.0 and below suffer from a local file inclusion vulnerability.
b57f7e0fba10b70409a963b0229fc35a
The Spamassassin Milter plugin suffers from a remote root command execution vulnerability. Full exploit details provided.
65f987b29f0f557007bd95469466936d
BigForum version 4.5 remote SQL injection exploit that dumps user table information.
441885aaaffc20d9973a7ed18a3ca858
Known Host Cracker (khc) is a small tool designed to recover hashed known_host files back to their plain-text equivalents.
00cea61517d93313c4a73cca64c0238e
GeoIPgen is a country-to-IPs generator. It's a geographic IP generator for IPv4 networks that uses the MaxMind GeoLite Country database. Geoipgen is the first published use of a geographic ip database in reverse to translate from country-to-IPs instead of the usual use of IP-to-country. Features: Random or sorted order, unique or repeating IPs, skips broadcast addresses, one, many or all countries.
edae9618c3413be8e380f1e10b5b91dd
DvBBS versions 7.1.x through 8.2.x suffer from a cross site scripting vulnerability. This is a variation of the flaw that affected versions prior to 7.1.0.
3cd304f7bfac9d084dea5dd5ad646661
Croogo CMS versions 1.2 and below suffer from cross site scripting vulnerabilities.
66e088097bda0faa94a082415c6c2e38
Mandriva Linux Security Advisory 2010-057 - The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
c235dd13d9ace6a2ca8327b6437ee2a6
JITed exec notepad shellcode.
b15fa36a2f9128b2f690400ae91f85a5
JITed Stage-0 Shellcode. This JIT shellcode finds VirtualProtect, restores the address of the shellcode, makes mem exec and jumps to it.
0d7fb99e6c6d84c075b2d24543bc6ae4
Whitepaper called Writing JIT-Spray Shellcode For Fun And Profit.
2b22c0c79fdfac6d6ec759fe2a2845be
Oracle Document Capture (EasyMail Objects EMSMTP.DLL version 6.0.1) Active-X control buffer overflow JIT-Spray exploit.
2deece0e4a04e5d2d2964754202e5dfa
SAP GUI version 7.10 WebViewer3D Active-X JIT-Spray exploit.
ecdcfd44aa28996e595d1ad2416aaf39
BBSMAX versions 3.0, 4.1, and 4.2 suffer from a cross site scripting vulnerability.
77cf5fd95efa29c6997e74768c398f23
E-Topbiz Link Ads 1 PHP script suffers from a remote SQL injection vulnerability.
dbed7948c8c4df7ce440b1a068501805
TopDownloads MP3 Player version 1.0 crash exploit that creates a malicious .m3u file.
147839fea06f877a9bc57766373c2860
Flare versions 0.6 and below local heap overflow denial of service exploit.
4c586f04d5fef027a275ae2524205921
Google Chrome version 4.0.249 XML denial of service proof of concept exploit.
5e8593679f05d8c119ca154a5749bb37
Secunia Security Advisory - Fedora has issued an update for drupal. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and bypass certain security restrictions.
9d2dcd08bd1dca8b59fec2d643911edd
Secunia Security Advisory - Fedora has issued an update for fetchmail. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.
effe9cfa81da8a4c935b49f1d92072fd
Secunia Security Advisory - Mr.tro0oqy has discovered a vulnerability in Yahoo! Player, which can be exploited by malicious people to compromise a user's system.
f832d86f8b373b7988d101d295ae4540