Mandriva Linux Security Advisory 2011-042 - Security issues were identified and fixed in mozilla-thunderbird. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Other issues were also addressed.
c18745e5601f0337f61235867e05194f
Ubuntu Security Notice 1049-2 - USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Various other issues were also addressed.
ed6a0c6776f2067a9a92b34fb4bbce08
Multiple SMTP implementations suffer from a plaintext injection vulnerability with STARTTLS.
1b04af43139f06389239140f5ad5fb22
BMForum Myna version 6.0 suffers from a remote SQL injection vulnerability.
35240961b5f40f0bd10e367084f16c64
Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods (dictionary, bruteforce, hybrid) and has 31 plugins for different types of hashes (md5, sha1, phpbb3, mysql, md5 (unix), des(unix), sha(unix), vbulletin, smf, etc). It is multithreaded and supports session save/restore.
1bd25a7df7544f3653eba97b5b15d85c
It would appear that Mutt fails to check the validity of a SMTP server's certificate during a TLS connection.
c194da6cc8894df5a3eff430bb2d9280
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
c40cd0b56a666316e91718d72ebec86c
RECON 2011 Call For Papers - RECON is a security conference taking place in downtown Montreal from July 8th through the 10th.
7ec97d56cee0974e0732ac83a21af9e0
Ubuntu Security Notice 1085-1 - Multiple vulnerabilities related to tiff have been discovered and addressed. Sauli Pahlman discovered that the TIFF library incorrectly handled invalid td_stripbytecount fields. Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF files with an invalid combination of SamplesPerPixel and Photometric values. Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled invalid ReferenceBlackWhite values. Sauli Pahlman discovered that the TIFF library incorrectly handled certain default fields. It was discovered that the TIFF library incorrectly validated certain data types. It was discovered that the TIFF library incorrectly handled downsampled JPEG data. Various other issues were also addressed.
98206d281f78cc5326593ab95451050c
Ubuntu Security Notice 1084-1 - It was discovered that Avahi incorrectly handled empty UDP packets. A remote attacker could send a specially-crafted packet and cause Avahi to hang, resulting in a denial of service.
cf624d65b1068aa3b6ce89b93fe69472
Apple iPhone 4 with iOS 4.3 (8F190) suffers from a passphrase disclosure vulnerability that allows all local processes access to it.
5806a00d78c413e35d82e31be0490810
arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received. It allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details. These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.
be8826574ec566217eb7ca040fe472f9
The Softman administrative login page suffers from a remote SQL injection vulnerability that allows for authentication bypass.
09b607b1e78b5790c4848784017eca7b
Kodak InSite version 5.5.2 suffers from multiple cross site scripting vulnerabilities.
f1ed2a800ad6b74c542f6b67476c0c6c
KingView version 6.5.3 SCADA related active-x exploit.
cf490f30ef094c615198e25a615d832e
Bacula-Web version 1.3.x suffers from cross site scripting and remote SQL injection vulnerabilities.
e3756be1d26d06db5f1e2707950eb0bd
Weborf version 0.12.4 suffers from a denial of service vulnerability.
c8515c8da97ba8879ad224b987ff300f
Hiawatha WebServer version 7.4 suffers from a denial of service vulnerability.
a6a50f7d3a5db91c593cafb0bdbad9b4
Mutare Software EVM version 2.2.9 suffers from cross site request forgery and cross site scripting vulnerabilities.
726f81101b40c99683eb37dcf0d25b4a
This script is a simple SMTP verification tool to send mail.
b8ebd77f77c5baca23a5e6eed2ef6fd7
Secunia Security Advisory - A vulnerability has been reported in Wing FTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
6dc2835453b8170e7ca17db64d4b370d
Secunia Security Advisory - Fedora has issued an update for q. This fixes a security issue, which can be exploited by malicious, local users to potentially gain escalated privileges.
6d2ee0acf32dfb21979ed6958a5203ba
Secunia Security Advisory - Fedora has issued an update for moin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
b64e63efd7783d74622ab286f78e314b
Secunia Security Advisory - A vulnerability has been discovered in InterPhoto Gallery, which can be exploited by malicious people to disclose sensitive information.
304fce4ff9a9c1e661a511dec7eb87f2
Secunia Security Advisory - Two security issues have been reported in GNU TeXmacs, which can be exploited by malicious, local users to gain escalated privileges.
cdf111ba0ef3e1686b06d26f90047b7c