Ubuntu Security Notice 1146-1 - Kees Cook discovered that some ethtool functions did not correctly clear heap memory. A local attacker with CAP_NET_ADMIN privileges could exploit this to read portions of kernel heap memory, leading to a loss of privacy. Kees Cook discovered that the IOWarrior USB device driver did not correctly check certain size fields. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. Various other issues were also addressed.
71e6b39eab78b5479506bbaad126083f
byTolinet Agencia suffers from a remote blind SQL injection vulnerability.
99192d5be1a71b2e20da68e3e70fc00f
Pacer Edition CMS suffers from a cross site scripting vulnerability when parsing user input to the 'email' parameter via POST method in 'admin/login/forgot/index.php'.
04332a8f5d83ca9a9cb3c22f9e157535
Pacer Edition CMS version 2.1 remote arbitrary file deletion exploit.
6fa7455280f7689c775c516c148f3048
ClubHACK Magazine Issue 17 - Topics covered include pentesting your wireless, wi-fi tools, best practices for wi-fi networks, and forensics with Matriux.
30bd3105664b47de50d066a8090f0d17
This is proof of concept chunk of javascript code that demonstrates the tabnapping phishing vulnerability that works across multiple browsers.
0798eca412855d4d6368170233a1e226
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
4f3fb74ff1098c25eef8e10721478c29
EquiPCS suffers from a remote SQL injection vulnerability.
888bb63e21e3f6311a72540ab518599f
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
5f58b600c6332ab8234fd40d842caed8
27 bytes small FreeBSD/x86 shellcode that binds a shell on port 31337.
3165388a38477a6cabe2c64269aeec79
The Polycom IP Phone suffers from a remote password disclosure vulnerability.
b1224d46a4db7227a0b3f7a58850767e
PDFill PDF Editor version 8.0 suffers from an insecure library loading vulnerability.
706f0d7e7d5c625798c43a9f1540fd4f
The Aastra IP Phone 9480i web interface suffers from a data disclosure vulnerability.
57b6bdfc3cf1c0312e6bf508d56db373
FreePBX version 2.9.0.6 suffers from a remote shell upload vulnerability.
6b94049bbc627fffc65881801ecfc7f7
Booxys Hotel version 1.0 suffers from a cross site scripting vulnerability.
2b3be526f91749818e51f716d4324044
HP Security Bulletin HPSBMA02631 SSRT100324 - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
4a751040dfa49e7e1f6235dd128d28c5
This Metasploit module exploits a remote code execution vulnerability in Magneto ICMP ActiveX Control (OCX) version 4.0.0.20.
093c742194adf883f8eff9204d0c4cdd
Prefix Technologies suffers from a remote SQL injection vulnerability.
e799856ed4f3da61482f96f5c98cd76f
Zero Day Initiative Advisory 11-192 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java webstart parses certain properties from the jnlp file. Due to insufficient quote escaping it is possible to supply additional command line parameters to the java process. By crafting such parameters, an attacker can execute remote code under the context of the user running the process.
b27d262ee7ef6bf36113d7d810303811
Zero Day Initiative Advisory 11-191 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles color profiles. When parsing a color profile containing a 'scrn' tag, the process reads a user specified value describing the number of scrn objects in the file. This value is multiplied with the size of an scrn object possibly resulting in an integer overflow. This value is then used to allocate memory to hold all the scrn objects. By providing specific values it is possible to cause a memory corruption that can lead to remote code being executed under to user running the browser.
c895ba257b889472c9e1e5883cc2ec25
Red Hat Security Advisory 2011-0862-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An infinite loop flaw was found in the way the mod_dav_svn module processed certain data sets. If the SVNPathAuthz directive was set to "short_circuit", and path-based access control for files and directories was enabled, a malicious, remote user could use this flaw to cause the httpd process serving the request to consume an excessive amount of system memory. Various other issues were also addressed.
86d938e640147e2fd937a76f09898688
This Metasploit module exploits a vulnerability found on 7-Technologies IGSS 9. By supplying a long string of data to the 'Rename' (0x02), 'Delete' (0x03), or 'Add' (0x04) command, a buffer overflow condition occurs in IGSSdataServer.exe while handing an RMS report, which results arbitrary code execution under the context of the user. The attack is carried out in three stages. The first stage sends the final payload to IGSSdataServer.exe, which will remain in memory. The second stage sends the Add command so the process can find a valid ID for the Rename command. The last stage then triggers the vulnerability with the Rename command, and uses an egghunter to search for the shellcode that we sent in stage 1. The use of egghunter appears to be necessary due to the small buffer size, which cannot even contain our ROP chain and the final payload.
06fbc62d603706cbc91f88964ef39e91
Secunia Security Advisory - Red Hat has issued an update for subversion. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
7479c2c497761febbd1416882fe99e02
Secunia Security Advisory - Red Hat has issued an update for java-1.6.0-sun. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, compromise a user's system, and compromise a vulnerable system.
d11cfc400a5e40b3a2dcbb21ced3a0f8
Secunia Security Advisory - A vulnerability has been reported in the Horde_Auth Framework, which can be exploited by malicious people to bypass certain security features.
f88f6c5254024b62b72f01c8c4821797