Zero Day Initiative Advisory 11-279 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Witness Systems eQuality Suite. This application is bundled with Nortel Contact Recording and Quality Monitoring Suite. Authentication is not required to exploit this vulnerability. The flaw exists within the Unify2.exe component which listens by default on TCP port 6821. When handling a packet type the process trusts a remaining packet length value provided by the user and blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
c5b7f7de67ca75c73da4296bc399ab55cec0f59dd665fc9c0582effcba399aa6
Zero Day Initiative Advisory 11-278 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Cloud Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application implements an RPC method. Due to incompletely initializing an object, the application will store a partially initialized session. This partially initialized session will allow one to make privileged RPC calls to the server. This can lead to code execution under the context of the service.
ef704e9100eb2b84dd85f0614c1b81e8320958e0c4b77d2651ef19086495603b
This is part two of the Simple x64 XOR Shellcode Encoder / Loader paper that adds in simple obfuscation.
07015c0dcec4eea8611e3ed8e6f9f82d8774813630fd343151116458df7fc37b
Red Hat Security Advisory 2011-1248-01 - This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure. It was found that a Certificate Authority issued fraudulent HTTPS certificates. This update removes that CA's root certificate from the ca-certificates package, rendering any HTTPS certificates signed by that CA as untrusted. All users should upgrade to this updated package. After installing the update, all applications using the ca-certificates package must be restarted for the changes to take effect.
0236290da9f1510ec94382d77494a2ba1019f4b53dc331c072633300ddefdbb5
SaurusCMS-CE version 4.7 suffers from remote file inclusion vulnerabilities.
8d0195a9a2c2ad6b058f2974be172b2a666f3904d2d40b9766856a79e152193c
Manifattura Web suffers from a remote SQL injection vulnerability.
003d838ca43023b2e1324c320dbce0e5bbf95898227a538f14cd188cd723a087
Loop suffers from a remote SQL injection vulnerability in ricetta.php.
6352e9d74961723476a09280194846791083062782d0243b1bdba8cdc87acd54
Virtualismi suffers from a cross site scripting vulnerability.
a9076db51a97b16a519055851c9a268a835474387e09ad735bf77d4bcf35cc74
BisonFTP server version 3.5 MKD remote buffer overflow crash exploit.
6157ac1b4d0108188bcfac3f9ccdadb47a302240c656b2fa5c72bfb65f934e09
ACal version 2.2.6 suffers from a cross site scripting vulnerability.
690e0cae40ac71cd5f6756464561786f1f34425d0714994ef9b5244906f298af
BroadWin WebAccess Client with bwocxrun.ocx versions 1.0.0.10 and below suffer from format string and memory corruption vulnerabilities. The OcxSpool function is affected by a format string vulnerability caused by the usage of the Msg string provided by the attacker directly with vsprintf() without the required format argument. WriteTextData and CloseFile allow to corrupt arbitrary zones of the memory through a fully controllable stream identifier in fclose() and fwrite().
15455c76959ce3375afe0d9ca55c3e3406b7eb808cd072c8d28bf369a9e800f5
Ubuntu Security Notice 1197-2 - USN-1197-1 fixed a vulnerability in Firefox with regard to the DigiNotar certificate authority. This update provides the corresponding updates for Thunderbird. We are aware that the DigiNotar Root CA Certificate is still shown as trusted in the Thunderbird certificate manager. This is due to Thunderbird using the system version of the Network Security Service libraries (NSS). Thunderbird will actively distrust any certificate signed by this DigiNotar Root CA certificate. This means that users will still get an untrusted certificate warning when accessing a service through Thunderbird that presents a certificate signed by this DigiNotar Root CA certificate. Various other issues were also addressed.
8b562af7e7845ff7b69f0432af9169bc0113318d3461f4b54c3155618fe6adfc
This Metasploit module exploits a stack buffer overflow in version 1.1 of Free MP3 CD Ripper. By creating a specially crafted .wav file, an attacker may be able to execute arbitrary code.
7401c2dd0f56ba28e5f6c554d7c4eaa36cfe2ff96cdf148453614fed7e3f7b1f
Cerberus FTP Server version 4.0.9.8 REST remote buffer overflow crash exploit.
4ffb43902001c39a48c6ed0bb68c9a86be4f2acf228608af5c8b5dfb4e6c2a2d
Whitepaper called Optimized Ad-Hoc On-Demand Distance Vector Routing Protocol.
276122fff45fd9a03d478f868be5278cae367c1fb18bb2597e19520d2ed8f62a
TPLINK TD-8810 cross site request forgery exploit that performs a reboot of the modem.
09bdf9635bf9b63fb18e4c32a5a237cf878a16ea494b709ac969f658d874aa04
Help Request System versions 1.1a and below suffer from a remote SQL injection vulnerability.
37895dba70ffd90625d5211353b8b44030a02e97b1142bfa7c462ec7add8cedf
ITT Web suffers from a remote SQL injection vulnerability.
a1ab545ac6bf0bc9777bd56c69013e8ccb3fa6c1076f0062f827c8ef950c8f54
ph5gruppo suffers from a remote SQL injection vulnerability.
3f79fddda30c9726e308e37ef1a17f53d4ecbd57aad29f4ef58457ec19107ec6
KnFTPd FTP server version 1.0.0 suffers from buffer overflow vulnerabilities. Dozens of FTP commands are affected. Proof of concept exploit included.
e539b8603fc798eefb0731e2211588194426f6b0cce6f42ae1ef8bef81ba6828
The Hacker News Magazine issue 04, released September, 2011. This magazine sums up recent news events in the hacker community.
4e1119d2b4ecb717c9fe59628951d163a13bb6a8c74bd477c694639f22b14965
This Metasploit module exploits a stack-based buffer overflow on DVD X Player 5.5 Pro and Standard. By supplying a long string of data in a plf file (playlist), the MediaPlayerCtrl.dll component will attempt to extract a filename out of the string, and then copy it on the stack without any proper bounds checking, which causes a buffer overflow, and results arbitrary code execution under the context of the user. This Metasploit module has been designed to target common Windows systems such as: Windows XP SP2/SP3, Windows Vista, and Windows 7.
348b94a602e053d653e9e822631e9a0911f02f12bdc2763f325cc1727f13dace
WordPress VideoWhisper Video Presentation plugin versions 1.1 and below suffer from a remote SQL injection vulnerability.
544a1459c5018f784d07a4d0f99fb2889727d63d7dec320d6380a973052c096d
Secunia Security Advisory - Luigi Auriemma has discovered multiple vulnerabilities in BroadWin WebAccess Client, which can be exploited by malicious people to compromise a user's system.
fa711a00a231bdc2225207dcc9ce851eef5ae362b57aaec880432931cc4b21b9
Secunia Security Advisory - Cisco has acknowledged a vulnerability in Cisco Quad, which can be exploited by malicious people to cause a DoS (Denial of Service).
0c08cc896384d16d199e14c8e25b1b8fcd8b08401ed932d8462f85c5f754b1d3