Whitepaper called Beyond SQLi: Obfuscate and Bypass. It discusses filter evasion, normal and advanced SQL injection bypassing techniques, and more.
53da24878fd14e31209e104f5628e918c66caec3b70de820ef4ded44a458460e
This Metasploit module exploits a vulnerability in the nesting of frameset and iframe tags as implemented within Opera Browser. A memory corruption is triggered and some pointers got corrupted with invalid addresses. Successfully exploiting leads to remote code execution or denial of service condition under Windows XP SP3 (DEP = off).
cca2c04d9608cabd67212e6b6de6f391c4ae540b9386fc4c1e27694218c8edb5
This is an advance notification of 8 security bulletins that Microsoft is intending to release on October 11, 2011.
eff08c1d7e17a4a9c529b1d7b6787f386e6344b5784ba32b891fe69fbbbc8824
Red Hat Security Advisory 2011-1360-01 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple input sanitization flaws were found in the X.Org GLX extension. A malicious, authorized client could use these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. An input sanitization flaw was found in the X.Org Render extension. A malicious, authorized client could use this flaw to leak arbitrary memory from the X.Org server process, or possibly crash the X.Org server.
a2c7df4d7f0f4749d1e478b7b39f535eb92e6358a44a8012d44117e1c0e469b4
Red Hat Security Advisory 2011-1359-01 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple input sanitization flaws were found in the X.Org GLX extension. A malicious, authorized client could use these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. An input sanitization flaw was found in the X.Org Render extension. A malicious, authorized client could use this flaw to leak arbitrary memory from the X.Org server process, or possibly crash the X.Org server.
88e9d8bff4201fa5fe25e9fc5a73f5e6c51334046564cea142490cdc7e0d4ff0
Sparhawk suffers from a remote SQL injection vulnerability.
e401e71f7989eddb1062ff98b735dbcd0cab70c3bd9fb2d0b3ce6fb1e6ff5964
Desarrollado por Goyo suffers from a remote SQL injection vulnerability.
6e49240d75a170bb754ea35085fc8e2f297647d2bf8675564e9399af2597eb67
Active CMS version 1.2.0 suffers from a cross site scripting vulnerability.
249a5ece0f16988f42694d115ed314d9e20139fa8d8bb5e717d0645d5af59c88
Context discovered a security vulnerability which allows for Apache in reverse proxy mode to be used to access internal/DMZ systems due to a weakness in its handling of URLs being processed by mod_rewrite. Versions 1.3 and 2.x are affected.
cc7c3ff195e475a2b7ec8ea66d98deaebf0cf9dedd7ae209991e3d3c5d4274d8
Qmail-Scanner, (previously known as scan4virus) is an addon that enables a Qmail Email server to scan all gatewayed Email for certain characteristics. It is typically used for its anti-virus protection functions, in which case it is used in conjunction with commercial virus scanners, but also enables a site to react to Email (at a server/site level) that contains specific strings in particular headers, or particular attachment filenames or types.
b6c430c81efd41bd28e56fb60e6e1ecbd98e44346c2faad69ff164960f042247
Tsmim Lessons Library suffers from a remote SQL injection vulnerability.
9badbd51e12dbfd61f49f165d198ad88143d29eb5c9c3524d93d5638ab3e7695
Ubuntu Security Notice 1223-2 - USN-1223-1 fixed vulnerabilities in Puppet. A regression was found on Ubuntu 10.04 LTS that caused permission denied errors when managing SSH authorized_keys files with Puppet. This update fixes the problem. It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. Ricky Zhou discovered that Puppet did not drop privileges when creating SSH authorized_keys files. A local attacker could exploit this to overwrite arbitrary files as root. It was discovered that Puppet used a predictable filename when using the --edit resource. A local attacker could exploit this to edit arbitrary files or run arbitrary code as the user invoking the program, typically root. Various other issues were also addressed.
9636d922489ec56ac2e77818db39bf45e099c8cd62d03f34a5778a24ee429245
Red Hat Security Advisory 2011-1356-01 - Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was found in the way Openswan's pluto IKE daemon handled certain error conditions. A remote, unauthenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon.
9d7e7f60077f5b171101250cab4f008e2065fc9ea534b4125d43baccd450f221
Red Hat Security Advisory 2011-1350-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local user to cause a denial of service or escalate their privileges. An integer overflow flaw in agp_allocate_memory() could allow a local user to cause a denial of service or escalate their privileges.
3d636a28fe219521531a217797434d795fe574b941cb8b399ec8bdfe28d33cae
Cisco Security Advisory - The Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers is affected by denial of service and authentication bypass vulnerabilities. Cisco has released free software updates that address these vulnerabilities. Workarounds are available for some of the vulnerabilities disclosed in this advisory.
1980df1264c7c18bea334698b2c6ac809c1c4712eeff294abd73ca1e92cf85f7
The Apache mod_proxy module suffers from a reverse proxy exposure vulnerability.
99c1b40cb499bb7230f6dcb7690b190f0ac5434e9e581f118b4b1969c1691dbb
Cisco Security Advisory - Cisco Network Admission Control (NAC) Manager contains a directory traversal vulnerability that may allow an unauthenticated attacker to obtain system information. There are no workarounds to mitigate this vulnerability. Cisco has released free software updates that address this vulnerability.
8ce35dd3d112d57ad29a825ced5787873ad01a22b0b5981422159dab38877d4f
Cisco Security Advisory - Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module are affected by denial of service and authentication bypass vulnerabilities.
073964b616dbb1d2cf327038f0dbbeead07dfb3fcc23456be8257b230bbd14a6