Mandriva Linux Security Advisory 2012-045 - Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service via a large SessionTicket. The updated packages have been patched to correct this issue.
572e8c5259414309e786c80cfcc0c353
Landshop version 0.9.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
7fe01044382a154e5008d587bd38fab8
Bitsmith PS Knowbase version 3.2.3 suffers from a buffer overflow vulnerability.
64e9f716937cf71a42f866d7c3bd0c06
This Metasploit module exploits a vulnerability due to the fact that AtomicReferenceArray uses the Unsafe class to store a reference in an array directly, which may violate type safety if not used properly. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations.
231bc9024a8d1bdd347e7c1c06aeacf5
This whitepaper goes into detail on how to bypass tolower() filters in buffer overflows. It uses a stack-based buffer overflow as an example but the technique can also be applied to heap overflows as well.
f64919dfc1aa21cbaaaaeadd847a02ff
JAMWiki version 1.1.4 suffers from a reflective cross site scripting vulnerability.
c41d9e87bff147429447751bc99e93e3
SocialCMS versions 1.0.2 and below suffer from multiple cross site scripting vulnerabilities.
7e830a0a868616aaaad87062861fe82d
Simple PHP Agenda versions 2.2.8 and below suffer from multiple cross site request forgery vulnerabilities.
2115134f72ada62b4a134ceb4137c0d8
This is a brief whitepaper discussing the security of contactless smartcard technology.
bec6389370e339eaae8653020480ad03
MailMax versions 4.6 and below POP3 USER remote buffer overflow exploit.
24ed1d2a3aced115de4bc69efbd82782
SyndeoCMS versions 3.0.01 and below suffer from a persistent cross site scripting vulnerability.
7db0a466f9aa1fc57ae522f0fd0c5f0d
VMware suffers from a backdoor ROM overwrite privilege escalation vulnerability.
ac9c357fb3ec066762da9b1543eb0f6d
Intuit Help System suffers from protocol file retrieval vulnerability.
a0b26fa201e834e79aa35a5e5bec4c88
Dalbum version 144 build 174 suffers from a cross site request forgery vulnerability.
02e8d20381914b8d3f7e4e0f2887a292
Intuit Help System suffers from protocol URL heap corruption and memory leak vulnerabilities.
c4a7ca65d102d5fbddb0b26479033d43
WebMatter CMS suffers from a remote SQL injection vulnerability.
7a165d9bc3a1e4ec2b323e79c82849a9
ArticleSetup versions 1.11 and below suffer from cross site scripting and remote SQL injection vulnerabilities.
7bffcd87c83238fa8ddb16684ba79dad
PHP versions 5.4 and 5.3 suffer from a deprecated eregi() memory_limit bypass vulnerability. Proof of concepts included.
0e2bd88a30f6eb4922b26eb8de7a90dc
Firstload.com suffers from a cross site scripting vulnerability.
c43557049d2936484768f097613df4ae
VMware Security Advisory 2012-0006 - VMware ESXi and ESX address several security issues.
33ec7bc42c9c6c50e69c08c3cf727c79
Secunia Security Advisory - A vulnerability has been discovered in Havalite, which can be exploited by malicious users to compromise a vulnerable system.
e17fdc00129e48f44bc7d3790576d5af
Secunia Security Advisory - A vulnerability has been discovered in Havalite, which can be exploited by malicious users to compromise a vulnerable system.
e17fdc00129e48f44bc7d3790576d5af
Secunia Security Advisory - A vulnerability has been reported in Red Hat Network Satellite, which can be exploited by malicious people to bypass certain security restrictions.
87512db6b9ba0b02f8c296a3c77b18a2
Secunia Security Advisory - OpenVZ has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges, by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
e3e0acc024459e92de0d4e28ec553466
Secunia Security Advisory - Antu Sanadi has discovered multiple vulnerabilities in ArticleSetup, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site scripting and SQL injection attacks.
f17d03ffa9877392cb08a6c8fefc7137