Ubuntu Security Notice 1454-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service.
669bfff032cd2b42bbdf149e5ef06a1d
This Metasploit module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution.
8dc19f398388284a81cf2ecae5005436
This Metasploit module exploits a vulnerability found in RabidHamster R4's web server. By supplying a malformed HTTP request, it is possible to trigger a stack-based buffer overflow when generating a log, which may result in arbitrary code execution under the context of the user.
d5c7b728cc34e438d56471e6fbda49bd
The GreHack 2012 Call For Papers has been announced. It will be held in Grenoble, France on October 19th, 2012.
77c4584bf8b850f6540301a838dd4258
ResEdit version 1.5.11-win32 suffers from a buffer overflow. Proof of concept denial of service exploits included.
6f23782d3add86957f122b199a5849ec
Kolkata is a tool for IDS evading web application fingerprinting. It is written in perl and uses LibWhisker.
bb2c661a62752b3093161dc4ad3b29ba
This Metasploit module exploits a vulnerability found in Dorn Content Management Script (CMS), version 1.4. By abusing the add_page.php file, the attacker can upload/add a new file (.php) to the /cms/pages/ directory without any authentication, which results in arbitrary code execution.
c93d65487a1c0efc12fc9a8a68adc5db
The Hacktivity 2012 Call For Papers has been announced. It will be held from October 12th through the 13th, 2012 in Budapest, Hungary.
c4e46f46fe62ec6961a307d6fb8167af
LogAnalyzer version 3.4.2 suffers from cross site scripting, arbitrary file reading, and remote SQL injection vulnerabilities.
2427d2cf98e92db38be0f21c58da1065
Pligg CMS version 1.2.1 suffers from cross site scripting and local file inclusion vulnerabilities.
7b79d17eacb9df80bafc88ab8fbbdabc
pragmaMx version 1.12.1 suffers from a cross site scripting vulnerability.
5433c6278bfe6b6212f911b0a46eda42
Ubuntu Security Notice 1453-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
e3d9015d666d8f4b4efc27aeb34e081a
Ubuntu Security Notice 1452-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
b2abab8c59bf6aa71b07833130a15467
Ubuntu Security Notice 1451-1 - Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). It was discovered that an integer underflow was possible when using TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.
b8cc47d8f5416ce1152fba137dfd8f1a
DynPage version 1.0 suffers from cross site request forgery and shell upload vulnerabilities.
476adc1bf90918f7ad3741caca2d770e
Secunia Security Advisory - Astaro has issued an update for IPsec. This fixes a vulnerability with an unknown impact.
07be0c82609287b9fdf2b6bf5520d6fb
Secunia Security Advisory - A weakness has been reported in PyCrypto, which can be exploited by malicious people to conduct brute force attacks.
1de7de996fc4de218889855034c150c1
Secunia Security Advisory - A vulnerability has been reported in dotCMS, which can be exploited by malicious users to compromise a vulnerable system.
ff29c82b9de64d53f8b7fb4fe3013810
Secunia Security Advisory - Tiago Natel de Moura has discovered multiple vulnerabilities in SocialEngine, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and request forgery attacks.
dfa667da3b23fc383980816fa1e979ca
Secunia Security Advisory - Multiple vulnerabilities have been reported in the Search API module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
64cd85dfc63076208536e81786bf9a24
Secunia Security Advisory - A vulnerability has been reported in Apache Commons Compress, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.
47846757ee661dbed11a60ed1c997afd
Secunia Security Advisory - Apache has acknowledged a vulnerability in Ant, which can be exploited by malicious people to cause a DoS (Denial of Service).
44ff17dda22f0f079c26183df2d44450
Secunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to compromise a user's system.
b38f21580908a7f8e1dc9f21b4e1cbcf
Secunia Security Advisory - SUSE has issued an update for cobbler. This fixes two vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site request forgery attacks.
7b58cfcf9357201c95c515ae89cfba30