A large amount of heap and buffer overflows along with denial of service conditions have been addressed in libexif. Versions 0.6.20 and below are affected.
7c6eb35c0114a47e761fa33fe4d24e97391d0ae94702f7a6c5114836348d9739
Red Hat Security Advisory 2012-1081-01 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way the network matching code in sudo handled multiple IP networks listed in user specification configuration directives. A user, who is authorized to run commands with sudo on specific hosts, could use this flaw to bypass intended restrictions and run those commands on hosts not matched by any of the network specifications. All users of sudo are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
2dfbfa43bde13f32ff7b638eeb910225f286b002c9fd10e5b654f6375bb16e10
Red Hat Security Advisory 2012-1080-01 - The IBM Java SE version 1.4.2 release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit.
91d7fea7aa7d7b39fe7a3a9a4e3d7288cafa175bf77962bef334da06bf3382aa
HP Security Bulletin HPSBGN02787 SSRT100876 - Potential security vulnerabilities have been identified with HP AssetManager. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS) or unauthorized data modification. Revision 1 of this advisory.
3a95ced80b54f632acc33b495da9efb3cb17ee87e7e594f4fd56fadc39610792
Vivotek Cameras suffer from a configuration disclosure vulnerability that leaks password information.
d058e2a1787927c136f919f18b911e8101c71269a4d32b051967630ea19ce337
CakePHP versions 2.x through 2.2.0-RC2 suffer from a XXE injection vulnerability.
54d1c4dda8e08667e5b5c0da52af3bfbbf429c685ad10b6ddb43edebd154ffb5
Joomla web scanning perl script that gets the version, components and shows possible bugs.
0ab018e39405e6084e40c17103e2371d3366a4af2159ce098bae85b710b3f1ab
The site at http://eenmiljardseconden.frankdeboosere.be/ had a cross site scripting issue and resolved it. What makes this noteworthy is that they took the high road and rickrolled any future attempts. More sites should add humor to their fixes.
fab0483fa163dbeb5095052167d50d9d23809032c0545626a35845f4b78fa07e
DomsHttpd versions 1.0 and below suffer from a remote denial of service vulnerability.
df48c1ebd005e29be57fe7d977ca199ab00f6e3cc3896927df8c2e16e4d2d267
This Metasploit module exploits a stack buffer overflow in ALLMediaServer 0.8. The vulnerability is caused due to a boundary error within the handling of HTTP request. While the exploit supports DEP bypass via ROP, on Windows 7 the stack pivoting isn't reliable across virtual (VMWare, VirtualBox) and physical environments. Because of this the module isn't using DEP bypass on the Windows 7 SP1 target, where by default DEP is OptIn and AllMediaServer won't run with DEP.
cd224eb091bd83cac2f6867238fdeea0e253250295ed9b0257c0173e71de0311
Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
1701fc58dc21a0ecb6c45f4836abb5e380f5e8214af1f3d389ec0e35ee46a019
Blackboard Mobile Learn version 3.0 suffers from a persistent cross site scripting vulnerability.
b4e651e38bbb3294f231eb8e3bb086bfc5350b4b6edc00836d34547e9116fdee
PBBoard CMS version 2.1.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
3504eeef961d0a59f49c9ee08fb6ee83c790ce14364fa6fe2751a1e2eab9d1a9
SMF Board version 2.0.2 suffers from multiple cross site scripting vulnerabilities.
c9ae40521ca14dc1b3769503b4731284c9910f6abe411ca09d1b0b085880e22c
Lepton CMS version 1.2.0 suffers from multiple cross site scripting vulnerabilities.
a1950761b16455f0831bfaca8919628053e40986ef93c4860bbb883b3dd0f353
Event Calendar PHP version 1.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
3ad4f5c685a677a797142b6d779de69baf513ebfcb1464004b838916e0b78d0f
Secunia Security Advisory - A vulnerability has been discovered in ALLMediaServer, which can be exploited by malicious people to compromise a vulnerable system.
2d15928ca02a9e147baeb55fdf36818b8905cedb789ecfdf98da1ca1e2e82734
The Siemens Simatic S7-1200 S7 CPU start and stop functions over ISO-TSAP this modules allows an attacker to perform administrative commands without authentication. This Metasploit module allows a remote user to change the state of the PLC between STOP and START, allowing an attacker to end process control by the PLC.
209515171372e815da32934ab41fdd5f1c336d22022bec1c97308a5b5097d4c3
The Siemens Simatic S7-300/400 S7 CPU start and stop functions over ISO-TSAP this modules allows an attacker to perform administrative commands without authentication. This Metasploit module allows a remote user to change the state of the PLC between STOP and START, allowing an attacker to end process control by the PLC.
e012c156c46c53f51452c321377eed31d2bcff3d14db2c6ffe938003af648fc7
Secunia Security Advisory - A vulnerability has been reported in the OS Property Component for Joomla!, which can be exploited by malicious people to compromise a vulnerable system.
f9e3b1874472e88632b96d478e3b15d55c2bc5dd981e56f9f5d380567028a13e
Secunia Security Advisory - Multiple vulnerabilities have been discovered in WebPagetest, which can be exploited by malicious people to disclose potentially sensitive and system information and compromise a vulnerable system.
fd87428f3682d8025364f39b019e7f5f799d316cd6e2f42d8e249ff3790a4c3c
Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Post Recommendations plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
ca90b4ce831d56fc770f90865d0617bed25a593ba55ef043a73cd6249a2fc6cf
Secunia Security Advisory - A vulnerability has been discovered in the Resume Submissions & Job Postings plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
0d50d44a1244301017a1a9a8edfae0f73a36e58487abdfc53c1b891bc51e00b6
Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in EGallery, which can be exploited by malicious people to compromise a vulnerable system.
039d7bc31bf06b868c0631d46227b679112c5317d3c6f74977e7b9601f49c18e
Secunia Security Advisory - Two vulnerabilities have been discovered in WaveSurfer, which can be exploited by malicious people to compromise a user's system.
3741407959f58385cc03a82101cd9cc2c16bc53a310b3ef3a9b40dbf1bccd9c6