This tool lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. The gadgets are found on executable segments.
7b2720f3dbe16ca49a3bd540789ef2bd
Mandriva Linux Security Advisory 2012-110 - Security issues were identified and fixed in mozilla firefox and thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Mario Gomes and research firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the address bar by canceling the page load. Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues. Various other security issues have also been addressed.
fe7347ff232f759e1925b05ce60f0f75
Mandriva Linux Security Advisory 2012-119 - High numbers of queries with DNSSEC validation enabled can cause an assertion failure in named, caused by using a bad cache data structure before it has been initialized. The updated packages have been upgraded to bind 9.7.6-P2 and 9.8.3-P2 which is not vulnerable to this issue.
f9530642686cb32cb7bb2fd45e7edcff
This Metasploit module exploits a vulnerability found in SharePoint Server 2007 SP2. The software contains a directory traversal, that allows a remote attacker to write arbitrary files to the filesystem, sending a specially crafted SOAP ConvertFile request to the Office Document Conversions Launcher Service, which results in code execution under the context of 'SYSTEM'. The module uses uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of SharePoint on Windows 2003 Servers. It has been successfully tested on Office SharePoint Server 2007 SP2 over Windows 2003 SP2.
aecf7d89719f33bb3c548cb8e12e80ff
Secunia Security Advisory - A vulnerability has been reported in OpenTTD, which can be exploited by malicious users to cause a DoS (Denial of Service).
912eb99b24fa420b5b0557039e92c520
Secunia Security Advisory - A vulnerability has been reported in keepalived, which can be exploited by malicious, local users to potentially gain escalated privileges.
30115035dbb3cdeae63824bc3d5f3c49
Secunia Security Advisory - Multiple vulnerabilities have been reported in Empire Server, which can be exploited by malicious people to compromise a vulnerable system.
d49dae21b89aa10ddf7056139767e0ed
Secunia Security Advisory - A vulnerability has been reported in GraphicsMagick, which can be exploited by malicious people to cause a DoS (Denial of Service).
8229dd9933f7297f562dea0a333d3a88
Secunia Security Advisory - A vulnerability has been reported in ImageMagick, which can be exploited by malicious people to cause a DoS (Denial of Service).
febffb40a79e232c234a80b2cf0328b1
Secunia Security Advisory - Ariko-Security has discovered multiple vulnerabilities in Oxwall, which can be exploited by malicious people to conduct cross-site scripting attacks.
de6c78847801266b29002268e4a443f0
Secunia Security Advisory - Multiple vulnerabilities have been reported in OpenStack Keystone, which can be exploited by malicious users to bypass certain security restrictions.
32b0bca37f6d5e029109b02956aaf15f
Secunia Security Advisory - SUSE has issued an update for rocksndiamonds. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
414e2efe9611a809c8b58b1d5ef3af43
Secunia Security Advisory - Some vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
919c34e22b5fc926cb17a6e2e96793a0
Secunia Security Advisory - A vulnerability with an unknown impact has been reported in VStar Blog Engine.
4e613adda58c87e8ba29573371b12880
Secunia Security Advisory - Brendan Coles has discovered multiple vulnerabilities in CuteFlow, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, bypass certain security restrictions, and compromise a vulnerable system.
4bcb2744e102d31029e177ac6a75d189
This is a whitepaper called Bypassing Spam Filter Using Homographs. Some generation code is also included.
9395f5bee432162375e37981ac30a2ac
Develoweb suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
a4df09b21fb4a7b751f4f43413c80b02
Scrutinizer NetFlow and sFlow Analyzer versions 9.0.1 and below suffer from bypass, cross site scripting, and remote file upload vulnerabilities. It also has undocumented MySQL admin users.
73d5828d4514d8fed50ab4579ea87f2b
eNdonesia version 8.5 suffers from a remote SQL injection vulnerability.
836ea9197be4ab16a7931ea849345337
Digital Whisper Electronic Magazine issue 33. Written in Hebrew.
53fc36c9efb059d360ea78ef433fb466
httpdx versions 1.5.4 and below suffer from a heap overflow vulnerability.
adab73920feaeabefb8c4347da2d42cc
This paper describes an attack of the iterated use of hashing functions used as key stretching algorithms where the state of a hash can be transferred to the next hash function.
474d91d129e29f695036dc70ede0344a
Proof of concept denial of service exploit for the zero length client id infinite loop vulnerability in DHCP version 4.1.2.
acd26c3b35f867f8759ed93617b5abaf
ocPortal CMS versions 7.1.5 and below are vulnerable to open URL redirection.
7a621a9b271953e210df9470cbd70e72
Various flash players, such as JWPlayer for MODx, Simple video flash player for Joomla, Poodll for Moodle, RokBox for Joomla, and RokBox for WordPress all suffer from a cross site scripting vulnerability.
b24214fa12493f0853af80eb6dfeec32