Secunia Security Advisory - Some vulnerabilities have been reported in XWiki Enterprise, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
cdf67dedb37d2cc263be57fa2396f2e96004988a5c8a8954a5ff5071869752d5
DotDotPwn is a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.
dc08b1efa2acdffd376cece72189cb8862611ee023be690fd9a155d4b30878b6
Project Jug suffers from a directory traversal vulnerability.
79006997172966b54b187c9df26903a9b90e01cf14bbbdb15c5506e62367756c
Mandriva Linux Security Advisory 2010-218 - Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service via a long e-mail address string. A NULL pointer dereference was discovered in ZipArchive::getArchiveComment. A possible flaw was discovered in open_basedir.
37d3774ae0de303318f0471adca3f67d29f0f7aa433586ad23ec8e9b8b0107b3
The Elastix interface for Asterisk suffers from cross site scripting vulnerabilities.
3a094259a8cded44e43a66f5413a8ac6d7f4d9e204648efb752b610bda664c55
The cforms WordPress plugin suffers from a cross site scripting vulnerability. Version 11.5 is affected.
1e73fd19bd42e9d6d569ea3750b2bfb41338b03125cfcacefd4f28b8adc31117
Joomla! CMS version 1.5.20 suffers from remote SQL injection vulnerabilities.
c1a8027c02a7904543d3c4f495068510f261e40d351a5a4ca5cdf5ea614044bf
WebDM CMS suffers from a remote SQL injection vulnerability.
21069ec0eafb5e19f8171c8a800288657d183d7c9de707d294acf9f50370a9ec
Mandriva Linux Security Advisory 2010-217 - Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox. Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service by simultaneously disconnecting many POP3 sessions. Various other issues have also been addressed.
595ff091e6aa58234bddf6c637804c9a21aa3bffabdfb1bf41b586ca1b7c28a7
Whitepaper called SSLstrip - Hijacking SSH Sessions.
5745beeb039acdae1c1b52c5abaee2fc2df00243c3d75c72b00be26bbf9dc7ec
HP Security Bulletin HPSBMA02598 SSRT100314 2 - Potential security vulnerabilities have been identified in HP Insight Control virtual machine management for Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), Denial of Service (DoS), or cross site request forgery (CSRF). Revision 2 of this advisory.
8f5634d0fde0a1ad0b01cf4f0be355b4c8a0e89cd402bbb6c45fae9ab16bfdc3
Whitepaper call Binding the Daemon: FreeBSD Kernel Stack and Heap Exploitation.
731108acfa98e373bcbbecc7bde0ae45936a7487deb43212ee1c90225166071d
iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
7544e437d2222078b15e6cd063b521c6f1ec4dac49e6af9ba3bfece2a6a93445
Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice.
d90002b0e8944f4180373523d324d99075e30a5b373cf66771f1f9c1da3283c6
Scannedonly is a samba VFS module that ensures that only files that have been scanned for viruses are visible and accessible to the end user. Scannedonly was developed because of scalability problems with samba-vscan. Scannedonly comes in two parts: a Samba VFS module and (one or more) daemons. The daemon scans files and marks them when they are known to be clean. The samba module simply filters out files that aren't marked clean.
20601c0466034cc250ded1a16d737451cfbe05fbcaf4f667ff25fe004bd1340e
Whitepaper called Oracle Penetration Testing Using the Metasploit Framework.
5f83e34bb9fafd4e3e942567202ceb11434ef372ffb87749583ed54f98922e90
CYBSEC Security Advisory - Front Accounting version 2.3RC2 suffers from multiple cross site scripting vulnerabilities.
efa6ac5b099063be47c0cd241b664a1a44b372f719388710cb7a20410e240299
Whitepaper called Weaponizing Wireless Networks: An Attack Tool For Launching Attacks Against Sensor Networks.
c859b76bf4708da35aa34cb42017fa87e93cd3b846c3c42a7bbf3454cc857b6e
Whitepaper called DTrace: The Reverse Engineer's Unexpected Swiss Army Knife.
968e7ac92d1f5d154cc3f91794a6fb1b8e8e6e0ea781452fa6204c52a857407a
Whitepaper called Enough With Default Allow in Web Applications.
a402c62a351e33f918d7dc2a7fee65724f61d30dba91b99ef72c34678f7e283f
Whitepaper called Intelligent Debugging and In-Memory Fuzzers.
cfc1b0b99e77a91f3c6b2cd9dcbb873fb94901080b19135447424e67b0a48446
Whitepaper called Software Fuzzing with Wireplay.
cb44053cdc8d9fc90df948d6e5bd037aa99b3e841a178cf7781cf006a23c4dd8
XAMPP versions 1.7.3 and below suffer from cross site scripting and file disclosure vulnerabilities.
5074d9a88205305ade7bae520a91f91ef678952b22e07c1a77236a103c0faf43
HP Security Bulletin HPSBMA02607 SSRT100214 - A potential security vulnerabilities has been identified in HP Insight Control for Linux. The vulnerability could be exploited remotely to allow cross site request forgery (CSRF). Revision 1 of this advisory.
33f22963c0e27499e6f436f7c38c4463582cb0cd03bbccbe536a2a3596d8de2d
strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
0b3e461e185dea0e9e029574a0d97f44bc82fad91e8a5cfb3112cdc1879bad57