WordPress Zotpress version 2.6 suffers from a cross site scripting vulnerability.
60782f41cea55e5e0a2c3ce9309ab66504f1a16250b8664f8735e2e80c0be95d
Ubuntu Security Notice 1074-1 - Multiple vulnerabilities have been discovered and addressed in the Linux kernel. Al Viro discovered a race condition in the TTY driver. Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly check file permissions. Neil Brown discovered that NFSv4 did not correctly check certain write requests. David Howells discovered that DNS resolution in CIFS could be spoofed. Various other issues have also been addressed.
f173020807305076d904d843200bcb5d00acee46687f271c4a2338df4358536b
eXPert PDF Reader version 4.0 suffers from a NULL pointer dereference and heap corruption denial of service vulnerability.
290623376432a2f10c80421fb38a2d32682190ff9321dac7e355092b1f5512ff
Ubuntu Security Notice 1073-1 - Multiple vulnerabilities have been discovered and addressed in the Linux kernel. Gleb Napatov discovered that KVM did not correctly check certain privileged operations. Dan Jacobson discovered that ThinkPad video output was not correctly access controlled. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. Dan Rosenberg discovered that the USB subsystem did not correctly initialize certain structures. Various other issues have also been addressed.
6ba8f6c6dc8aeeea6fd8953752f7beab7c32ebb9e112702d7ac851c16c79263a
Nitro PDF Reader version 1.4.0 remote heap memory corruption proof of concept denial of service exploit and advisory.
6f7251db7965fc6a2cb851fe9fe21e4f69d15e09dae81c217b971fb2bc6b0484
Ubuntu Security Notice 1072-1 - Multiple vulnerabilities have been discovered and addressed in the Linux kernel. Gleb Napatov discovered that KVM did not correctly check certain privileged operations. Dave Chinner discovered that the XFS filesystem did not correctly order inode lookups when exported by NFS. Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. Dan Jacobson discovered that ThinkPad video output was not correctly access controlled. Various other issues have also been addressed.
812b3e28ec2f6132fd1f95415c8a0227bd33b2de0533cab3591015f15aead3cb
GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
72da911bfc77431234e0bff1286afe803d438992f016d2dd1f846b745e94dabf
Ubuntu Security Notice 1071-1 - Tavis Ormandy discovered that the Linux kernel did not properly implement exception fixup. A local attacker could exploit this to crash the kernel, leading to a denial of service. Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. A local attacker could exploit this to cause the kernel to hang, leading to a denial of service. Various other issues were also addressed.
138f0d9acd9028b53e4c02afea0172fcf4090c982287a6d77f401f9155e9023b
This is a simple executable to shellcode converter tool. Video for usage is included.
615bb76846010e2d9b02e6e2405d54049a777f9250aebb20c701cbffbd929de8
Altigen's Gateway Service suffers from a heap overflow vulnerability that can be triggered by a simple nmap portscan.
75c19fef6c874b519ac2c9baf65be73e2f21b601e31e7302e468dff495e2082c
Joomla XCloner component remote command execution exploit. This component also suffers from information disclosure, local file inclusion, denial of service, and cross site scripting vulnerabilities.
bd1d11cc383f303dac4cb1520a59452b77f741b76b084b5ea0df94bb38723392
The Linksys Cisco Wag120n suffers from a cross site request forgery vulnerability.
dd16115896453d01f25228f86f2b3ddaef343f8a7937d67e06a50aa3bf8827de
Website By MIC suffers from a remote SQL injection vulnerability.
e4812b17d0b37e224f232c9974a3e6126178f549ad85888d440cc4cebcbf0b57
Prestashop Cartium version 1.3.3 - 0.246s suffers from a remote SQL injection vulnerability.
235ad64da715d21ee421f82520eb1abfa2e9936d9d965014f9cfda3d83de594a
glFusion CMS suffers from a remote blind SQL injection vulnerability.
002f00d412b223b8c47ffe2113ec5755cab7b22632218f1804e4baea4e8ae938
Pragyan CMS versions prior to 3.0 rev 274 suffer from code execution and remote SQL injection vulnerabilities.
8b9afe976dfc4540c9079a9bb30cb84209dbd90c3bd9da57324bcd80fe2a9762
web.go suffers from an insecure cookie vulnerability. Their cookie is modeled after Tornado which had the same issue reported on in 2010.
ee2dc2d011a705d23606558d2a5af6c6a4bbf9a22dfdf2f4a9697f1c61fde09f
RaksoCT Web Design suffers from multiple remote SQL injection vulnerabilities.
9aab71f6692e60a432af4d062c8c8dc8f477dc4c6ca13435df0be45adaec494c
iPhone MyDocs version 2.7 suffers from a directory traversal vulnerability.
fae04cfee781085d2fd6f8575af3648f4d7585f0588a5efb5b7bb8d73098d99c
iPhone iFile version 2.0 suffers from a directory traversal vulnerability.
aff27d1aa9bc27dc2109e98973b6ef23d319663bb2a0db4d43129ef37389f697
iPhone Folders version 2.5 suffers from a directory traversal vulnerability.
1062f972a62f2727426510070897b782cbcae9833e2586c9aff82fee5f8b0622
Edraw Office Viewer component version 7.4 active-x related stack buffer overflow exploit.
0cb6d86d4889168c48cf40d301af90cb71f2d53474310ed6503c5096390544cd
Cewolf - Chart Enabling Web Object Framework versions 1.1.4 and below suffer from a denial of service vulnerability.
8638638ee3109eed0bea5b2326a39b8428de034acd9b0f2f5efad8022120a4b1
WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
478a1566e4c6f7dc28d734eedcb6ba04390148a32396154c928a3e2488959054
PHPShop versions 0.8.1 and below suffer from a cross site scripting vulnerability.
a25bef9b70e1ce9498c17a7a5c93f602c1a3332be03b85ec863193217dd67c26