Interesting blog entry that discusses how a glibc alloca()-based memory corruption vulnerability allowed for code execution.
6b372618ec2a21f674080b0819cbfb4ca8ee6bc398a1fbc24854277dc3dca356
CA Technologies support is alerting customers to a security risk associated with CA Host-Based Intrusion Prevention System (HIPS). A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerability. The vulnerability is due to insecure method implementation in the XMLSecDB ActiveX control that is utilized in CA HIPS components and products. A remote attacker can potentially execute arbitrary code if he can trick a user into visiting a malicious web page or opening a malicious file. Versions prior to 8.1.0.88 are affected.
1165984f0f9a0bde4ed83ed6d3943f818df52123eeb80a2f91a7d5dce511133b
Brief whitepaper discussing some problems faced when using cloud computing.
53a9ee31b17b5b3f1bb3226bfed1a087dce450306c1cb4d89f1193b47f77a5a5
oclHashcat GPU hash cracking utility that has multi-GPU and multi-hash support. It supports dictionary-based and mask-attacks for hybrid cracking. Linux and Windows binaries are included.
19077748589c65f302bf68f488ac33ab55f6f1f62053087de4a1e3bbb3b370ce
oclHashcat+ Advanced GPU hash cracking utility that includes the World's fastest md5crypt and phpass crackers and has the first GPGPU-based rule engine. Focuses on highly iterated modern hashes, single dictionary-based attacks, and more. Linux and Windows binaries are included.
196a49145a9a65032b5a225b6d7fe9397b32670c984be1fa6e801a298e9d301d
Hashcat is a CPU hash cracking tool that supports multi-hash functionality and is multi-threaded. Linux and Windows binaries are included.
b12331b96592de8246e7b870d155e03f55fef7b9dd344dee58df68bc26a54e43
WordPress Plugin WP Forum Server version 1.6.5 suffers from a remote SQL injection vulnerability.
c7b1746f764a0391671ea7e4522b2b38265456d0acd3791d41efa7c1f4464db3
IWantOneButton version 3.0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
8fd8e8fa93009892023e743b3a25ba12ae97c562da5fd08139ae584c24e4372c
ParsCMS B2B suffers from a remote SQL injection vulnerability.
6f70533153c76d2dda079a151a910e2fa31786f7504bc9cd8686cc1acc35c39a
Cumulus version 6.x-1.4 for Drupal suffers from a cross site scripting vulnerability.
478e693b6cccffc031dddae6f788629a2591fc16323430c9645de745ebea9ff3
Mandriva Linux Security Advisory 2011-037 - avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service via an empty IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
b4edc2d48e2b118b538b66c07b71c4376fd7f4b19f502be783b104e4065ba609
WordPress plugin Relevanssi User Searches version 2.7.2 suffers from a stored cross site scripting vulnerability.
76749fc499c98e9eac65ec4bb7effa27387d7bc7dfdddba9afb3483a0f68f2ea
WordPress plugin GigPress version 2.1.10 suffers from a stored cross site scripting vulnerability.
60271d96a706125046c8d70c43a6ff00813e622943ff4ae8ee8dbfffeb923397
Elecard MPEG Player version 5.7 local buffer overflow proof of concept exploit.
e924badb6b079b6080a73804ebae6bfddae61d8bb4d1cbcdd18b7b2f41db3392
Novell Netware RPC XNFS xdrDecodeString proof of concept exploit that demonstrates an arbitrary code execution vulnerability.
9bee9619b110c9cc533ba4115cbc37e05b3dbe59c286619fd9d13cdafbbc7aa2
HAM3D Shop Engine suffers from a shell upload vulnerability.
6318c2a143d9918aa40288bbde3ac5ca7ae4a971c150af9e2777bc6404188cf3
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
4de4d18fc0472010c5289b7c509270a9628d2883314d90de3888b92ee68106a0
Victory FTP Server version 5.0 suffers from a denial of service vulnerability.
2f4e7d0cb8bdc8833fb1515569b0b34f64fa4dabc9566239341f150a14418ed2
Alcassoft's Sophia CMS suffers from a remote SQL injection vulnerability.
f085174405a2b16007a5d25d4727564e551ebdbbce238d9b5aa14f7088764c35
iPhone PDF Reader Pro version 2.3 suffers from a directory traversal vulnerability.
02569250d98ac973880f7a0c81ec18308ea71d7ca1f8682ab0cc5361fd1e164d
iPhone Guitar suffers from a directory traversal vulnerability.
4d6bbf24558d8c444994bad35d232a50db125fb42a1cb34a6c171395a16db4c9
iPhone iShred version 1.93 suffers from a directory traversal vulnerability.
2672bdf8a12f0f6096e4749c6433401c5e9cc241b2079f7198e3fa31e50cdc1c
Share version 1.0 for iPhone / iPod Touch suffers from a directory traversal vulnerability.
daadc08c54015704e382a999abca47cf30b3fb00299067ebb97ca7bdae7ea6e4
myDBLite version 1.1.10 for iPhone / iPod Touch suffers from a directory traversal vulnerability.
7186c249ee35d25c27247d782e3fc67ac4109256f4cd1668a8019d5c933e4b99
iDocManager version 1.0.0 for iPhone / iPod Touch suffers from a directory traversal vulnerability.
747557963d406362ded08fd7a7cd6e6045df00ee0ff22a5081d5a7f51a930ac4