ClubHACK Magazine Issue 14 - Topics covered include JS Recon, remote thread execution in system processes, laws related to unauthorized access, and more.
b47bc778ce21c063531d13d3ebf7fc76d6956cca3ef9d4ff4c1a3ea0a0528468
Yourtube remote database download exploit that affects versions 1.0 and 2.0.
edb7da0635e196f101f0f8cf8a54626b1a63add8e5a59b932b3be91b65e62a6b
The VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free error in the WebKit library when handling certain iframe events, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 5.0.3 and below are affected.
80e96a9a3ad610f44e28f2afac84eacff444a571e1cc7649b9d31addcf586567
This Metasploit module exploits a chain of vulnerabilities in the Accellion File Transfer appliance. This appliance exposes a UDP service on port 8812 that acts as a gateway to the internal communication bus. This service uses Blowfish encryption for authentication, but the appliance ships with two easy to guess default authentication keys. This Metasploit module abuses the known default encryption keys to inject a message into the communication bus. In order to execute arbitrary commands on the remote appliance, a message is injected into the bus destined for the 'matchrep' service. This service exposes a function named 'insert_plugin_meta_info' which is vulnerable to an input validation flaw in a call to system(). This provides access to the 'soggycat' user account, which has sudo privileges to run the primary admin tool as root. These two flaws are fixed in update version FTA_8_0_562.
adc6990f1cf99e26413f21f398ece6121bbb6179c5ffc9a96eea0dee3107fd02
This Metasploit module exploits a stack buffer overflow in version 2 of the Kolibri HTTP server.
5149ddbaf7b1d3d9357540ac0e57dbcd18547c2741a0e179a370629a91a6669b
This Metasploit module exploits an unsafe Javascript API implemented in Foxit PDF Reader version 4.2. The createDataObject() Javascript API function allows for writing arbitrary files to the file system. This issue was fixed in version 4.3.1.0218. Note: This exploit uses the All Users directory currently, which required administrator privileges to write to. This means an administrative user has to open the file to be successful. Kind of lame but thats how it goes sometimes in the world of file write bugs.
d026ecdeb70b4e79e1a300231786aff558d631a15efcc80798eb6c642d176d5e
Secunia Security Advisory - Fedora has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
ea2fff12a4fe796dbfaa22faa263f0a062e8e80c5f93801adb5cf90792efcdd2
Secunia Security Advisory - SUSE has issued an update for MozillaFirefox and mozilla-xulrunner. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, cross-site request forgery attacks, and compromise a user's system.
7c14fd98b0eb669546a93a1b4972c8ee32c0e120e04bd687beb3bd32433e280c
Secunia Security Advisory - Gjoko Krstic has discovered multiple vulnerabilities in Constructr CMS, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
12c4acd5c158b69073458789a3665317c9ef34033f52418817883f09f125af62
Secunia Security Advisory - HP has issued an update for Java in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
16183ff247516388068e748441785cbe6f5f64556eb356c84c3c89a12ee3b316
Secunia Security Advisory - A security issue has been reported in v86d, which can be exploited by malicious, local users to bypass certain security restrictions.
d485c48684c9b4270980024b3113377cbdf45d30a4f983d40ad1caa4ebc6c276
Secunia Security Advisory - Debian has issued an update for avahi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
a3863cad8a6c9197eaeb267a54cbab088b9910ba7a409341a4087a5acab0c3cb
Secunia Security Advisory - A vulnerability has been discovered in the OPS Old Post Spinner plugin for WordPress, which can be exploited by malicious people to disclose potentially sensitive information.
55db445293a959f3516c3c8eee0a96ab5904b52c2ce33017335ef45bbccf832d
Secunia Security Advisory - halfdog has discovered a weakness in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.
20ec364f23438fd79c63e001d74cae7436cc5a6be51ba1a141d09c0624792841
Secunia Security Advisory - Ubuntu has issued an update for linux-source-2.6.15. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system and sensitive information, conduct a DoS (Denial of Service), and gain escalated privileges and by malicious people to conduct a DoS.
2b425f4b306f8542631264ce17abf380bd5c00e7c464c9ab40ae1680517b9bca
Secunia Security Advisory - Fedora has issued an update for phpMyAdmin. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.
e6a8588cabb081def402593c6ad77801fac576058d3e5c9bf03979f841a68c06
Secunia Security Advisory - Alexander Gavrun has discovered a vulnerability in Edraw Office Viewer Component ActiveX control, which can be exploited by malicious people to compromise a user's system.
20192103d872a78186c6b97cc66e5fcc2617503ef25e22875085763a10ac070e
Secunia Security Advisory - Secunia Research has discovered a vulnerability in Foxit Reader, which can be exploited by malicious people to compromise a user's system.
c1eb17d02428c235778c42a6967e0c1f9e09c830311af8ff28a03dfccfcb6b65
Secunia Security Advisory - Secunia Research has discovered a vulnerability in Foxit Phantom, which can be exploited by malicious people to compromise a user's system.
4ca16d1365bac6be2717d266827332d454e81ef9e72823b7145182487b591f19
Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM Tivoli Monitoring, which can be exploited by malicious people to cause a DoS (Denial of Service).
92e9b768bddc2cac3e86dfd6b5f2c4d0739332663f0b715e3192a66dc3dbd85e
Secunia Security Advisory - Two vulnerabilities have been discovered in bitweaver, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.
f2cd39209b7b09d8f2f41a6ea59317553c168833e4f497ba6e39fb04a9b1d718
Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Lotus Sametime, which can be exploited by malicious people to conduct cross-site scripting attacks.
1b7654ad00f6d1a69a91cb35934cb571c56dceb9c52e44181e2dd5e2607764cc
Secunia Security Advisory - High-Tech Bridge SA has discovered two vulnerabilities in the IWantOneButton plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
34b7ff789ba4a9d2f4c7709bfbdc03e6191a95d41d7bf4dce139ca9af0ebece3
Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM Tivoli Storage Manager, which can be exploited by malicious people to cause a DoS (Denial of Service).
586d85610f71a930725fd22911b60363afa98fb57196420894218013ed1aedd5
Secunia Security Advisory - A vulnerability has been discovered in the Recent Topics on Index page plugin for MyBB, which can be exploited by malicious users to conduct script insertion attacks.
2fe26d982c0c7de90e1c894ae151a279d53bbc4ca348da55c0c4379e3ff821f5