Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges, by malicious people to cause a DoS, and by malicious people with physical access to potentially compromise a vulnerable system.
71925c8d31fd9cd4679982b545baa1c67928235b1c90231e5426bb83b03f9595
Secunia Security Advisory - Aung Khant has discovered multiple vulnerabilities in Elgg, which can be exploited by malicious people to conduct cross-site scripting attacks.
6bf278a319d272bfbe4242f74262cb9c942bfb684f70e1139b2fed8afd7b4dac
Secunia Security Advisory - A security issue has been reported in Android, which can be exploited by malicious people to bypass certain security features.
2147e1dec52f94edb8905c6903d2a474d2c4b7674b79c3aa50949adfa8246c5e
Secunia Security Advisory - Red Hat has issued an update for foomatic. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
2fb5598cc26356cfe0b080d8905f61570812589e326e2c4f68d5e5398ba8d154
Secunia Security Advisory - Fedora has issued an update for java-1.6.0-openjdk. This fixes a security issue, which can be exploited by malicious people to disclose sensitive information.
b00544c015021e7ace5a0139c812f7b51ad473415b7c26adfa92d10893c55659
Secunia Security Advisory - Red Hat has issued an update for foomatic. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
13825ca021fd7c993ce0dfd7a95ee3210cf55eee7d81cda398e456ff66da2088
Secunia Security Advisory - A vulnerability has been reported in ZoneMinder, which can be exploited by malicious users to disclose sensitive information.
54c422ee6d7e81e49d0524043d0fb7947768ffa767a8833aa4098ff5c27b0de1
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
45c3c379ea82e46d8efef9cbbe0afa8ae8df98e50f2642afcea84a86c83c5a50
OpenSSH with gssapi-with-mic support suffers from a resource exhaustion vulnerability. It is possible to provide any value to the xmalloc() function, which is a simple wrapper to the malloc() function. This forces an application to allocate a huge amount of the memory (4GB?) and naturally exhausts available resources. Repeating this attack, by simply open many session, can kill the server.
65e738aed80888821cfc7b7291b21f403013fd57e28e24c9a17233bbb9662c26
Red Hat Security Advisory 2011-1111-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, the Extended Update Support for Red Hat Enterprise Linux 5 Update 4 has ended.
6ee296df7b45070ab8464e5d8c2d287f2d4b7b6258527ebc32c356cf083971a7
This program listens for sound. If it detects any, it starts recording automatically and also automatically stops when things become silent again.
ae08c0b3cfb4c38eaa0188b375c0e4c868f66c5706e33d33e210cd0320e035bc
ZoneMinder version 1.24.3 suffers from local and remote file inclusion vulnerabilities.
f2bd0793497381b0784b61112281cc17821105867892da3745ddfa649c8ef724
Red Hat Security Advisory 2011-1110-01 - Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. foomatic-rip is a print filter written in C. An input sanitization flaw was found in the foomatic-rip print filter. An attacker could submit a print job with the username, title, or job options set to appear as a command line option that caused the filter to use a specified PostScript printer description file, rather than the administrator-set one. This could lead to arbitrary code execution with the privileges of the "lp" user.
bf2a0d2891b928c7b977295661c8fff476228de2eb96064d02635d55f69b5f8b
CMSPro! version 2.08 suffers from a cross site request forgery vulnerability.
8f5e6f4675a3b0935ec4eef5a3d6e448ddc6311dcf82937862badcc119d7e112
This whitepaper gives a short inside of hacking Mifare Classic. Mifare Classic is a inexpensive, entry-level chip, based on ISO/IEC 14443 Type A, 1kB or 4kB. It uses the 13.56 Mhz contactless smartcard standard, proprietary CRYPTO1 with 48 bits keys. There is no protection against cloning or modifications. Anyone with 50 EUR reading can use this weakness against their infrastructure. This cookbook is a proof of concept demonstrating how easy it can be done.
34058b51ffe60be571159ae28553f0c9800c257cd29526503c9bdf9913b6d848
The abc.go.com site suffers from a cross site scripting vulnerability.
b1f269845ed280cb2f3cb12b4bfc595e165e2f5514fe02cb64bc8c8e4e7ec2fd
The cn.zynga.com site suffers from cross site scripting vulnerabilities.
b7ede883c20891e329d37c0bde83d20e5075925917faea94fb9577c7be2fbb4a