Ubuntu Security Notice 1182-1 - Yoshihiro Ishikawa discovered that the Samba Web Administration Tool (SWAT) was vulnerable to cross-site request forgeries (CSRF). If a Samba administrator were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands that could modify the Samba configuration. Nobuhiro Tsuji discovered that the Samba Web Administration Tool (SWAT) did not properly sanitize its input when processing password change requests, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
b5365411c65e521113377455a95fb0f5eb3b5f1438e32a7b5c8c7fb63e1875c2
Red Hat Security Advisory 2011-1106-01 - The kernel packages have been updated to address a vulnerability. A flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker on the local network could trigger this flaw by sending specially-crafted packets to a target system, possibly causing a denial of service.
d2511485720906fd14fc2a3f975c01b817038b49d64c90f52a352c78915e2b1a
Digital Whisper Electronic Magazine issue 23. Written in Hebrew.
808bef75f9f92f4a824dc27916a418683b3932202291c50b278dac977d0ed626
This whitepaper details the ins and outs of return-oriented programming and DEP bypass.
cd7c52e6aacd9baf229c258107646cd9b87b0fd8eebc7072ca57f5903e148874
System Werkform version 2.0 suffers from a remote SQL injection vulnerability.
885c01f00d03554a914bdbb499c296759662718182582d6ebcca7d7eb11dcc99
The Facebook mobile system suffers from a user enumeration vulnerability.
3019482c64ace86e5a5026e090506cf5b63a6a4f5f8fda853511567dad32241d