This is a simple tutorial that also provides a code example on doing a x64 xor encoder and loader for shellcode. hello_world, shell with setreuid, and portbind shellcode examples are provided.
01dd8d4138095d6e5cd36ad14d49a7c9867d04d3b19cf8010f5b4ffa35e94746
Red Hat Security Advisory 2011-1221-01 - Samba is a suite of programs used by machines to share files, printers, and other information. The cifs-utils package contains utilities for mounting and managing CIFS shares. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session. It was found that SWAT web pages did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user.
90ff6ef7c2e842e981186930845585a4ce7a06a0da969f9a3f5f611b5d11de4b
Apache Tomcat versions 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, and 5.5.0 through 5.5.33 suffer from authentication bypass and information disclosure vulnerabilities. suffers from a bypass vulnerability.
2ee8b9f61192ed9b6c238b4866e0eb6474b9a65b0900eb574304072c40570300
This whitepaper is an introduction to writing assembly on FreeBSD x64, specifically amd64.
7026fb1db70979122ca63df00e18bef6622a7e992588c6335c74246b6356cf34
Red Hat Security Advisory 2011-1220-01 - Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session. It was found that SWAT web pages did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user.
e9760fd558188de1a54f0616b4447ef1e4c3f61dd8e0e4e962b255930a150ba0
Red Hat Security Advisory 2011-1219-01 - Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session. It was found that SWAT web pages did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user.
5937696c9bd55e106006e37ce7137dfe26a1fa85701c6b3b20738adf722591c2
The Axway SecureTransport device contains a directory traversal in the '/icons/' directory. An unauthenticated remote attacker can use this vulnerability to obtain arbitrary files from the root file system of the vulnerable host.
1b3c5c1df5ff2ebfb4d989500a0c88455f9836ec0f3075c8f7d42816d3df5526
WordPress SH Slideshow plugin versions 3.1.4 and below suffer from a remote SQL injection vulnerability.
858a73020c238d3ee7c8b85b1895e08522176937230778d70a49dc689cc35d9d
DVD X Player version 5.5 Professional universal buffer overflow exploit that creates a malicious .plf file.
297631087aa6a81541fe0ea4492a17b7895adc65c6308082fa7154a95d6b4f6f
Zynga Cafeworld suffers from a cross site scripting vulnerability.
1de5054521841a8b4b7f9e1ce5d0edc67d02933eb806e248c8fa2d44e4d20cf4
WordPress iCopyright(R) Article Tools plugin versions 1.1.4 and below suffer from a remote SQL injection vulnerability.
455e13b885bf5838b4336a643244d6e3f05bc744602e084a853637fbd381d8d9
Mini-Stream Ripper version 2.9.7.273 universal buffer overflow exploit that creates a malicious .m3u file.
788af66ef6c41cf2bfcd7f5a8d10913075ba1df617514df4e25dc968f9859e09
Dienstplan version 2.2 suffers from multiple predictive password vulnerabilities.
a3b1ae5a968d69bc0d5fbf09c9a8eef18d7261dd23662e4cc9cb9ede23ef154c
Zynga Vampiresgame suffers from a cross site scripting vulnerability.
5ca4f7ae3958a37cb0dfedb149d2f403d39317d80e16e9ada9408d695cff8184
EIN-SOF Solutions suffers from a remote blind SQL injection vulnerability.
67ac2848ef6cc6b81220fbb4a95b0bf90e4485d7a50dba804015bef0a3587a14
Zynga Petville suffers from a cross site scripting vulnerability.
dc04e63dfe4b99e29c027ca6bf88c0fe84a065f6dfd3f43f820da1144504d024
Velaro Live Chat Software suffers from an html injection vulnerability.
4048939afeb642f142f711cdc2622a412945997a5bdfe0ec7a522d67e2862c49
Infomedya suffers from a remote SQL injection vulnerability.
39155afe90137dd18a85ffc61cedad58b11fa32313f4232e7c7af8077a416989
Plomp is a HTTP banner grabber script written in Perl that also sends malformed requests to the server in order to determine if the version information has been altered.
7046c3463928e49abe3a505f5061cd467763d59028f8751f33833e12e511ee9c
ClickCMS suffers from anti-automation and denial of service vulnerabilities.
2d1627ad6df96db1447b7a24fc5ea5962d82933b6f84c2ef928aa74dd8c66811
Secunia Security Advisory - SUSE has issued an update for MozillaFirefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a vulnerable system.
bf73fe42fb72c58901a512b508e673688f4a56aa7452ccabecb3d92b0ca19e30
Secunia Security Advisory - Miroslav Stampar has discovered a vulnerability in the MM Forms Community plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
ed908d2b03317f41b4fafe9810f2ccf919c7090b26a8152c90d437ec1a620f98
Secunia Security Advisory - A security issue has been reported in Ipswitch WhatsUp Gold, which can be exploited by malicious people to bypass certain security restrictions.
d36428285b8e6b5ea1baa3ee168a08bb5ab2943bf33d9b5a77bc38d58f880e75
Secunia Security Advisory - Fedora has issued an update for mingw32-libpng. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
9774b995508b994d6c59f85085edeed827091e1b6c2d54655652af5aea99c9c7
Secunia Security Advisory - Xerox has acknowledged multiple vulnerabilities in Xerox FreeFlow Print Server, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges, malicious users to cause a DoS (Denial of Service), and malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service) or potentially compromise a vulnerable system, and compromise a user's system.
745635d7da8e8c8636b7394db92b0059680060c85433e458775448dcbe65b423