Whitepaper called Evading Antimalware Engines via Assembly Ghostwriting.
c69ca241db8929c1badf0a2febd49a571ceddd5755b5f32dd8ef44146ffadb5c
The Joomla Sgicatalog component version 1.x suffers from a remote SQL injection vulnerability.
7e6fab15f2a268c1137938fb9309a5f170d0acc7762964dcde58038e767631da
This Metasploit module exploits a stack-based buffer overflow vulnerability in the latest version 3.5 of TugZip archiving utility. In order to trigger the vulnerability, an attacker must convince someone to load a specially crafted zip file with TugZip by double click or file open. By doing so, an attacker can execute arbitrary code as the victim user.
dfd1d434ab7742db844f4361a73baede359a856715df5794ad3d96c86362e269
The WordPress WP-SpamFree plugin version 3.2.1 suffers from a remote SQL injection vulnerability.
872940395fb43562df8533fff00f33859bbff0de3b2f6bf1464c7f15e9cecc42
Red Hat Security Advisory 2011-1364-01 - The kdelibs packages provide libraries for the K Desktop Environment. An input sanitization flaw was found in the KSSL API. An attacker could supply a specially-crafted SSL certificate to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid.
42d57e16e44097171470596df1e3290bdb422e02da5b6b0fb5d50caa9a857888
Whitepaper called Bypassing Windows 7 Kernel ASLR. In this paper, the author explains every step to code an exploit with a useful kernel ASLR bypass. Successful exploitation is performed on Windows 7 SP0 / SP1.
5c3994059d8384faf17163e5cb49cd471cedb061f14e2c2b7ef3cdb5ce5724aa
Cudoma suffers from a remote SQL injection vulnerability.
e43b96a3f7c6d5efacbe109185cff4c7644460261e78c88c815c2a5b219d0b14
Ubuntu Security Notice 1227-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Various other issues were also addressed.
87d2aaa8ca6ba6b00c9ca09b32765eba40fef19b74fb5429c7386a7141501ba4
Joomla JCE component version 2.0.10 shell uploading exploits written in PHP and Perl.
d1b4ac29ebde769a56c277231425f66928d9b1ae143eb1a76b6b2460dab7671a
ZOHO ManageEngine ADSelfService Plus version 4.5 Build 4521 suffers from an authentication bypass vulnerability.
f77c06fcc32f7f659b5cbeae7e9a84e98c2c34c9153d7d9897701d57dfb559d4
Filmis version 0.2 Beta suffers from cross site scripting and remote SQL injection vulnerabilities.
635cc0c5fedf63470616e91144d46f5e705d459606e1f8eeb7bcad7f9a9506eb
Filmis version 0.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
8b210a5c19e2f2ecfeb38873657519516d2e8337db4f6e5866e719b7d761b20a
HP Security Bulletin HPSBMU02710 SSRT100601 - A potential security vulnerability has been identified with HP Onboard Administrator (OA). The vulnerability could be exploited remotely to gain unauthorized access. Revision 1 of this advisory.
8224be93c871c8c41eb80eb778a040f90039abdc72505dc40639b6913e85eaa7
SilverStripe version 2.4.5 suffers from multiple cross site scripting vulnerabilities.
f4b756b891416720dcce945f3a627a076dbfa53794a000265f292275c636a60d
Contao version 2.10 suffers from multiple cross site scripting vulnerabilities.
eba693da943cfa776b5b0ec54e3b955c461838891e36136ceb646cd40b62344d
ABUS TVIP 11550/21550 suffers from arbitrary file read, file upload, and command execution vulnerabilities.
2f51d4760c8bd61052e7053ffd77dd4337c961386e2656f7ff4271440419c1b2