An issue with RSA Adaptive Authentication (On-Premise) was discovered which in certain circumstances might affect the Device Recovery capability and Device Identification used by the defined policy.
6ff0906cd0a9a6a6154410f613b726bbb204a06a00455e14ef18b111baa522f6
Zero Day Initiative Advisory 11-346 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes a shape record hierarchy. Due to the application not properly checking the types of elements within containers, the application will incorrectly modify a property of the object. This modification can be used to cause memory corruption of the type which can lead to code execution under the context of the application.
e70a0b6b137b62f85620a58469fdf28c264299614af24c86f139d85673534a41
This bulletin summary lists 13 Microsoft security bulletins released for December, 2011.
18ad451024fea8e2036982e74af239ca16bc99787de18705168bc1182e6c63ea
Pulse Pro CMS version 1.7.2 suffers from a reflective cross site scripting vulnerability.
7ac8b17da44b732b9b90bd09f91ffc20f29f62b91f7658435d9276d8d927ea3d
Ubuntu Security Notice 1305-1 - David Black discovered that Nova did not properly perform input validation during image registration. An attacker could exploit this by registering a crafted image using the EC2 API or S3/RegisterImage method and overwrite files as the nova user.
f84f44b31aadbdecd709f8bf9fc1bd56df308540113ec0f59b7e4946f5bb2641
Faculte suffers from a remote SQL injection vulnerability.
b1f51062912e66889bce1041634f968380ede406aedf5e9975d55ab092099082
Two additional open redirects have been discovered under google.com.
bbfc0a480b7dc05e10c1976807a555b3da5b314d4ad5afc42fb6f791b6f5330d
This is a follow-up document that discusses exploiting the glibc __tzfile_read integer overflow to buffer overflow and leveraging Vsftpd.
9fa157a07080306dfb186dfc7d65fae1fe12c4ff8c7beeb94a90bd9698026603
This is a write up that discusses exploiting the glibc __tzfile_read integer overflow to buffer overflow and leveraging Vsftpd.
aa2f52177ccb0dba0def1cbf1e6bb31a25c445b615e0289658b51067f794493e
Ubuntu Security Notice 1304-1 - A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. Scot Doyle discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. Various other issues were also addressed.
6d2a20967eadf3aba427c6e36f59f62b119e6c705633091d9326357f7fb00aec
Ubuntu Security Notice 1303-1 - Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. Various other issues were also addressed.
12c1953500d71f26c59ebcdc9a73ed35de3b2b65402d19d430823d934b100a8e
This Metasploit module exploits a remote stack buffer overflow vulnerability in 3S-Smart Software Solutions product CoDeSys Scada Web Server Version 1.1.9.9.
9380ae1d770450dec8ad28bbf0b92b9e420e8cda38119169c69b13c41f6b845a
This Metasploit module exploits an arbitrary command execution vulnerability in Traq 2.0 to 2.3. It's in the admincp/common.php script. This function is called in each script located into /admicp/ directory to make sure the user has admin rights, but this is a broken authorization schema due to the header() function not stopping the execution flow.
dffc7356e911b26d771f5011bfe215352e628f842cedc4e8945c25cf29569ed8
This whitepaper is an analysis of Facebook spam exploited through browser add-ons and extensions.
91576af3134da07c2321d8ec9dd4396eead6ebe286c6b3d979382854cf8fb814
Ubuntu Security Notice 1302-1 - A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. Various other issues were also addressed.
c12d1ac14c6a1deacb430f530bad9934b8dd23b2ac72d692da1422fe585dfd31
Fork CMS version 3.1.5 suffers from multiple reflective cross site scripting vulnerabilities.
ce9a1264ed0a258fa8e69b7087ad7b548a63a7017062b50ae45a1bde1d9dbc79
Whitepaper called Unprotecting the Crypter, a Generic Approach. It discusses how crypters work and unpacking malware.
937196e8fab2e4560c58ff7b754f08781822ad6da74fc0f1e72386234ca1d6ef
Secunia Research has discovered a vulnerability in Sterling Trader, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in Base.exe when processing network requests (code 176). This can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to a certain TCP port. Successful exploitation allows execution of arbitrary code, but requires guessing the TCP port, which is dynamically assigned. Version 7.0.2 is affected.
4bba5165e1e1a29e14507788d3f4a83164273e1104b6b0be79ccc37695952d76
Ubuntu Security Notice 1299-1 - Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. Various other issues were also addressed.
dd49738f3b31a161fdf267ef2d52086ca3d699a28a01af294cf1352dcb5d5daa
Ubuntu Security Notice 1301-1 - A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. Various other issues were also addressed.
df053b32fc395fc3b94d1f22ffaff0def1d3243827b64674a61ed5aae30b4d53
Ubuntu Security Notice 1300-1 - A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. Clement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. Various other issues were also addressed.
1fc7f990b9172fbe0e94f350e2a02fb9c5aeb94ca6f4c4f5af3fb373b94fee5a
Secunia Security Advisory - A vulnerability has been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system.
5275138bef0d3b310d70091bc19119dab7e26922df7ce952bdf31404b4cbff35
Secunia Security Advisory - Ubuntu has issued an update for linux-ti-omap4. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to cause a DoS.
c5343b3d5a14c559b97c0562b6521c9952eaf490dc1a5c60f879a3ef53923042
Secunia Security Advisory - Ubuntu has issued an update for linux-fsl-imx51. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.
a63a41e8f14147c666b7b67f33d7f9032775bd2b0e396a28b3a23e93ec9630d3
Secunia Security Advisory - Ubuntu has issued an update for linux-lts-backport-natty. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.
0e72ca798c8a0e7bdb723135fdb5aa24ab3aebc9c1f2168166dba4cde3a8dd9e