Secunia Security Advisory - A vulnerability has been reported in Heimdal, which can be exploited by malicious people to compromise a vulnerable system.
de71ca2a8ea24dafdc1a57e7ab07c06b75b25bf81db8f57d1bddbee632f6c95b
Secunia Security Advisory - A vulnerability has been discovered in GNU inetutils, which can be exploited by malicious people to compromise a vulnerable system.
caa1d2427111e5d8ed36f6b8cc613797bc04cc45d9a6f1bb8801ab96b0d33298
Secunia Security Advisory - Debian has issued an update for heimdal. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
a2ebc46d3000793cf059ddcfda602a2be3ccf1c3fc8adab653da5b5c4629aaa9
Secunia Security Advisory - FreeBSD has acknowledged a vulnerability in telnetd, which can be exploited by malicious people to compromise a vulnerable system.
216286f9074ec3da24abb06c04384888a6ea4fe08fe36b870a2a624119e454af
Secunia Security Advisory - Debian has issued an update for inetutils. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
597888135993d423afcca806e81d66232a0d5a9e479902dd90d110a289d25dbb
Debian Linux Security Advisory 2371-1 - Two buffer overflows were discovered in JasPer, a library for handling JPEG-2000 images, which could lead to the execution of arbitrary code.
378ae0ceefe4816301fc1cbd5602b9554680c22218691bc93c90385f418234a7
Whitepaper called Hardware Involved Software Attacks. Computer security vulnerabilities involving hardware are under-represented within the security industry. With a growing number of attackers, malware, and researchers moving beyond pure software attack scenarios and into scenarios incorporating a hardware element, it is important to start laying a foundation on how to understand, characterize, and defend against these types of hybrid attacks. This paper introduces and details a starting taxonomy of security attacks called hardware involved software attacks, in an effort to further security community awareness of hardware security and its role in upholding the security of the PC platform.
c7725f5f5155ccae730b5464c6855db0d3283f354981f52fcebb60c92127731a
Microsoft Windows Media Player version 11.0.5721.5262 remote denial of service exploit.
8f956aea0456c97de55561f1b85fde6e2d17e46339271b02a273569d29f09677
Putty version 0.60 null pointer denial of service exploit.
c0e5d6fed8a39f92e5fe93389c056c8233af29be9277250b0220f8dccc1f7f2e
MySQL version 5.5.8 remote denial of service proof of concept exploit.
e47dc3eb176f47a4d695cb60327c8ceca93506e42b7b61b174b504ddbbd485fd
FreeSSHD remote denial of service proof of concept exploit.
64ef29a432819a28b41d8f37b7d65cc811d1a982933c6caf1642e4ced0608e7a
Pre Studio Business Card Designer suffers from a remote SQL injection vulnerability.
c794f54bab399b0c0633492d18f99b818df6ffbe8246ade34257f886b2c02046
D-Zayn Web Design Access suffers from a remote SQL injection vulnerability.
a1ae391f129cbd6c64b9a123df61a7dcf6e5f853e2420e8d50108ee26be570cb
Whitepaper called Construindo Shellcodes. It discusses how to build shellcodes and use them. Written in Portuguese.
8a69b4c29cd9e658b54a12c337266f622bc5a9644d51ae9a62cf454b59fa26b1
GraphicClone suffers from a cross site scripting vulnerability.
7e386b1f62fdf95ab4f2156dbfe331cae9df9200886e6339cdf26aab4295c59f
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
044920c66eb9174ee0f01d8d37ac070092da5cf941fd368330fbbaac4a915a9c
Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
22120de712844b5d89a3f2924964c16cc86f96f2156ace7c3f551bd0d713c94b
This Metasploit module exploits a buffer overflow in OpenTFTP Server SP 1.4. The vulnerable condition triggers when the TFTP opcode is configured as an error packet, the TFTP service will then format the message using a sprintf() function, which causes an overflow, therefore allowing remote code execution under the context of SYSTEM. The offset (to EIP) is specific to how the TFTP was started (as a 'Stand Alone', or 'Service'). By default the target is set to 'Service' because that's the default configuration during OpenTFTP Server SP 1.4's installation.
10056b046a41d7587ed57448581e4849d5d597aefca473ec48c1a6dfbccc8913
Mandriva Linux Security Advisory 2011-192 - Security issues were identified and fixed in mozilla firefox and thunderbird. The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving removal of SVG elements. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors. Various other issues were also addressed.
74b1c50fa04b0741fdb76a94c0c90b30b2e95ec9554f1e5264d61525601acb44
This Metasploit module exploits the Oracle Job Scheduler to execute arbitrary commands. The Job Scheduler is implemented via the component extjob.exe which listens on a named pipe called "orcljsex<SID>" and execute arbitrary commands received throw this channel via CreateProcess(). In order to connect to the Named Pipe remotely SMB access is required. This Metasploit module has been tested on Oracle 10g Release 1 where the Oracle Job Scheduler runs as SYSTEM on Windows but it's disabled by default.
a5520991853dfba840715d948313a5ca0eee49a3177ec837c2761cf043b2c418
Open Conference Systems versions 2.3.4 and below, Open Journal Systems version 2.3.6 and below and Open Harvester Systems versions 2.3.1 and below remote code execution exploit.
c8514bceee7ade59cbec79ac89af4009e9637eb3d5dcbf7b21c50429755f0ec6
This Metasploit module exploits a SIP username enumeration vulnerability in Asterisk. Performs a REGISTER scan for numeric peer usernames having a nat setting different to global sip nat setting. Works even when alwaysauthreject=yes. For this exploit to work, the source port cannot be 5060.
54da0d99e312b44be212dc5220e9ea0fef3a31a1f8a4b91a6f8f48f53c53ca09
Secunia Security Advisory - A vulnerability has been discovered in Whois.Cart, which can be exploited by malicious people to conduct cross-site scripting attacks.
2a8873fd498e4864aec167d8bf600d099f08566136857d5e4a2f66caca79f71e
Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Managed Printing Administration, which can be exploited by malicious people to compromise a vulnerable system.
9a68c26e6c8423e9131753236ea182eab70f56400c1c0677734986cd0affde57
Secunia Security Advisory - Debian has issued an update for unbound. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
a5a00b15c00059d648cbd48c4ff05d6f977c75338250418f6a806ea9e05f5f03