This Metasploit module exploits an uninitialized variable vulnerability in the Annotation Objects ActiveX component. The activeX component loads into memory without opting into ALSR so this module exploits the vulnerability against windows Vista and Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX points to part of the ROP chain in a heap chunk and the calculated call will hit the pivot in a separate heap chunk. This will take some time in the users browser.
d1cef6f9fc00e9c87f66184e541a23b487e22d0bf005602e5a91c795be80bb5e
Ushahidi version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
241319ea6222ca5dedc1691b5c96459723af8e4203c53b1e76c9e8ca8739ff4b
Mandriva Linux Security Advisory 2012-058 - curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate the problem. curl is vulnerable to a data injection attack for certain protocols through control characters embedded or percent-encoded in URLs. The updated packages have been patched to correct these issues.
6c85f20b4131fa33986edd84817e884952953310762c6a2e6f462a08eee4cb99
Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.
2f2b314e398333a3e601f5345e342e8e86e10daced4ff3b39b3cdf6e5b210dc5
AC PHP eMail version 1.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
4d53f59f85a1f395b81b8c22507307ad871a76fb17050431dac83c5297290fc6
C4kurdGroup CMS suffers from a remote SQL injection vulnerability.
50cda04219b02a5c7bb4e5b0665becea0a288369ec91973a74dd4e3af3014838
Bioly version 1.3 suffers from cross site scripting and remote SQL injection vulnerabilities.
b887f59cc439e8033ce0ff26831d50898fb73ef942a80ccb56fa217a197cf234
McAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included. Squid is only vulnerable to the attacks if the filtered site is using SSL.
fd5a23a84846044a1ea5a10e1231aba1d4783081f27119ecd5de07b7485b6ad5
Many people use telecommunications provided SMTP to SMS/MMS gateways to send out sensitive data. This paper looks into encryption (or lack of) covered by these types of public access SMTP to SMS/MMS gateways and services.
4a7ee04849235d3e90c1270eb15f6e24884ab471f7c7606cf34bb4f9587f746b
This is a detailed paper on building your own WAP and Wireless IDS system from scratch using open source tools like Kismet, Snort and Sagan.
e8493f6ce980099203e0171a505425a6fd32193451e07cab0cf78651fc5eb149
Ubuntu Security Notice 1423-1 - Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user.
704df03b3052c8f11de9921496d8a6951e3b0ae29b75bbbae2c06a4435a51f7a
Debian Linux Security Advisory 2451-1 - Several vulnerabilities have been discovered in puppet, a centralized configuration management system.
35b59b4216bedd63d45392644a9587d40ba5845a85bf2717988463a587882a20
Red Hat Security Advisory 2012-0478-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user.
18abb32cf9211542fd5a4c9fa789e88cd4d5530dd19accafd5056d840cd3a798
Secunia Security Advisory - Multiple vulnerabilities have been reported in Pale Moon, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.
394bb598632f8c32c0247dcf4987176a79d1415c706a0b63d0be4d840bc6b6f2
Secunia Security Advisory - Multiple vulnerabilities with unknown impacts have been reported in IP.Board and the IP.Gallery module for IP.Board.
f70a3cc5583804489a199235486d3b83bb07ea0c697e5fc645c930223be30f76
Secunia Security Advisory - A vulnerability has been reported in OpenJPEG, which can be exploited by malicious people to compromise an application using the library.
702bb8c0491866c7f2449b2fb1bdbe313de0ca343a1bf6b8779d434644f105fd
Secunia Security Advisory - A vulnerability has been reported in Wicd, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
989512c2e534ec7ea6a9c5d7cd02a3747ed836956a50bb3b700f958670d31407
Secunia Security Advisory - Some vulnerabilities with unknown impacts have been reported in CGIProxy.
3a1e41b6f80ee622670952fdacaef4048ce5c0798852a3524fc2f2b5f1f9ba9b
Secunia Security Advisory - A weakness has been reported in the Fivestar module for Drupal, which can be exploited by malicious people to bypass certain security restrictions.
b3daaefebd484fb1b580a23589576f76a84a22af3167aedaed7e0c2dc9354c7e
Secunia Security Advisory - A vulnerability has been reported in Minerva Infotech CMS, which can be exploited by malicious people to conduct SQL injection attacks.
e80319c433cfa4360acff2ff21a8f8a96fdc098a2ad3d549298056d35554d619
Secunia Security Advisory - Ewerson Guimaraes has reported some vulnerabilities in Tufin SecureTrack, which can be exploited by malicious users to conduct script insertion attacks.
08f4490a9b4ebc15d947227eab0b6b5c722f7359dc1585c1bbaf7b0aadb50345
Secunia Security Advisory - SUSE has issued an update for freetype2. This fixes multiple vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.
94abfde66156b8760e23e369c58855464d5d1931bdfbefdb60a2d142a464c839
Secunia Security Advisory - Luigi Auriemma has reported multiple vulnerabilities in atvise webMI2ADS, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).
f1668a474e9434631c8ee7e521bb5c9e6c0b642eee6fda7d2d823f7b173c3a78
Secunia Security Advisory - Red Hat has issued an update for tomcat6. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
d29db4b90738a6929107a62a2ad75590a3f5eec120810f3f082594d0a419e8c1
Secunia Security Advisory - Debian has issued an update for sqlalchemy. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks.
82b66988b14fdf3feb4c27d0cad3b3ad08b60dbe5b6135d2d5e0785db55cd9ff