Ubuntu Security Notice 1452-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
1743e5e0d5cc2c51eea82b08fd5a2379a2483478b76cb54de2e7c2aec5d7e59f
Ubuntu Security Notice 1451-1 - Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). It was discovered that an integer underflow was possible when using TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.
c2d728621ad0692803f2775f1741405360b7d473c41ea474fa8427075d3d957a
DynPage version 1.0 suffers from cross site request forgery and shell upload vulnerabilities.
37621a0070cbaef6aa5d4f64bb886aef4c1af19162680673b6c79897100c5b03
Secunia Security Advisory - Astaro has issued an update for IPsec. This fixes a vulnerability with an unknown impact.
c2d0a69e4b51e595af1b3bad527d9683450cdb2471261fe7ab64b6f3a1b844d8
Secunia Security Advisory - A weakness has been reported in PyCrypto, which can be exploited by malicious people to conduct brute force attacks.
5f2d792f0678900743f9df4aa9e9530a0e4003f8e23b1989f7e10265d0d39e33
Secunia Security Advisory - A vulnerability has been reported in dotCMS, which can be exploited by malicious users to compromise a vulnerable system.
25eae5750d2834fb8e3079d5d6af05076a0ec2412dd6392f27ce72e2dd790185
Secunia Security Advisory - Tiago Natel de Moura has discovered multiple vulnerabilities in SocialEngine, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and request forgery attacks.
e124c0d562158eaaac866756fd5c64449c84ace9ff0384849a08d12c68d65cdc
Secunia Security Advisory - Multiple vulnerabilities have been reported in the Search API module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
44ce1f3c1fe56a9a2c5cbae8339e227a89bd710bc0e79daeb8adf7af74ff21fa
Secunia Security Advisory - A vulnerability has been reported in Apache Commons Compress, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.
e1758af41f3ed887f3c0c4afbd3927d225129ce4148fbbb73309128a76056389
Secunia Security Advisory - Apache has acknowledged a vulnerability in Ant, which can be exploited by malicious people to cause a DoS (Denial of Service).
aec6213039755eb3445fa4ddca1d4af1ee1154545ed2970322958184ea5ba2f8
Secunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to compromise a user's system.
2d6a808c3d9d5cd84a8a28db0274894cf44f7279351616685fd52fea7c935283
Secunia Security Advisory - SUSE has issued an update for cobbler. This fixes two vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site request forgery attacks.
9b2b777076f0077659ec329d9c211e8f33c419c5815f5bc8b059ee6bee3fb43c
Debian Linux Security Advisory 2480-1 - Several vulnerabilities were discovered in Request Tracker, an issue tracking system.
4d0921714e92a3caf9ffbb786ca18511edabedc064e7f7072f96aa34077367e0
Social Engine version 4.2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
0fa6f5de7bdbe3290ed0ede01f2bace1adff3a4674976586858e62e0e8ba2d18
Apache Commons Compress versions 1.0 through 1.4 and Apache Ant versions 1.5 through 1.8.3 suffer from a denial of service vulnerability. The bzip2 compressing streams in Apache Commons Compress and Apache Ant internally use sorting algorithms with unacceptable worst-case performance on very repetitive inputs. A specially crafted input to Compress' BZip2CompressorOutputStream or Ant's <bzip2> task can be used to make the process spend a very long time while using up all available processing time effectively leading to a denial of service.
764b4680811098ad5654daa7aacc0274f9de6ab81bef5b8286b792367f7e802c
EMC AutoStart contains multiple buffer overflow vulnerabilities which can be exploited to potentially cause a denial of service, or possibly, execute arbitrary code within the context of the affected application. Versions 5.3.x and 5.4.x are affected.
1d0445ba9e2d754fa11ecd05aaf43d0b4ef3dc02e0430db42104435fd5421234
Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed.
b4728ca55ce3cfd40444a11b5acd5298ece8e9bf6c775569b96cc5d90bcd9a33
This is a presentation called Uncovering ZeroDays and Advanced Fuzzing. It has one PDF of the presentation and one of the full script used during the presentation. This was presented at AthCon 2012.
ed4e76db85a1968d96d0b168a230dcf62722f0fc8e23574007b3bcc95e50099c
Wireshark versions 1.4.0 through 1.4.12 and 1.6.0 through 1.6.7 suffer from a DIAMETER dissector denial of service vulnerability.
e6f77a65be835da3e603a103f2c0bcabc8223ab38cfca9aa785e589fc21ac947
Wireshark versions 1.6.0 through 1.6.7 and versions 1.4.0 through 1.4.12 suffer from multiple dissector related denial of service vulnerabilities.
e3de518339a43d0a5f512990af923fedfb53c8e45b810e538dc48e45374c8f12
Wireshark versions 1.6.0 through 1.6.7 and versions 1.4.0 through 1.4.12 suffer from a misaligned memory denial of service vulnerability.
6f40723d1c25a14ace173c31accd9416895fc2c1be2de9994389ad008ea69ad4
Jaow versions 2.4.5 and below suffer from a remote blind SQL injection vulnerability.
17bcc9a70dabb36b21745a5acce3fd83ccd2bda58d99ebddf8329eeee0b55a99
bsnes version 0.87 suffers from a denial of service vulnerability.
27d8383734f9c7ed9fc5d3b879938acc56c7b08d1cdc6b9cc4f08bae17606375
Mandriva Linux Security Advisory 2012-080 - It may be possible to make Wireshark hang for long or indefinite periods by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.
10a172fbdd9a1956fcadc521595975f06bf508f0c5f7cc83e8e96be95744ada7
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
5a829776586783c6e948605b05d02fbaa7cc8b630bf68572c37757028b44c81f