Red Hat Security Advisory 2012-0680-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime support for Tomcat. This update includes bug fixes as documented in JBPAPP-4873 and JBPAPP-6133.
db2cede27257c0c7eb5afeeba0d2abaa2a7c74f2786187c29b2569f1202cc6a1
Red Hat Security Advisory 2012-0676-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way the KVM_CREATE_IRQCHIP ioctl was handled. Calling this ioctl when at least one virtual CPU already existed could lead to a NULL pointer dereference later when the VCPU is scheduled to run. A malicious user in the kvm group on the host could use this flaw to crash the host. A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user in the kvm group on the host who has the ability to assign a device to a guest could use this flaw to crash the host.
5ec712624114bd7a62ded7e3e13e0b431d5a90f25d887258c19bd6583197a38e
Red Hat Security Advisory 2012-0678-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. When configured to do SSL certificate verification, PostgreSQL only checked the first 31 characters of the certificate's Common Name field. Depending on the configuration, this could allow an attacker to impersonate a server or a client using a certificate from a trusted Certificate Authority issued for a different name.
a11a5493acd610cf7f4bfdc27b2eba1d9d44ea753011012d38733b38292f077e
Gentoo Linux Security Advisory 201205-3 - Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Versions less than 19.0.1084.46 are affected.
10f3269225ee2b5121cb81d892a449b1a3c5f6359d02d9d6c253465d3cf99d98
Debian Linux Security Advisory 2477-1 - Several vulnerabilities have been discovered in Sympa, a mailing list manager, that allow to skip the scenario-based authorization mechanisms. This vulnerability allows to display the archives management page, and download and delete the list archives by unauthorized users.
37cb6256cfe6274a5cb1a1b9b1e0069e644afac7767a82dbb30bc47bf7edabab
Plogger Photo Gallery suffers from a URL encoded SQL injection vulnerability.
1d809b3e47f9bc73a1cdb2626975f37ede3807ab5c5a5139362dded3b11e4574
PHP versions 5.4.3 and below com_event_sink denial of service exploit.
f9e58d76235326111668e7a07024e4373c09a94c235cdd96324ef0f57eeebd16
phAlbum PHP Gallery Script suffers from a cross site scripting vulnerability.
723c6ef6661ac7169ced0e8dd7d0c1a433062a8a9b5a6efd4ad00d031c7e04c4
This paper demonstrates how to ARP poison a connection between Windows 7 and Windows 2008 R2 Server using Cain.
a751245239f622e54ca2416bab2aef9e2485eae6f6c4782fd8b7a36a98c54142
This whitepaper touches on various scanning tools and how to use them. It gives an overview of hping, scapy, unicornscan, nmap, and nessus.
b9b96dce3e65312296a5f09fbf2af8bba0ae3fa3b7a663daab2a541d4ede75d1
Zone-H posting utility that is multi-threaded.
b66e0936308863c1f7d366e259b553da4eb8876a94121e392bd577f7c622e4b7
ClubHACK Magazine Issue 28 - Topics covered include Steganography over covert channels, Kautilya, HTTPS, and more.
fa4e562c6088f8d7bac3bc27c440e7a9209a7ddcc897ce31f3cf1c2cfacc218f
Secunia Security Advisory - Debian has issued an update for pidgin-otr. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
206d43ebfdf0b584b8d36d4f724417825aec751080708b3dff1bf9664434cda7
Secunia Security Advisory - Debian has issued an update for sympa. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions.
74f8ed8986c0ab6c9b2dba44ff713dd9b1e72b15e08f6f05ae3fe3a3929b7713
Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).
bdb3adcf8e5d1c6a270ed8e4c34ba4b6760609af6f7ef8eaf8f6623562ede9b7
Secunia Security Advisory - Gentoo has issued an update for chromium and v8. This fixes multiple vulnerabilities, where some have unknown impacts and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
e6747b0e7f57f3f9926c44820daf559f6c943d337383c0a678ffd10d56d3f198
Secunia Security Advisory - OpenVZ has issued an update for the kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
61889c99252a9766b2a5d9a6b05e58bf82ad91479b7ef4f5518391489b346cf3
Secunia Security Advisory - Walied Assar has discovered a vulnerability in Resource Hacker, which can be exploited by malicious people to compromise a user's system.
05f3d0d2f4afd2a52625b30580d0b46bd45c44fc5bff96f106a36957460dbb7e
Secunia Security Advisory - A security issue has been reported in iLunascape for Android, which can be exploited by malicious people to bypass certain security restrictions.
3d982947ccd530967d72e8709da18e0c4a242698a739698220be334a6d6179ce
Secunia Security Advisory - Henry Hoggard has discovered a vulnerability in the LatestComment plugin for Vanilla Forums, which can be exploited by malicious users to conduct script insertion attacks.
91a4d3b5f22949aa86e71240f66963feccb61728608bd04c5f98c860240ae7ab
Secunia Security Advisory - A security issue and two vulnerabilities have been reported in Elgg, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.
a69945335feebec74112e8c5ff4b618945a21307bf4b14c8fced80c79ca1ef47
Secunia Security Advisory - High-Tech Bridge SA has reported a vulnerability in Serendipity, which can be exploited by malicious people to conduct SQL injection attacks.
9fe416e97a95b640789d5b3aca16d4e40de0211c0b90d2c00ea50ed377631295
Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in the JCE component for Joomla!, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks.
f78f7ebdc4e00d7222b5ce8dc0bfd8954efeb6dfd0ffdb18cd8d4b3759a851ea
Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
877125ae668f8de6d84f77a1d26ac683f5ba10b809e614ea8341c2a446d115e2
Secunia Security Advisory - Henry Hoggard has discovered multiple vulnerabilities in the AboutMe plugin for Vanilla Forums, which can be exploited by malicious users to conduct script insertion attacks.
47a889d353f0e584e1e7d03b0ba03e99c47be878c82be8d5001fa212f1dc289c