Group-Office version 4.0.71 stores credentials in the clear in cookies.
63d144d75532557bd4e2c7319685e0f502852e50757da183cc38c9429081c7c9
TCExam version 11.3.007 suffers from a cross site scripting vulnerability.
c2df81fe1434df8351dd6026e93abcd6a2dd042f7a15ef09a4566b27505d3ded
TCExam Edit version 11.3.007 suffers from a remote SQL injection vulnerability.
06af1b2a6fb8ed7abd5d25d460237c12fee5dc2b4cf699e07621727d30f9fc9e
Total Shop UK eCommerce, which is based on CodeIgniter version 2.1.2, suffers from a cross site scripting vulnerability.
5152d11e96f30211a557516deffd45d1b790edd8b739f21a1dd10b248c3997c9
ClubHACK Magazine Issue 31 - Topics covered include Tamper Data, Apple iOS vulnerabilities, Matriux Ec-Centric, and more.
a1ee74c3589ae4bf58768c3363b5b7224529e8dbca7f075937c393a8feb9f204
ProQuiz version 2.0.2 suffers from cross site scripting, local file inclusion, remote file inclusion, and remote SQL injection vulnerabilities.
cd96527f58d918d01dbe7ff75611b1729daf91b7449eeb441565cef7115b0a2a
Pure-FTPd version 1.0.21 crash proof of concept exploit that leverages a NULL pointer dereference.
c2280992211c9ea41ac2e2ddf61f4ee7e7455a52f000ddfb5f9302a7a81ccbc0
The Call For Papers for nullcon Goa 2013 is now open. It's the time of the year when they welcome research done by the community as paper submissions for nullcon. So, sip your coffee, dust your debuggers, fire your tools, challenge your grey cells and shoot them an email.
1a6082463e38b8465a0cf348d013c75a5c1276abd719ab4e2d1aec4ffee01c92
Mandriva Linux Security Advisory 2012-130 - slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. The updated packages have been patched to correct this issue.
15e682bf17192a767c067672be6251b9e0fad5a2b5601ea063b950e8a67a46ae
Debian Linux Security Advisory 2527-1 - Several vulnerabilities have been discovered in PHP, the web scripting language.
19d56ac85b34319b9d93e656f85139e1d5a6ad3686507f40c07541d97d990968
Red Hat Security Advisory 2012-1166-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0035 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
f780b0c2beb4f13cd5fd92b554dd4ba5fbcdbbc13f13e931837e863861773d32
Red Hat Security Advisory 2012-1165-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.3.0. It includes various bug fixes. The following security issue is also fixed with this release: It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.
60f263a40e9847b3704eea8775ecc38544cbf434846d76a7dc6b54f11d8bced7
Shopping Tree, Inc. software suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
710c6c5f6d8a0112ff32d4cd35417f5a21917d22421ec5fcd825351690c94a00