This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer (MSIE). When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner, but the same memory is reused again later in the CMshtmlEd::Exec() function, leading to a use-after-free condition. Please note that this vulnerability has been exploited in the wild since Sep 14 2012, and there is currently no official patch for it.
66f9396f0db135d2fa969a6675b705145fd8d9a8e475df6ffb4eb653d1a76be3
This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.580. The vulnerability exists in the /file/show.cgi component and allows an authenticated user, with access to the File Manager Module, to execute arbitrary commands with root privileges. The module has been tested successfully with Webim 1.580 over Ubuntu 10.04.
d7e27005cef2dea975ee0263e61102bda3d07c173825124a4099ef2ae10c8605
Spiceworks suffers from multiple stored cross site scripting vulnerabilities. The issues are triggered when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Versions 6.0.00993 and 6.0.00966 are affected.
4ce5933102d2ccf865d7267ad00d42bf306c382f9f03e4434c196f2d1258452f
This paper provides an overview of a new hardware security feature introduced by Intel and covers its support on Windows 8. Among the other common features it complicates vulnerability exploitation on a target system. But if these features are not properly configured all of them may become useless. This paper demonstrates a security flaw on x86 version of Windows 8 leading to a bypass of the SMEP security feature.
10a2d51d5bfd486134d95d8b2224eca2ab57042d0d379ba4799ab901aa84e922
TorrentTrader version 2.08 suffers from authorization bypass, cross site scripting, path disclosure, and directory traversal vulnerabilities.
7185dd5b6ed5a821ecd9a5ec901d5d961227f2ab65af5e4ed90e84f1cd946946
Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious people to cause a DoS (Denial of Service). However, no checks are performed by a function in iCalendar to ensure that the supplied date-time string is longer than 8 characters. This may result in an out-of-bounds read access violation, causing GWIA to crash in case a shorter date-time string was supplied via e.g. an e-mail with a specially crafted .ics attachment. Novell GroupWise version 8.0.2 HP3 is affected.
47079011e77d4b03dcf622040e29f04c46c08e437a5ae7d2a92d9802266de359
Novell Groupwise versions 8.0.2 HP3 and 2012 suffers from an integer overflow vulnerability.
f82e2a8cfbd871bf746381353b9d597a48d059ad35b2d45116b4b230fc917e0f
Netsweeper WebAdmin Portal suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Note that most of this data released back in July of 2012 without the SQL injection information.
334e61b447c540bdcd2f46a9286fba1fb02a185a296fb66758697dd81cba3c6b
A local buffer overflow vulnerability has been found on the NCMedia Sound Editor Pro version 7.5.1. The application saves the paths for all recently used files in a file called "MRUList201202.dat" in the directory %appdata%\Sound Editor Pro\. When clicking on the "File" menu item the application reads the contents of the file, but does not validate the length of the string loaded from the file before passing it to a buffer, which leads to a stack-based buffer overflow.
a1f0e2a2be8b3403de464902a0d925d7567541a522d8d12be77fb9410aac9104
LuxCal version 2.7.0 suffers from cross site scripting, information disclosure, and local file inclusion vulnerabilities.
503bd9fd609f08e15c9a8ac9ee45ba2ebf9dfbf41405bb3bcf3614423544d6dc
FreeWebshop version 2.2.9 suffers from cross site scripting and multiple remote SQL injection vulnerabilities.
f0f154ab364674f14b5f153465e8811cc06e2b9b2d41a40b64d7cf47db4d65cf
This toolkit houses various IPv6 tools that have been tested to compile and run on Debian GNU/Linux 6.0, FreeBSD 9.0, NetBSD 5.1, OpenBSD 5.0, Mac OS 10.8.0, and Ubuntu 11.10.
37fde545740ff58ff27a5cb9590cb1aef36206d163471d31c5f7531f501e90c5
Red Hat Security Advisory 2012-1284-01 - The spice-gtk packages provide a GIMP Toolkit widget for SPICE clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. It was discovered that the spice-gtk setuid helper application, spice-client-glib-usb-acl-helper, did not clear the environment variables read by the libraries it uses. A local attacker could possibly use this flaw to escalate their privileges by setting specific environment variables before running the helper application.
f2c0f0bb7859b916967ca5677435478e5dd6ca4702ec05db09d5b281423e0052
Red Hat Security Advisory 2012-1283-01 - OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. It was found that OpenJPEG failed to sanity-check an image header field before using it. A remote attacker could provide a specially-crafted image file that could cause an application linked against OpenJPEG to crash or, possibly, execute arbitrary code. This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.
c223a367dbb574263853258126dea3b874b289aec4f93f819b0dde0fb91949a2
Debian Linux Security Advisory 2549-1 - Multiple vulnerabilities have been discovered in devscripts, a set of scripts to make the life of a Debian Package maintainer easier.
848402d3090c98eb8f956af92baa57671d5c38d44b3f75fc8e58d24bd48e1d11
Debian Linux Security Advisory 2480-4 - The security updates for request-tracker3.8, DSA-2480-1, DSA-2480-2, and DSA-2480-3, contained minor regressions.
a8a9ffeaee4d8ba69063d098e441bcb7d3eedaed9e66a42a5e31a87060cdf6e6
Ubuntu Security Notice 1570-1 - It was discovered that GnuPG used a short ID when downloading keys from a keyserver, even if a long ID was requested. An attacker could possibly use this to return a different key with a duplicate short key id.
aa800a4e7a51b00e5f866cc878a7f8a4f4a074b3ebd0d926511a10980c175106
Ubuntu Security Notice 1569-1 - It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially-crafted URL and inject arbitrary headers. It was discovered that PHP incorrectly handled directories with a large number of files. This could allow a remote attacker to execute arbitrary code with the privileges of the web server, or to perform a denial of service. Various other issues were also addressed.
ca286c3dc3421c19e6fd6053965096637970d19dc1b7ac9c4b2b75b876f38310
NCMedia Sound Editor Pro version 7.5.1 suffers from a MRUList201202.dat file handling buffer overflow vulnerability.
622be827ae2f496adf9292ac657f311604c6fcd62f590a02bc8c7745d6858de5
Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.
0e672a6a46bf2abde419a0e8ea846696d7f32e99ad18a6b405736ee6af07509f
Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service).
af1b375357fd01eac3d6c612cfe136b3edcdb00daf744545b3fe24d61e73c3ac
Secunia Security Advisory - A vulnerability has been reported in Liferay Portal, which can be exploited by malicious users to manipulate certain data.
54ae025e73628b9d53a32f0468a25b716923e59348daee17dd499118c304839e
This is a brief whitepaper with examples and information on hacking the Android platform from Google.
e9176c55d89393a905a6c089cf727073616f686508f90c534455c54eb3f00e4a
Secunia Security Advisory - Multiple vulnerabilities have been discovered in Auxilium PetRatePro, which can be exploited by malicious people to conduct cross-site request and SQL injection attacks and compromise a vulnerable system.
63f334f565efdc1e9bdbac996bed1330f92245c5457b39d3a164a46508bca77a
Secunia Security Advisory - A vulnerability has been reported in IBM AIX, which can be exploited by malicious people to cause a DoS (Denial of Service).
8371ba639cdd0ff278e28c38d4ab6899f6563db630ec9817ddf8c7e62bf3b505