Secunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system.
afe1d65e35dbbe1a9c1cfa5c676b1615f2ff45ac8825572f492acc944ebf0d97
Secunia Security Advisory - Ibrahim El-Sayed has reported a vulnerability in Interspire Email Marketer, which can be exploited by malicious people to conduct cross-site scripting attacks.
36340834fdfe55f14266ee6273d60aa7c60fc2db52f81ec3bb410db047a660c5
Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.
17921d9a1831d4918b758b2ec92bb98c1c3e3a11cd095cb59bc2e533191350eb
This Metasploit module exploits the default credentials of Apple iOS when it has been jailbroken and the passwords for the 'root' and 'mobile' users have not been changed.
54dd4f5278bc9c7459a9eb628b204ee6a8e4bb9050d89979261c0c78390b9f3a
HP Security Bulletin HPSBOV02822 SSRT100966 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, or unauthorized disclosure of information. Revision 1 of this advisory.
21c104d295b4ae2e63eb3ca4f8927d747e86151bd3754aa34134f75312b342b7
This bulletin summary lists 7 released Microsoft security bulletins for October, 2012.
7e0015e0216f26ed892c9ac46de20faa28af7c33d4117349b8637dce7f10465c
The Hotscan Listener interface is prone to a buffer overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. This allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
4d82bb2cdd5e00df2473121e20ac99ab0fed22e38807dad251dcffec376681c6
Wing FTP server versions prior to 4.1.1 suffer from a denial of service vulnerability.
5218cc363cc8502cf2bb7b724b8e65515218ed7cc7fcb5b6190fbf513f38f13e
This document is an analysis of the Microsoft Internet Explorer use-after-free vulnerability as noted in CVE-2012-4969.
71be4f13df3ab83a03a854c8af051074e8ab424be281df96d72b7c7300338be3
High-Tech Bridge Security Research Lab has discovered a vulnerability in Microsoft Windows which could be exploited to escalate privileges under certain conditions. The vulnerability exists due to the "IKE and AuthIP IPsec Keying Modules" system service, which tries to load the wlbsctrl.dll DLL that is missing after default Windows installation. Proof of concept included.
59c748e21d43b8cf7dd9c2c3ce4ae6dbd13341240e0cfa60bbf3d2ee4d85b88e
TinyCMS versions 1.2 through 1.4 suffer from a local file inclusion vulnerability.
bf76fb44a7c3064cbdd9616afb751e33dd5f67dd21c93ed1a6dd5b2f80c3ba67
VLC Player version 2.0.3 suffers from a ReadAV arbitrary code execution vulnerability.
b8d9e4b0937d2e4052d917d3fa45e638484b85c6cfa01eb95f048b90e9486e2f
Technical Cyber Security Alert 2012-283A - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.
d28aa6d4a5da0493cd355a00a8fe0309ef30dc9a848b8b3e88e8b4cd9f95977c
Opera appears to suffer from a cross site scripting vulnerability due to a content inspection issue with image/svg+xml.
47c58bfa83f5960e04d82e9e18ef5a405a829e835b66320e8d0d8cd3da1b9ba0
This is a whitepaper from Matasano that documents multiple zero day vulnerabilities in Dark Comet RAT. These issues include remote SQL injection, man in the middle issues, and arbitrary file access.
5fdcf5fad602c3cbdde40ce41d88d40d8290dff47e5bc4bbe9fddeba61cb22a4
Red Hat Security Advisory 2012-1346-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes several vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB12-22, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.
fe52d2cd52383705b081903c0dab09a02ccaac94d90a3263f1e439fe61e76d68
Ubuntu Security Notice 1599-1 - Pablo Neira Ayuso discovered a flaw in the credentials of netlink messages. An unprivileged local attacker could exploit this by getting a netlink based service, that relies on netlink credentials, to perform privileged actions.
97f627a7e057b15463f0a1a2f5d4e63676147038092fdff6afdd937a3f30f550
Ubuntu Security Notice 1598-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges.
9e6e98f1d12d479aa751fca255131825ffe9ffe0e3735a640d668a1119355906
Red Hat Security Advisory 2012-1350-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two flaws in Firefox could allow a malicious website to bypass intended restrictions, possibly leading to information disclosure, or Firefox executing arbitrary code. Note that the information disclosure issue could possibly be combined with other flaws to achieve arbitrary code execution.
c8d7292c8a6e60864621280d45d831aa43f4c5b9661f6df6ad09a301b22438f6
Red Hat Security Advisory 2012-1351-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws in Thunderbird could allow malicious content to bypass intended restrictions, possibly leading to information disclosure, or Thunderbird executing arbitrary code. Note that the information disclosure issue could possibly be combined with other flaws to achieve arbitrary code execution.
04a92bb829de1fb8dac97dcd040a06a8fa9a0030cb8e56101023c6d8cd50f381
Red Hat Security Advisory 2012-1347-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way socket buffers requiring TSO were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service.
6f66d7dd2d6f97c26921d531cc145e222d7eb29497db986be50430fd5b4aa23b