CubeCart versions 5.0.7 and below suffer from an insecure backup file handling vulnerability.
4ad0bade6b43f93bb55527eb3f44f901936684bc818abacd7c7a8ba1a7d090bb
tcgetkey is a set of tools that deal with acquiring physical memory dumps via FireWire and then scan the memory dump to locate TrueCrypt keys and finally decrypt the encrypted TrueCrypt container using the keys. It is a proof of concept and only works against TrueCrypt running on Linux hosts.
fd1ca946bf249034b70df9e906adf2257e7c7ba2d5c950bee07fc421f5efa391
This Metasploit module exploits a stack based buffer overflow on RealPlayer versions 15.0.6.14 and below. The vulnerability exists in the handling of real media files, due to the insecure usage of the GetPrivateProfileString function to retrieve the URL property from an InternetShortcut section. This Metasploit module generates a malicious rm file which must be opened with RealPlayer via drag and drop or double click methods. It has been tested successfully on Windows XP SP3 with RealPlayer 15.0.5.109.
f1c623bc1dcad36e79d57718a63066d97b024a30199457832d62e68170935185
This Metasploit module exploits a vulnerability found in WordPress plugin Asset-Manager versions 2.0 and below. By abusing the upload.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.
81b75da9229bb9ea397205ad2f8f36a7be52ab7edb32882060a059e87e819740
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
877f0fde7a1b9bb0cdd0999db9a608db6beb44a3c5860736fcb665139c816ff8
SonicWall Email Security version 7.4.1.x suffers from a persistent cross site scripting vulnerability.
7b65bbace4bdb5f0e1d2c16ffbaaeb17804008aad4232e2101248a191518d805
Log Analyzer version 3.6.0 suffers from a cross site scripting vulnerability.
f987ab8bbed2ee70d4fd2071548210b7b53ce96342dea67455f31fb3d9addeb1
Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
feffed3a6f9712581d6d3919879040b1a1af45225b1010a4993bf862650b8bd0
The Polycom HDX Video End Points web management interface suffers from a cross site scripting vulnerability.
c33a77f2c171969139be48d5bb5f627a19f1a2eb5aac6100b6844b72341d03ac
Debian Linux Security Advisory 2591-1 - Multiple security issues have been found in Mahara, an electronic portfolio, weblog, and resume builder, which can result in cross-site scripting, clickjacking or arbitrary file execution.
390bb5471860b52761704077ff7b8ecce39f0e34112b25385a74becd6479363d
This is a whitepaper discussing insecure authentication control in J2EE implemented using sendRedirect().
b2a82a30b0720aba342064d33edf9fea0ba6e7a76c0c2af4a6533a79e5904233