Zykeys demonstrates how default wireless settings are derived on some models of ZyXEL routers.
4011a881981df78c6a989e2a4dfd7be65354f245eefc04c178f9c93221f6bf3d
This Metasploit module updates an existing MSF module originally written for BlazeDVD 5.1. The new module will bypass DEP and ASLR on version 6. The original vulnerability is due to the handling of specially crafted PLF files. Exploiting this allows us to execute arbitrary code running under the context of the user.
ff5bd458d53d97905de67393897725bc2fc0ec2f6c59ecc21e7e6504016b8953
33 new themes for WordPress that are made by RocketTheme suffer from cross site scripting, path disclosure, and content spoofing vulnerabilities.
b113d5f193f4f8045548d75e1c1eb2e88da81e01e5f5af92b4d2a24021042799
WordPress SB Uploader version 3.9 suffers from an arbitrary file upload vulnerability.
d2989ab52362a8caed7d70e1750dd7f87e067566d774597523e6315bb3bd4327
WordPress Photo Plus / Photo Search version 4.8.11 suffers from cross site request forgery and cross site scripting vulnerabilities.
c080064f2acdd8acdd3c6a4b7b8bac6aac032236c9a290e1c00e9984fa0994db
The ERP (Enterprise Resource Planning) system from Sida University System suffers from a remote SQL injection vulnerability.
6b509c2af3ab4aec42eafe4b2b75733cb59bac0f5a2011aae36c26758ae9fc10
Secunia Security Advisory - A vulnerability has been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.
cc4807b9ab7303ec7a326cad3e55b19a13e0045602a8e1beb9435a20a62a22ef
Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice.
53085aceeec913c3a9b7729ac19394b6db4d639a4adfbf180356183ec5a27905
This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
652f806668e2da16c60d530a21a840a2cbd6cb4da1794bfc93cc12dac7a062fe
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
a36f3721d12e6cacf44f111915f23f5a404801a7a9236c6fecdd4808d20bbbb9
Debian Linux Security Advisory 2592-1 - Marko Myllynen discovered that elinks, a powerful text-mode browser, incorrectly delegates user credentials during GSS-Negotiate.
149c360062a76e5cec29b9d5823b3e815bd95780d8d20666f866ebe907200af3
Ubiquiti AirOS versions 5.5.2 and below suffer from a remote post-authentication root-level command execution vulnerability.
31177e50c29169efd962af59bdd1dcd6fd98c00f6e95f81c9e27921a3d144b6a
Secunia Security Advisory - SUSE has issued an update for tomcat. This fixes multiple weaknesses, one security issue and three vulnerabilities, which can be exploited by malicious users to manipulate certain data and by malicious people to bypass certain security restrictions, manipulate certain data, gain access to potentially sensitive information, and cause a DoS (Denial of Service).
94b833d5afca567dd8b6f81dfc4de063020f11be6eece639f82752267f247ab6
Secunia Security Advisory - A vulnerability has been reported in i-GEN opLYNX, which can be exploited by malicious people to bypass certain security restrictions.
7df638d8ded60fc9cf7d10f7806a26f013d9496308191c5e55e8a9255bb979b2
Secunia Security Advisory - SUSE has issued an update for opera. This fixes a security issue and two vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to conduct spoofing attacks and potentially compromise a user's system.
9f54ac0e01adc9de3accec195e07f5da62202a62726a6e195e0800fda37b3988
Secunia Security Advisory - Debian has issued an update for mahara. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct click-jacking, cross-site scripting and request forgery attacks, and disclose potentially sensitive information.
974b033350dc12b02a820eb5ef9cf13746f7ad11ed70d1325b58cde018653c76
Secunia Security Advisory - MustLive has discovered a weakness in MODx, which can be exploited by malicious people to determine valid usernames.
c97b887f44cfbeccf1887a3b46bda7830c8562c22efe6ea261fa150b0e1d9942
Secunia Security Advisory - Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
0226e658eee44741ea5e476f646cd0183e9cdf360eaa475ca1783c1d26261e3d
Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM InfoSphere Guardium, where one has an unknown impact and the others can be exploited by malicious users to potentially compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks.
95358346677c36ee4518a6f67c6d78067bacf67efbe0d1c82b19d3d878b66305
Secunia Security Advisory - Debian has issued an update for elinks. This fixes a weakness, which can be exploited by malicious people to conduct spoofing attacks.
8c522f343e38303eb3ac3e3871bfebfede5061ee0225e4a45e39b21836f9f0fa
Google Talk decoder tool that demonstrates recovering passwords from accounts.
f22e21c764b1d148dce047075c8e5e1ad98da47c9ae526044a697f021a0bbb66
Chrome web browser decoder tool that demonstrates recovering passwords.
66d28558bf59fb4ed56c20e07d16601110120d4096f33f8d5a6591e5cef2732c
This is a tool that demonstrates dumping MD5 password hashes from the configuration file in Skype.
1c5bf93ebc41bc95553af5a1fa8a89d8ada7ff8cb06b4f21db26e8a540ca2921
CubeCart versions 5.0.7 and below suffer from an insecure backup file handling vulnerability.
4ad0bade6b43f93bb55527eb3f44f901936684bc818abacd7c7a8ba1a7d090bb
tcgetkey is a set of tools that deal with acquiring physical memory dumps via FireWire and then scan the memory dump to locate TrueCrypt keys and finally decrypt the encrypted TrueCrypt container using the keys. It is a proof of concept and only works against TrueCrypt running on Linux hosts.
fd1ca946bf249034b70df9e906adf2257e7c7ba2d5c950bee07fc421f5efa391