Debian Linux Security Advisory 2630-1 - Sumit Soni discovered that PostgreSQL,an object-relational SQL database, could be forced to crash when an internal function was called with invalid arguments, resulting in denial of service.
68e6406bf02a36ed88b2b1ddae4498139d15e7cbd52cc26578fcb88b80a2a64b
phpMyRecipes version 1.2.2 remote SQL injection exploit.
48cf9d477ec7a80c51ed5ab37dd272196f3a99397e30828b2d1164825dd48df9
RTTucson Quotations Database Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.
cdcaa384c92df2bf334a9b66417054e96b8f61a54b8d21f9c18d3692cc3dc645
Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
127d731b190529febf4d94a4eccd731e32f00c3b40a933383605e108c26a6cd0
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
64b713875520b4a4aee7b65683717825e66dcb9a8934834cf71db7b4e5a0100a
Apple Security Advisory 2013-02-19-1 - Multiple vulnerabilities existed in Java 1.6.0_37, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues were addressed by updating to Java version 1.6.0_41.
efaa78c6307bff18b0f0f70b5b7bddb17aeaa75941096769958b8ee66696c872
Mandriva Linux Security Advisory 2013-013 - Multiple vulnerabilities has been found and corrected in Squid. Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via long POST requests, or crafted authentication credentials. cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service via a crafted request. NOTE: this issue is due to an incorrect fix for possibly involving an incorrect order of arguments or incorrect comparison. The updated packages have been patched to correct these issues.
5d5f69e81a32849b1999089a698c6a5586a8a41760ae2ffa2fdbb0728609733f
Red Hat Security Advisory 2013-0275-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.
158967611fc416ac990e91ac6875a316e09285ecee34a665570603958dc51cd6
Red Hat Security Advisory 2013-0274-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle.
1c3483b62f9201a000a9a33304c470c2728d668d5254f683b0d4d35038b7b433
Red Hat Security Advisory 2013-0273-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle.
d539e4d6911cdc8f6a178ebfda088502cb56aa31e26189bdf1c710612c289877
Ubuntu Security Notice 1729-1 - Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, Alon Zakai, Christian Holler, Gary Kwong, Luke Wagner, Terrence Cole, Timothy Nikkel, Bill McCloskey, and Nicolas Pierron discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash. Atte Kettunen discovered that Firefox could perform an out-of-bounds read while rendering GIF format images. An attacker could exploit this to crash Firefox. Various other issues were also addressed.
efab7f07cece6f3050c4c7798596f5cb5d725280a3bdc0d5e2a56be32baddab9
This document contains the results of a comparative penetration test conducted by a team of security specialists at Zero Science Lab against three 'leading' web application firewall solutions. The goal of the authors was to bypass security controls in place, in any way we can, circumventing whatever filters they have. This report also outlines the setup and configuration process, as well as a detailed security assessment.
b7ec360c41751b864d585550e59e6ce9daffa5990a1e4421486df42ffc283b61
This article discusses how to use Metasploit for scanning, crawling, and attacking web applications.
f1cc7c7ac8d8fc3a74105e7d8d02584bf9e083b1aa1fc066326798f75e73ec12
Zenphoto version 1.4.4.1 suffers from a remote blind SQL injection vulnerability.
d966ea31e8b17b2b96cb9927385cb3b427eac99bb64c3cc081daaa582daaf212
This Metasploit module exploits a stack buffer overflow in BigAnt Server 2.97 SP7. The vulnerability is due to the dangerous usage of strcpy while handling errors. This module uses a combination of SCH and DUPF request to trigger the vulnerability, and has been tested successfully against version 2.97 SP7 over Windows XP SP3 and Windows 2003 SP2.
fd7a317c230213f8edc299a76b9d39aee9e244cbb2a205aa46a90b61823d7fee
This Metasploit module exploits an arbitrary file upload vulnerability in BigAnt Server 2.97 SP7. A lack of authentication allows to make unauthenticated file uploads through a DUPF command. Additionally the filename option in the same command can be used to launch a directory traversal attack and achieve arbitrary file upload. The module uses uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of BigAnt on Windows XP and 2003. It has been successfully tested on BigAnt Server 2.97 SP7 over Windows XP SP3 and 2003 SP2.
dc87880460e34e43169ec0e0613b958641d3dd6f47c0902d800d64b756f31d6e
This Metasploit module exploits a vulnerability found in OpenEMR 4.1.1. By abusing the ofc_upload_image.php file from the openflashchart library, a malicious user can upload a file to the tmp-upload-images directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on OpenEMR 4.1.1 over Ubuntu 10.04.
09f5efca41c484db706376ef3dfea164467c56c4d486e5b9040b98c0af8c332a
Squirrelcart version 3.5.4 suffers from a reflective cross site scripting vulnerability.
a46543a8bb0ab278d3990bfe150c544ddc8dd309411ee1a9c232ac64cf315571
Red Hat Security Advisory 2013-0272-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that, after canceling a proxy server's authentication prompt, the address bar continued to show the requested site's address. An attacker could use this flaw to conduct phishing attacks by tricking a user into believing they are viewing trusted content.
95f86f0f7e3c40001f7fb45c2f16138bd03a952132b7295a51a5801f7e41c828
Ubuntu Security Notice 1728-1 - Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously.
84c0f2370824ab1d88e369f8c3ee98fa2971880d4270ed52f8d1fc73ee6a4a63
YAML, MultiProject extension for Trac, UserCollections extension for Piwigo, TAO and TableTools plugin for DataTables plugin for jQuery are all affected by the cross site scripting issues discovered in ZeroClipboard as they include the swf.
d81a83c614cfc84ec66ca68b939dab7074dc98d401693f0c5c6943182dcd0229
In this paper the author demonstrates how spinning hard-drives' service areas can be used to hide data from the operating-system (or any software using the standard OS's API or the standard ATA commands to access the hard-drive). These reserved areas are used by hard-drive vendors to store modules that in turn operate the drive, and in a sense, together with the ROM, serve as the hard-drive’s internal storage and OS. By sending Vendor Specific Commands (VSCs) directly to the hard-drive, one can manipulate these areas to read and write data that are otherwise inaccessible. This should not be confused with DCO or HPA which can be easily detected, removed and accessed via standard ATA commands.
56c7d0d4187efd4b11c8476ff27ccc113b0205c32f936a78c17c88cafa947b3d
FreeBSD Security Advisory - BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. DNS64 is an IPv6 transition mechanism that will return a synthesized AAAA response even if there is only an A record available. Due to a software defect a crafted query can cause named(8) to crash with an assertion failure.
7a8b0adfcf6016b307c0e17b5c45fdec29ac76e9591aba0e5450056bd38ad916
FreeBSD Security Advisory - The glob(3) function is a pathname generator that implements the rules for file name pattern matching used by the shell. GLOB_LIMIT is supposed to limit the number of paths to prevent against memory or CPU attacks. The implementation however is insufficient. An attacker that is able to exploit this vulnerability could cause excessive memory or CPU usage, resulting in a denial of service.
f2e502ca64a6aa303c90908a48c574ac08e6abef1995c2a730359cea8c7e9fec
Bricks is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security. Bricks is a completely free and open source project brought to you by OWASP.
f3e19532950821b7e4e8be8f975a13a51aa346f3186c6e45ca89fc5b7386dc28