Apple Security Advisory 2013-03-19-2 - Apple TV 5.2.1 is now available and addresses multiple security issues such as execution of unsigned code and information disclosure issues.
bac45d77e98f0ec3e7850f59f1a70b6fb9040d3075c3956d8f3436076e7149bb
Apple Security Advisory 2013-03-19-1 - iOS 6.1.3 is now available and addresses multiple security issues such as execution of unsigned code, permission changes, and more.
824988d29933703818be3b608fa9c3b290c14c3e517b7be5711d61cbb336a117
BlazeVideo HDTV Player Standard version 6.6.0.2 SEH buffer overflow exploit that spawns calc.exe.
9ce87967f87508842e8c3d72a010fd4c0fd87459ccdad80168c5778fa1f745e8
This Metasploit module exploits a stack based buffer overflow on Sami FTP Server 2.0.1. The vulnerability exists in the processing of LIST commands. In order to trigger the vulnerability, the "Log" tab must be viewed in the Sami FTP Server managing application, in the target machine. On the other hand, the source IP address used to connect with the FTP Server is needed. If the user can't provide it, the module will try to resolve it. This Metasploit module has been tested successfully on Sami FTP Server 2.0.1 over Windows XP SP3.
f2ce755b550afa23d41b892e96930bfc4c6426f8a8a9869ab6859d2655918b0e
This Metasploit module exploits a stack buffer overflow in Cool PDF Reader prior to version 3.0.2.256. The vulnerability is triggered when opening a malformed PDF file that contains a specially crafted image stream. This Metasploit module has been tested successfully on Cool PDF 3.0.2.256 over Windows XP SP3 and Windows 7 SP1.
b2cb27956204683b3f3b2b5177e1be282a14b7dbbf83dcb82f490a969c5a32f1
CA Technologies support is alerting customers to a potential risk with certain CA SiteMinder products that implement Security Assertion Markup Language (SAML). Multiple vulnerabilities exist that can possibly allow a remote attacker to gain additional privileges. The vulnerabilities concern the verification of XML signatures on SAML statements. An attacker can perform various attacks to impersonate another user in the single sign-on system.
0a14a948ab88ea32cc65eec67d7baeacc0cfda2caa0d678240891bf18319d013
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the MSHTML "CElement::EnsureRecalcNotify()" function when processing "onMove" events, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page.
74cac2fd4680b3b10d2bd5cbfa550491862f2c557deb06f06b2b52ff1c26b695
A local privilege escalation vulnerability has been identified in Photodex ProShow Producer version 5.0.3310. Insecure file permissions on the executable file "scsiaccess.exe", which is used by the application service "ScsiAccess" under the SYSTEM account, may allow a less privileged user to gain access to SYSTEM privileges. A local attacker or compromised process is able to replace the original application binary with a malicious application which will be executed by a victim user or after a ScsiAccess service restart.
d3fa045e2673851c540274839e21d86b9ded844acad5b02695a52999b8f3dffd
OpenCart version 1.5.5.1 suffers from a directory traversal vulnerability.
d4fb0138400954a2ffd3deaf9aa1b199b065826234b68bb121e49aa9e20d7686
Bricks is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security. Bricks is a completely free and open source project brought to you by OWASP.
4bc6a2b43238aab095f750762d8f713073bb420e282d34aa3cba0de32e5274a2
StarVedia IPCamera IC502w and IC502w+ version 020313 remote bypass username/password disclosure exploit.
b2e1e754ab46c85bc8c173378b2b272899f11b8f2b489f6d503525cd01b556aa
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the MSHTML "CElement::EnsureRecalcNotify()" function when processing "onResize" events, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page.
e7dd1c9d022b3a29ac08d671f377d6068705d06e27996f487998ab6b3c9df55b
Red Hat Security Advisory 2013-0661-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges.
cc332c567ec53f844d282fad86bf4fc64a5d4cae3d7c28f12c483b7e799e4d88
Red Hat Security Advisory 2013-0663-01 - SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides NSS and PAM interfaces toward the system and a pluggable back end system to connect to multiple different account sources. When SSSD was configured as a Microsoft Active Directory client by using the new Active Directory provider, the Simple Access Provider did not handle access control correctly. If any groups were specified with the "simple_deny_groups" option, all users were permitted access.
dead9317699f5089b93d69eff067de302f0ed4046e9544a10ea4072f333332b9
Ubuntu Security Notice 1770-1 - Yves Orton discovered that Perl incorrectly handled hashing when using user-provided hash keys. An attacker could use this flaw to perform a denial of service attack against software written in Perl.
160400c43f751227a821754c592c2c0991ab85529006ea92b840a9c891041806
Red Hat Security Advisory 2013-0662-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges.
48754598ed6c117f477241e7b5f7a1fae284fda03e08d5877005bb2b1ec2c11f