Core FTP Server version 1.2 build 535 32-bit crash proof of concept exploit.
718dbfa32e780909200eb23f74090ac03f5b7d3cf73928a385d99d0e67a07917
3.ebay.com.au suffered from a remote SQL injection vulnerability.
ac896c8d7f84eab08d888bc38f0ffbac7bc78ada59535a0ebae9c502787f512c
This is a python script that scans a webserver for timthumb.php.
c5de670c6b138663f9aa17471dccac1ef63011cac2b9b79114f492b672ae8720
The Call For Papers has been announced for SAC 2014. The conference Selected Areas in Cryptography 2014 (SAC 2014) will be held at Concordia University, Montreal, Quebec, Canada, on August 14th through the 15th, 2014.
2afc2beb8a1598aa1350f9710067c38eb79ecb9072ad8e37baea72786056ea7b
The News module in PHP-Nuke version 8.3 suffers from a remote SQL injection vulnerability.
a3dcb3ff99610710137c524c5160bb879d6fde1d17ff511a654c9f5276aa57e5
HP Security Bulletin HPSBUX02960 SSRT101419 3 - A potential security vulnerability has been identified with HP-UX running NTP. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 3 of this advisory.
e0bb8d4702ecd453b0bdb6a93fed59263c7330cdba9ffb831ed00b6833d62f0d
HP Security Bulletin HPSBMU03009 3 - A potential security vulnerability has been identified with HP CloudSystem Foundation and HP CloudSystem Enterprise software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 3 of this advisory.
715a2d0a4cdf05596a3668d5ecd8157e6df13d4c09710a6731099c91bd445fb0
P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP).
f2dd6d877e15363bbb90325683e06abdd781aa3fa18b4e97de95fd0b8d904817
RSA Archer GRC 5.4 SP1 P3 platform contains fixes for multiple cross-site scripting vulnerabilities. These vulnerabilities can be exploited to execute arbitrary HTML and script code in an RSA Archer user's browser session in context of an affected RSA Archer application.
8a6799538051d3cc6695cf5dfc128a76888c85fc4316e9384239998346adb6e6
Debian Linux Security Advisory 2936-1 - John Fitzpatrick from MWR Labs reported a stack-based buffer overflow vulnerability in torque, a PBS-derived batch processing queueing system. An unauthenticated remote attacker could exploit this flaw to execute arbitrary code with root privileges.
000e95af2d290953506bcada622442d6062842c424e774b0871880778600207b
Gentoo Linux Security Advisory 201405-27 - A vulnerability in LibYAML could allow an attacker to execute arbitrary code or cause a Denial of Service condition. Versions less than 0.1.6 are affected.
0ee66c37e9ea5190948fb3842e8c8295ad38746709229bb5ee1e8606e76afb7f
HP Security Bulletin HPSBMU03025 2 - A potential security vulnerability has been identified in HP Diagnostics running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 2 of this advisory.
52629bc62087a9590b7c8b290ce662df2a94e3e0cdab3616e08af610cd2dd175
HP Security Bulletin HPSBMU02995 8 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 8 of this advisory.
8a46199caee50f4b5ccb3fe410da023a1d9cae75b0c14e9eb19f64d6b9895b17
Chkrootkit checks locally for signs of a rootkit. Chkrootkit includes ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions, strings.c for quick and dirty strings replacement, check_wtmpx.c to check for wtmpx deletions and the files chkproc.c and chkdirs.c to check for LKM trojans. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x, 4.x, and 5.x, BSDI, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0, and HP-UX 11.
9548fc922b0cb8ddf055faff4a4887f140a31c45f2f5e3aa64aad91ecfa56cc7
EMC Documentum D2 contains several D2 core methods and a D2FS web service method that may allow an authenticated user to execute arbitrary DQL queries with superuser privileges.
7395caedf23353f2c004c71398d331c69995e81e3870a73a34d75d29bc67dd3f
D-Link DIR-652, DIR-835, DIR-855L, DGL-500, and DHP-1565 suffer from clear text storage of passwords, cross site scripting, and sensitive information disclosure vulnerabilities.
a7668e84297d67c97f777a5d017f21ef288453a895bebdf304e432fe59637710
This is a Metasploit modules that leverages an authenticated arbitrary file upload vulnerability in Dotclear versions 2.6.2 and below.
fa7134cec4517d630b5ea12c4242fbfc9bfb06e0df1b252b0e24e5fa245675a6
Cisco Security Advisory - Cisco Nexus, Cisco Unified Computing System (UCS), Cisco MDS 9000 Series Multilayer Switches, and Cisco 1000 Series Connected Grid Routers (CGR) are all based on the Cisco NX-OS operating system. They are all affected by buffer overflow, privilege escalation, and denial of service vulnerabilities.
7cbdd459508984ad05613b5f8dfd78e812d9c4aa6af13199816c11689911fb2c
Cisco Security Advisory - A vulnerability in Cisco Wide Area Application Services (WAAS) software versions 5.1.1 through 5.1.1d, when configured with the SharePoint acceleration feature, could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to incorrect buffer handling for SharePoint responses. An attacker could exploit this vulnerability by convincing a user to access a malicious SharePoint application. An exploit could allow the attacker to crash the application optimization handler and execute arbitrary code with elevated privileges on the WAAS appliance. Cisco has released free software updates that address this vulnerability.
debbd5883c0f1ee44fd9c6207d5297829694cf5da109411306a1a90b8555f5c5
HP Security Bulletin HPSBMU03044 - A potential security vulnerability has been identified with HP Business Process Monitor running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
75b0264fcbec223ee3f4ea20c5e45106bd20fec772506d86b5b521ab51e99c32
HP Security Bulletin HPSBMU03042 - A potential security vulnerability has been identified with HP Operations Manager i running on Linux, and Windows. The vulnerability could be exploited by an authenticated OMi operator to execute arbitrary code. Revision 1 of this advisory.
f1b6918940249cce1d82af4f65bab7e6ca8abce69462188ab50ff2ced7fe6abc
Debian Linux Security Advisory 2935-1 - It was discovered that malformed responses from a Gadu-Gadu file relay server could lead to denial of service or the execution of arbitrary code in applications linked to the libgadu library.
968e3067472edc877e3d58f8a306f4c3be00b07a88941c496bc361b1297c2a47
Red Hat Security Advisory 2014-0536-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.5.37.
efa88c6d2d6a9b3c9599b4e685e6a270ed5ced1f29e9a38839441774aef2e9be
Red Hat Security Advisory 2014-0537-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.5.37.
a64031dc8f87dc015972399f06eeeb57a3646b9a5d9e864b433f49d12014a63a
Apple Security Advisory 2014-05-21-1 - Safari 6.1.4 and Safari 7.0.4 are now available and address code execution vulnerabilities.
cb432efb5b115028ce6fb6e5f7885637ec7ab0cf5c49906f721e09b631043157