Sphider Search Engine version 1.3.6 remote code execution exploit.
12d453d48a78bb7d7a0b6ff07688be488721af5843b001df66e28674efaec9ab
ManageEngine OpStor version 7.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
0d32814a7c7e07a67aa2e95cf6174ae8d8c2d00a3fc33f9753921e77bd33d89f
Social Engine version 4.2.5 suffers from input validation and cross site scripting vulnerabilities.
9cccc1f1afba3410682d642eec4bfad1139cc84cd5e5a5d4b0b60db0352e87f2
Secunia Security Advisory - loneferret has discovered a vulnerability in ManageEngine Service Desk Plus, which can be exploited by malicious people to conduct script insertion attacks.
4b576f909e08c470239259f64d977553f3e5fa4e4a72ed165b1d7a788f36a797
Ubuntu Security Notice 1524-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
cbaae6919431428ce28f0525f8b4610c12e3488e31906a3c083d3654bfca78e3
This is a brief whitepaper discussing how to BackTrack 5 and the Social Engineering Toolkit (SET) to generate a malicious java applet in order to gain a reverse shell on Windows 7.
c465ce76e11d434cefe598ce9ad6f6709a3c029e5620d87ca6bb83721ba8d677
Secunia Security Advisory - A vulnerability has been reported in Sauerbraten Game Engine, which can be exploited by malicious people to compromise a user's system.
415bdb53a582f34c45fd6d68ab280ae7b73a6a7f56050e69f13483d539d6bbbe
Secunia Security Advisory - Two vulnerabilities have been reported in SocialEngine, which can be exploited by malicious users to conduct script insertion attacks.
a97ca29acf0391a400db8256682379a894ac51298a22a1e4838fbd6c2fa0892f
Mandriva Linux Security Advisory 2012-110 - Security issues were identified and fixed in mozilla firefox and thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Mario Gomes and research firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the address bar by canceling the page load. Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues. Various other security issues have also been addressed.
fc759a56d0fd0415fcdc1530461fc3a3b4be19990db69c21c30eed023857e0e8
Secunia Security Advisory - A vulnerability with an unknown impact has been reported in VStar Blog Engine.
530eeef54ad5b207dab3e0bd2e64eff11afbb1443a8a3bcc84dc2d6279af8b3d
Social Engine version 4 suffers from persistent and reflective cross site scripting vulnerabilities.
9cb66f52c5d1f11ad81ff910c9c102602740a914f20a0ffd26f00dea52754f32
Mandriva Linux Security Advisory 2012-110 - Security issues were identified and fixed in mozilla firefox and thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Mario Gomes and research firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the address bar by canceling the page load. This causes the address of the previously site entered to be displayed in the address bar instead of the currently loaded page. This could lead to potential phishing attacks on users. Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues: two use-after-free problems, one out of bounds read bug, and a bad cast. Various other issues were also addressed.
1ce982533aa61dcb970d364a88b5efa396148d382b7871b4cc8d8b1681a6aafb
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
e04c26178dc146b9bd7843e72fd7fdecf3195b883789550077a13046fd4cc69b
netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.
ab4e1ef6aadb00b998349aff66e4e1cec53910113344c53ac8eb947fd46b5e89
Secunia Security Advisory - A weakness has been reported in Cisco Application Control Engine products, which can be exploited by malicious users to bypass certain security restrictions.
9599cf531e4083ef8df5f2742495afea519f6ce878470415003c457a67089a46
Cisco Security Advisory - A vulnerability exists in Cisco Application Control Engine (ACE) software. Administrative users may be logged into an unintended context (virtual instance) on the ACE when running in multicontext mode. Cisco has released free software updates that address this vulnerability. A workaround is available for this vulnerability.
543bfe7363a2968b41ab895f56066550f437e4aa52375a8a38bbe9e43155bb32
Red Hat Security Advisory 2012-0880-04 - Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A flaw was found in the way Qt handled X.509 certificates with IP address wildcards. An attacker able to obtain a certificate with a Common Name containing an IP wildcard could possibly use this flaw to impersonate an SSL server to client applications that are using Qt. This update also introduces more strict handling for hostname wildcard certificates by disallowing the wildcard character to match more than one hostname component.
88fdefaee5d521cf6eb6d97528778445e48f16725d34e7207c5a2cb76e6cb77b
Red Hat Security Advisory 2012-1013-01 - The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. When a JBoss server is configured to use JaccAuthorizationRealm, the WebPermissionMapping class creates permissions that are not checked and can permit access to users without checking their roles. If the ignoreBaseDecision property is set to true on JBossWebRealm, the web authorization process is handled exclusively by JBossAuthorizationEngine, without any input from JBoss Web. This allows any valid user to access an application, without needing to be assigned the role specified in the application's web.xml "security-constraint" tag.
00999837f17b1b0b26b7d6c7ae3e33974a469610cd0c968e5f9c9ec652967eac
Red Hat Security Advisory 2012-1014-01 - The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. When a JBoss server is configured to use JaccAuthorizationRealm, the WebPermissionMapping class creates permissions that are not checked and can permit access to users without checking their roles. If the ignoreBaseDecision property is set to true on JBossWebRealm, the web authorization process is handled exclusively by JBossAuthorizationEngine, without any input from JBoss Web. This allows any valid user to access an application, without needing to be assigned the role specified in the application's web.xml "security-constraint" tag.
67e1ea08d93cbca3238c670e8d691aa83c9a371df16c09c9749c576859ba213e
Netzob supports the expert in reverse engineering, evaluation, and simulation of communication protocols. Its main goals are to help security evaluators to assess the robustness of proprietary or unknown protocol implementations, simulate realistic communications to test third-party products (IDS, firewalls, etc.), and create an Open Source implementation of a proprietary or unknown protocol. Netzob provides a semi-automatic inferring process, and includes everything necessary to passively learn the vocabulary of a protocol and actively infer its grammar. The learnt protocol can afterward be simulated. Netzob handles text protocols (like HTTP and IRC), fixed field protocols (like IP and TCP), and variable field protocols (like ASN.1-based formats).
91fa98852cc51306077c49e5198bcaa8bc6229c3e02ab6e3a0db9b9a3a273542
Secunia Security Advisory - Tiago Natel de Moura has discovered multiple vulnerabilities in SocialEngine, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and request forgery attacks.
e124c0d562158eaaac866756fd5c64449c84ace9ff0384849a08d12c68d65cdc
Social Engine version 4.2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
0fa6f5de7bdbe3290ed0ede01f2bace1adff3a4674976586858e62e0e8ba2d18
Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed.
b4728ca55ce3cfd40444a11b5acd5298ece8e9bf6c775569b96cc5d90bcd9a33
HULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.
d9c1a1a5082375991a0038f05e0d43d9b63ed9ae620deaea9690c624aa50a37a
Secunia Security Advisory - Debian has issued an update for gridengine. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
158a0133a0d96405f70dd8b8ca43a4ab095c35ba1ea264eb57859f9f6a5b3d20
Debian Linux Security Advisory 2472-1 - Dave Love discovered that users who are allowed to submit jobs to a Grid Engine installation can escalate their privileges to root because the environment is not properly sanitized before creating processes.
fb5e1c809897c9f19723eac2b149d18e7bbd0d84cf8545cb5f93e9b78c5c44fb