On Windows 11, the Kerberos SSP's KerbRetrieveEncodedTicketMessage message can be used to get an arbitrary service ticket and session key from an AppContainer even without the enterprise authentication capability leading to elevation of privilege.
78434d5ce4cfd024dc8d980cdbc2c6c5bfc491c59fd75bca49f3b74f62b3a77a
Mandriva Linux Security Advisory 2012-066 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface which allows for invalid frees and possible remote code execution. Anne van Kesteren of Opera Software found a multi-octet encoding issue where certain octets will destroy the following octets in the processing of some multibyte character sets. Various other issues were also addressed.
52c7580faddde89c8ddd93ee504f0bd91f907d7b0db98c6e88c400c8de82300c
Multiple PacketVideo products contain a directory traversal vulnerability within the web server that is running on port 9000. These products are vulnerable to the attack regardless of having configured the "Secured Server Settings" which are available on the Advanced configuration page. Susceptible products include the Twonky 7.0 Special and the TwonkyManager 3.0.
d7cc75961c0a51603edd705eddc5a0af411e1503f0174c5d5cefe48addcd4c14
Red Hat Security Advisory 2012-0519-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.1 serves as a replacement for JBoss Enterprise Portal Platform 5.2.0, and includes bug fixes.
4c2d7e867f2236c82154ad3fdca5b623e021c311c49562d7e1ef097fb83249f5
Ubuntu Security Notice 1400-5 - USN-1400-1 fixed vulnerabilities in Firefox. Firefox 11 started using GSettings to access the system proxy settings. If there is a GSettings proxy settings schema, Firefox will consume it. The GSettings proxy settings schema that was shipped by default was unused by other applications and broke Firefox's ability to use system proxy settings. This update removes the unused schema. Various other issues were also addressed.
07e1cf6fd8987b086263aacb60563d76b5fd0d0116bf4c2083136d6fc4896fd2
This Metasploit module exploits a stack-based buffer overflow in GSM SIM Editor 5.15. When opening a specially crafted .sms file in GSM SIM Editor a stack-based buffer overflow occurs which allows an attacker to execute arbitrary code.
451d9fa4a2e617e48ce85c48c985cb871ef37c17216ab0ee454a7063cff0d329
Radiography is a forensic tool which grabs as much information as possible from a Windows system. It checks registry keys related to start up processes, registry keys with Internet Explorer settings, host file contents, taskScheduler tasks, loaded system drivers, uses WinUnhide to catch hidden processes, and does much more.
be7394b4ce9a474ce4d3c0d3ddd25f7e3f4940ae86f346304bfb881bc6e41ad4
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
e1ec1bc25bc337a1942e74d7c07a0a9782a3728905f92f633204d8c7be267b17
BGS CMS version 2.2.1 suffers from multiple stored and reflected cross site scripting vulnerabilities when parsing user input to several parameters via GET and POST method (post-auth). Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
1a474163f17dc1462181f57315dc71f8d56003df79de9b6b8db2e147abf40c76
Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.
6c4fe7128a01c6f309bd181563c54cdf0abf2f623db78e0207f9c69176b15858
Cisco Security Advisory - The Cisco WebEx Recording Format (WRF) player contains three buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site. The players can also be manually installed for offline playback after downloading the application from www.webex.com. If the WRF player was automatically installed, it will be automatically upgraded to the latest, non-vulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the WRF player was manually installed, users will need to manually install a new version of the player after downloading the latest version from www.webex.com. Cisco has updated affected versions of the WebEx meeting sites and WRF player to address these vulnerabilities.
5a6fd0961849fbf9e0e2f35c8d9ff27609e9c090b4f86b93378ccddd00e0762d
This is a brief paper that describes how sending external email to an account automatically maps things like a graphic if a person's personal email address maps to it. We tested this and it does work, but Facebook does add a little icon saying the sender isn't verified. However, the average user will probably overlook this.
5b503a91fa75c821b880ed02d9f1bfcea98221c81d919e117cbfcd16eade343f
Secunia Security Advisory - Two security issues and a vulnerability have been reported in ZyXEL GS1510, which can be exploited by malicious people to disclose potentially sensitive information and conduct cross-site scripting attacks.
4d2a966d89c83d70c8d5e9c8dd28640d76c035a3e3dcf47f7560d72699065eb3
In 2012, OWASP is holding its Global AppSec Research (EU) Conference in Athens, Greece! The OWASP AppSec Research conference is a premier gathering for Information Security leaders and researchers. It brings together the application security community to share cutting-edge ideas, initiatives and technology advancements. The Call For Papers is now open.
b67ff68635b0da527a9389e954b4fa15fc435fa409b274cf649d45bc21db5d36
WordPress Deans with Pwwangs Code plugin suffers from a FCKeditor remote file upload vulnerability.
0c816792c3ca6a0b7d63857f24ed1e793ca83dd33846e3484963e4614bb59655
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
c8c3069e78dcb8b749a066c7c3bfcea1168243f75afe69a91a6330c99efd9ae4
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
fe044230036d848ad6720383afa9e61319b0004de5ccf5aedc1b26ee3e6ced82
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
e40867ec2b07662d86f8ccbf48ffce4f61c258d21758a358af57368530200887
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
42173590795645e2f9e4219d77b6699b9a6ca4563946c65ff2773b7d9c831693
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
88fc63ec0972b2501852fc4f0e3308b885982bd391d185e2e5897765d93e3d45
The ZyXel GS1510 web frontend suffers from cross site scripting and password submission over HTTP vulnerabilities.
7bf039aa909839bc91b9955ca5263119afc35507902d82b8af6626a2ab2bd5f9
Ubuntu Security Notice 1398-1 - Tenho Tuhkala discovered that the LTSP Display Manager (ldm) incorrectly filtered keybindings. An attacker could use the default keybindings to execute arbitrary commands as root at the login screen.
7ce1e6e2ce3facc78d68784fa8ed22148f48cebd6fdfe476a93f740c51212ff3
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
7a17b614015f0e9b25e58e0aaa9455ba25a8a9423f1ab726fa46481fb5a83571
Ubuntu Security Notice 1392-1 - Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges.
e3a1cb2d59c53f8534bcc574cde849ab64541e6674e02b848509d7c0c55f2c23
Ubuntu Security Notice 1384-1 - A bug was discovered in the Linux kernel's calculation of OOM (Out of memory) scores, that would result in the wrong process being killed. A user could use this to kill the process with the highest OOM score, even if that process belongs to another user or the system. Paolo Bonzini discovered a flaw in Linux's handling of the SG_IO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. Various other issues were also addressed.
ba35da89b5eae8117d31f718c99da404c1ff80d437df5bc034c13a24bb0b4c94
Joomla web scanning perl script that gets the version, components and shows possible bugs.
dbf6afebc08cfab8556c7d449c2714a2f927de9e575f463d09ddc670e6dbb60d