Results Unlimited CMS suffers from a remote SQL injection vulnerability.
65631b4d7ecd05aa606eb5b145211e34ee59cb0acb0167b67abda5595bcb38e0
This Metasploit module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. The connector fails to properly handle specially crafted HTTP POST requests, resulting a buffer overflow due to the insecure usage of sprintf. Currently, this module works over Windows systems without DEP, and has been tested with Windows 2000 / XP. In addition, the Weblogic Apache plugin version is fingerprinted with a POST request containing a specially crafted Transfer-Encoding header.
c5633687f5d4dea297197de9035ee5ddaf873d0ee50394f6fa17d80638863e7f
This Metasploit module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted svg file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: (1) It must support at least SVG version 1.1 or newer, (2) It must support Java code and (3) The "Enforce secure scripting" check must be disabled. The module has been tested against Windows and Linux platforms.
24c7b9f43ad4bc7ab845971e498435dbb71b35eb0f5542e9973eab4ad82fb513
OpenOffice.org includes the customized libwpd version 0.8.8 library for parsing WordPerfect documents. The used version of the libwpd library suffers from a memory overwrite vulnerability when reading a specially crafted WPD file. Successful exploitation of this vulnerability could result in an arbitrary code execution within the OpenOffice.org software suite.
c0fbf3513a8c6f3a2d74cceeb3b60aa04aa8253399451b37f5db876426268ecb
The Hackers 2 Hackers Conference (H2HC) 9th edition call for papers has been announced. It is being held in Sao Paulo, Brazil from October 18th through the 23rd, 2012.
c492a7230258756f220963ea3a248fac8910a3a97fdbd5f340dfd5fc5c789b9d
HP Security Bulletin HPSBOV02780 SSRT100766 - A potential security vulnerability has been identified with OpenVMS ACMELOGIN when SYS$ACM system service for authentication is enabled. The vulnerability could be locally exploited to allow unauthorized access and increased privileges. Revision 1 of this advisory.
6c5294cf2ec6ac1543b4bd7cf33a0f5a1880b30f46ebeac990527d00fadea9a5
HP Security Bulletin HPSBUX02782 SSRT100844 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
457fa208b2d89d333fc3e7b1e79dda9d71c42a5448aba577490f3ef540898b99
Mandriva Linux Security Advisory 2012-078 - Multiple vulnerabilities has been found and corrected in imagemagick. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed.
16755f115af78f1d3c621b96b65aa171706dd1323233fef010e83b6fe9fe11bb
HULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.
d9c1a1a5082375991a0038f05e0d43d9b63ed9ae620deaea9690c624aa50a37a
This python script looks for a large amount of possible administrative interfaces on a given site.
bf75788ddfe50e2e7b0c84f46f43ed551e1df60548cae06042d9c7ac89be56d8
Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system.
af6d326b8689f781d6e0c85593aa09136aec99822187d885bfc8880af29789ef
This is a whitepaper that gives a complete cross site scripting walkthrough.
7ccb4e719b298fb3680cb5feb24cf117a59343f4420b727273ea2fae0666e3a5
PHP version 5.4.3 code execution exploit for Win32.
112d363fff422a3298c43a35cb8f1208ab8151662b7d29a70a218c64597855b7
HP VSA remote command execution exploit.
e2634c82bf61b7660279ef87efb9959dc4f17ce4f09dbbb9b22dc962a374b58e
SkinCrafter active-x control version 3.0 suffers from a buffer overflow vulnerability.
30d450dc3599d00c2b250dec0560160d749a900ba9963b7810e0f6b67cf7e422
Debian Linux Security Advisory 2475-1 - It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash.)
66c8c21a9d5a67bd12535ff58d7285885abd5e746fc2188a45920751e9870d71
Ubuntu Security Notice 1445-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
7d0b2e8d139bbdf7e42fc75ff657d5dc4fdf2c134147403f44f2f71576098f00
Ubuntu Security Notice 1445-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
7d0b2e8d139bbdf7e42fc75ff657d5dc4fdf2c134147403f44f2f71576098f00
Ubuntu Security Notice 1444-1 - It was discovered that BackupPC did not properly sanitize its input when processing RestoreFile error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
359bdbb94093049e72426ec798a95cfc4d4baea1ae5e0d2cd86c4ac125e3c152
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
c02190292f3a147e906e373d6d388b12281fc71677eedb7324d27c178ff23901
Secunia Security Advisory - A vulnerability has been reported in Tornado, which can be exploited by malicious people to conduct HTTP response splitting attacks in an application using the framework.
dbfc0e23f4d2abacf09e25aa997aff77cbbd3c4e2accfcf2f2437aa2c66037b9
Secunia Security Advisory - A weakness has been reported in PolarSSL, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions.
3d3cf9f1ce53c58fc5149cebc50ea0bfd8d0632a12fc1b3fc0f84398d5f6ee8d
Secunia Security Advisory - A vulnerability has been reported in the Aberdeen theme for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
9cc0a736934b57b768c8712f86375deb20575e93fcb9e56e1e7ffc61c153bc67
Secunia Security Advisory - Multiple vulnerabilities have been discovered in PHP-addressbook, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
91bfd94f3e2e132a1e9b644e54fcc5c69d2d33e2d6d49da9b2cca1e6d483c8ab
Secunia Security Advisory - SUSE has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
054fba010f9568c3f00517478292a89add8869b2560e23380d4f2fa8b87038ef