Core Security Technologies Advisory - ManageEngine ADSelfService Plus version 4.4 suffers from authentication bypass, protection mechanism failure, and cross site scripting vulnerabilities.
a4ee9856738a01de33d18e20d426b4e2dfb7b45bc125c6315a92425571b2ae12
Debian Linux Security Advisory 2159-1 - Dan Rosenberg discovered that insufficient input validation in VLC's processing of Matroska/WebM containers could lead to the execution of arbitrary code.
162e194fa0f6d5d2e7b92168845c50bf3221387503cc43cd07a7f40896e1b08a
Apache Continuum versions 1.3.6 and 1.4.0 Beta suffer from a cross site request forgery vulnerability. Earlier unsupported versions are also vulnerable.
ce3bb3132116881504d85a987dcae5a6efc2e7aa84e4ad9fc0ce456ec27175e2
This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a recursive CSS import, a C++ object is deleted and later reused. This leads to arbitrary code execution. This exploit utilizes a combination of heap spraying and the .NET 2.0 'mscorie.dll' module to bypass DEP and ASLR. This Metasploit module does not opt-in to ASLR. As such, this module should be reliable on all Windows versions with .NET 2.0.50727 installed.
b674d10a358ae0670ca3948bd6a75c892483694a88cd9a387e5cafdc4fe93b11
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
92511d1f0caaa298dba250426f8e7d5d00b271847886d1adc62422778d6320db
A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into Continuum project pages. Versions 1.3.6 and 1.4.0 Beta are affected along with unsupported, older revs.
0782a37ae7b67ae32bd44e36f19edd4ac64c7f6b85bc91cd4b7a0687e3f4cf9a
XM Easy Personal FTP Server version 5.8.0 (TYPE) denial of service exploit.
f252610c51569485474cafc969d590e1d3d774aa7c968948832089a2c7b19750
Ubuntu Security Notice 1060-1 - It was discovered that Exim contained a design flaw in the way it processed alternate configuration files. An attacker that obtained privileges of the "Debian-exim" user could use an alternate configuration file to obtain root privileges. It was discovered that Exim incorrectly handled certain return values when handling logging. A local attacker could use this flaw to obtain root privileges. Dan Rosenberg discovered that Exim incorrectly handled writable sticky-bit mail directories. If Exim were configured in this manner, a local user could use this flaw to cause a denial of service or possibly gain privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS. Dan Rosenberg discovered that Exim incorrectly handled MBX locking. If Exim were configured in this manner, a local user could use this flaw to cause a denial of service or possibly gain privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS.
ddedee4f97df5235f57efc58f31271973887b9faebda73310424f883607b7dcc
This Metasploit module exploits a stack-based buffer overflow in the handling of thumbnails within .MIC files and various Office documents. When processing a thumbnail bitmap containing a negative 'biClrUsed' value, a stack-based buffer overflow occurs. This leads to arbitrary code execution. In order to trigger the vulnerable code, the folder containing the document must be viewed using the "Thumbnails" view.
ff0746ba8e2fc6963fae334d5cae3d633461ec95d7ca6d6099761907cf4797c4
This is a proof of concept to demonstrate a logic security flow in the way Drupal CAPTCHA is used to protect login forms from bruteforce. If the CAPTCHA challenge is solved, the next login attempts can be issued without solving any new CAPTCHA challenge.
da7f99e45b5a53895b8bd9dac1825527757ca21c77e749a8c8a3b52db4fe457e
Secunia Security Advisory - A vulnerability has been reported in Model Agentur products, which can be exploited by malicious users to conduct SQL injection attacks.
6ea3075b1394b573bbfc3ac8f8243ffcc0f35565e5d03ec8d2896cf45d4d1246
Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM WebSphere Application Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
df57385760686605a99c4a4c49f5d5370fa0836c6de842e371c64c492d1da75f
Whitepaper called Exploiting ARM Linux systems.
84c7f064a2b4d9c2c536a0187789d97cb543aed8a63d3415d39516d2cd8ed588
Secunia Security Advisory - A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).
fa6bf647b63bc936cf5f4152251443b6337c8a554630a9edfbd23d7ed592f77c
Secunia Security Advisory - Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
dd4143763dedf59fe21c2210f3bbba974bd3ce6663797ca78b83af9ae5216099
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to bypass certain security restrictions.
458ea713ff5d33418797541840db4e75ededd894d8fe448c11815bedd078b5d5
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
590dcde611e994c258e7d8b6f52b562c38c2cfbc256633c8b20a3d303d3926a4
Secunia Security Advisory - Some vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to compromise a user's system.
1562abbb6725c4afaec2bd82d202924c6b13dd81977fa41b390864ec65573daf
Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Data Protector, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.
9755dc398b1b65b6c7ea3336cf4ce3c45e3fe06b3e462fc83e57d4f0969880e5
Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct HTTP response splitting and cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
9ec2dc37fd54ea6761778a79429ed4a3db640d8d7ef927f6d9b9ed830827040e
Mandriva Linux Security Advisory 2011-025 - The MIT krb5 KDC database propagation daemon is vulnerable to a denial-of-service attack triggered by invalid network input. If a kpropd worker process receives invalid input that causes it to exit with an abnormal status, it can cause the termination of the listening process that spawned it, preventing the slave KDC it was running on From receiving database updates from the master KDC. The MIT krb5 Key Distribution Center daemon is vulnerable to denial of service attacks from unauthenticated remote attackers. The updated packages have been patched to correct this issue.
5e22724c4dc283ee4ca3c1336f27444da0ddb0aad7ab32ac287c51831cc7e1b3
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing font structures within Director files. While processing data within the PFR1 chunk, the process trusts a size value and compares a sign-extended counter against it within a copy loop. By providing a sufficiently large value, this flaw can be abused by a remote attacker to execute arbitrary code under the context of the user running the browser.
4d5ada7d22be428a2d78618407bc4f18c600a32d6c297d355b0ddcd166035cde
getTorExitNode is a tool that aims at providing torproxy (from tortunnel) with a valid Tor exit node. It returns one or all valid Tor exit nodes. Written in Python.
93f50f1df03039d204ea6ad979133e72a084758137ef36ef12282b90bfb7cb5b
Debian Linux Security Advisory 2158-1 - Michael Brooks (Sitewatch) discovered a reflective XSS flaw in cgiirc, a web based IRC client, which could lead to the execution of arbitrary javascript.
3e6ad70fa66588b466c834c0807720d6627466a52e57769dd4ae8aab58660bc6
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
6f0f8372777c1f62bd302fce108bb4f73fd33a976b35720e6bf09e7b10b6dfb0