Secunia Security Advisory 50619
Secunia Security Advisory - A vulnerability has been reported in IBM AIX, which can be exploited by malicious people to cause a DoS (Denial of Service).
View ArticleSecunia Security Advisory 50617
Secunia Security Advisory - Multiple vulnerabilities have been discovered in Auxilium PetRatePro, which can be exploited by malicious people to conduct cross-site request and SQL injection attacks and...
View ArticleHacking Android For Fun And Profit
This is a brief whitepaper with examples and information on hacking the Android platform from Google.
View ArticleSecunia Security Advisory 50646
Secunia Security Advisory - A vulnerability has been reported in Liferay Portal, which can be exploited by malicious users to manipulate certain data.
View ArticleSecunia Security Advisory 50650
Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of...
View ArticleNikto Web Scanner 2.1.5
Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers,...
View ArticleNCMedia Sound Editor Pro 7.5.1 Buffer Overflow
NCMedia Sound Editor Pro version 7.5.1 suffers from a MRUList201202.dat file handling buffer overflow vulnerability.
View ArticleUbuntu Security Notice USN-1569-1
Ubuntu Security Notice 1569-1 - It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a...
View ArticleUbuntu Security Notice USN-1570-1
Ubuntu Security Notice 1570-1 - It was discovered that GnuPG used a short ID when downloading keys from a keyserver, even if a long ID was requested. An attacker could possibly use this to return a...
View ArticleDebian Security Advisory 2480-4
Debian Linux Security Advisory 2480-4 - The security updates for request-tracker3.8, DSA-2480-1, DSA-2480-2, and DSA-2480-3, contained minor regressions.
View ArticleDebian Security Advisory 2549-1
Debian Linux Security Advisory 2549-1 - Multiple vulnerabilities have been discovered in devscripts, a set of scripts to make the life of a Debian Package maintainer easier.
View ArticleRed Hat Security Advisory 2012-1283-01
Red Hat Security Advisory 2012-1283-01 - OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. It was found that OpenJPEG failed to sanity-check an image header...
View ArticleRed Hat Security Advisory 2012-1284-01
Red Hat Security Advisory 2012-1284-01 - The spice-gtk packages provide a GIMP Toolkit widget for SPICE clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to...
View ArticleUK CPNI IPv6 Toolkit 1.2.3
This toolkit houses various IPv6 tools that have been tested to compile and run on Debian GNU/Linux 6.0, FreeBSD 9.0, NetBSD 5.1, OpenBSD 5.0, Mac OS 10.8.0, and Ubuntu 11.10.
View ArticleFreeWebshop 2.2.9 Cross Site Scripting / SQL Injection
FreeWebshop version 2.2.9 suffers from cross site scripting and multiple remote SQL injection vulnerabilities.
View ArticleLuxCal 2.7.0 XSS / LFI / Information Disclosure
LuxCal version 2.7.0 suffers from cross site scripting, information disclosure, and local file inclusion vulnerabilities.
View ArticleNCMedia Sound Editor Pro 7.5.1 Buffer Overflow
A local buffer overflow vulnerability has been found on the NCMedia Sound Editor Pro version 7.5.1. The application saves the paths for all recently used files in a file called "MRUList201202.dat" in...
View ArticleNetsweeper WebAdmin Portal CSRF / XSS / SQL Injection
Netsweeper WebAdmin Portal suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Note that most of this data released back in July of 2012 without the...
View ArticleNovell Groupwise 8.0.2 HP3 / 2012 Integer Overflow
Novell Groupwise versions 8.0.2 HP3 and 2012 suffers from an integer overflow vulnerability.
View ArticleNovell GroupWise iCalendar Date/Time Parsing Denial of Service
Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious people to cause a DoS (Denial of Service). However, no checks are performed by a function in...
View ArticleTorrentTrader 2.08 XSS / Directory Traversal / Bypass
TorrentTrader version 2.08 suffers from authorization bypass, cross site scripting, path disclosure, and directory traversal vulnerabilities.
View ArticleIntel SMEP Overview And Partial Bypass On Windows 8
This paper provides an overview of a new hardware security feature introduced by Intel and covers its support on Windows 8. Among the other common features it complicates vulnerability exploitation on...
View ArticleSpiceworks 6.0.00993 Cross Site Scripting
Spiceworks suffers from multiple stored cross site scripting vulnerabilities. The issues are triggered when input passed via several parameters to several scripts is not properly sanitized before being...
View ArticleWebmin /file/show.cgi Remote Command Execution
This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.580. The vulnerability exists in the /file/show.cgi component and allows an authenticated user, with access to...
View ArticleMicrosoft Internet Explorer execCommand Use-After-Free
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer (MSIE). When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner, but the same memory...
View Article