w00t!? world!?

The moderator edit account functionality in Vanilla version 2.0.18.4 suffers from a cross site scripting vulnerability.

Vanilla version 2.0.18.4 with Latest Comment plugin version 1.1 suffers from a cross site scripting vulnerability.

Vanilla version 2.0.18.4 with About Me plugin version 1.1.1 suffers from a cross site scripting vulnerability.

libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS, SECSH-USERAUTH, SECSH-CONNECTION, SECSH-ARCH, SECSH-FILEXFER, SECSH-DHGEX, SECSH-NUMBERS, and SECSH-PUBLICKEY.

This Metasploit module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. The connector fails to properly handle specially crafted HTTP POST requests, resulting a buffer overflow due to the insecure usage of sprintf. Currently, this module works over Windows systems without DEP, and has been tested [...]

This Metasploit module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted svg file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: (1) It must support at least [...]

OpenOffice.org includes the customized libwpd version 0.8.8 library for parsing WordPerfect documents. The used version of the libwpd library suffers from a memory overwrite vulnerability when reading a specially crafted WPD file. Successful exploitation of this vulnerability could result in an arbitrary code execution within the OpenOffice.org software suite.

The Hackers 2 Hackers Conference (H2HC) 9th edition call for papers has been announced. It is being held in Sao Paulo, Brazil from October 18th through the 23rd, 2012.

HP Security Bulletin HPSBOV02780 SSRT100766 – A potential security vulnerability has been identified with OpenVMS ACMELOGIN when SYS$ACM system service for authentication is enabled. The vulnerability could be locally exploited to allow unauthorized access and increased privileges. Revision 1 of this advisory.

HP Security Bulletin HPSBUX02782 SSRT100844 – A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

Mandriva Linux Security Advisory 2012-078 – Multiple vulnerabilities has been found and corrected in imagemagick. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to [...]

HULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server’s direct resource pool.

This python script looks for a large amount of possible administrative interfaces on a given site.

Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may [...]

This is a whitepaper that gives a complete cross site scripting walkthrough.

PHP version 5.4.3 code execution exploit for Win32.

HP VSA remote command execution exploit.

SkinCrafter active-x control version 3.0 suffers from a buffer overflow vulnerability.

Debian Linux Security Advisory 2475-1 – It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash.)

Ubuntu Security Notice 1445-1 – A flaw was found in the Linux’s kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel’s KVM (Kernel Virtual Machine) virtual cpu setup. [...]

Ubuntu Security Notice 1445-1 – A flaw was found in the Linux’s kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel’s KVM (Kernel Virtual Machine) virtual cpu setup. [...]

Ubuntu Security Notice 1444-1 – It was discovered that BackupPC did not properly sanitize its input when processing RestoreFile error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could [...]

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Cryptographp suffers from local file inclusion and HTTP response splitting vulnerabilities.

WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status [...]

Division 6 IT suffers from cross site scripting and remote SQL injection vulnerabilities.

HP Security Bulletin HPSBUX02777 SSRT100854 – Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities may allow remote Denial of Service (DoS), unauthorized modification and disclosure of information. Revision 1 of this advisory.

Mandriva Linux Security Advisory 2012-077 – Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory. A flaw was found in the way ImageMagick processed images with malformed Exchangeable [...]

Ubuntu Security Notice 1443-1 – It was discovered that Update Manager created system state archive files with incorrect permissions when upgrading releases. A local user could possibly use this to read repository credentials. Felix Geyer discovered that the Update Manager Apport hook incorrectly uploaded certain system state archive files to [...]

Debian Linux Security Advisory 2474-1 – Benencia discovered that ikiwiki, a wiki compiler, does not properly escape the author (and its URL) of certain metadata, such as comments. This might be used to conduct cross-site scripting attacks.

Artiphp CMS version 5.5.0 suffers from a database backup disclosure vulnerability.

Artiphp CMS version 5.5.0 suffers from multiple POST cross site scripting vulnerabilities.

A review of the code in filter/source/msfilter msdffimp.cxx in OpenOffice.org versions 3.3 and 3.4 Beta revealed some unchecked memory allocations, which could be exploited via malformed Powerpoint graphics records (“escher”) to cause bad_alloc exceptions. From this vulnerability a denial of service attack is possible.

Drupal Zen third party module version 6.x suffers from a cross site scripting vulnerability.

SiliSoftware backupDB() version 1.2.7a suffers from a cross site scripting vulnerability.

OpenOffice.org versions 3.3 and 3.4 Beta suffer from a memory overwrite vulnerability.

Debian Linux Security Advisory 2473-1 – Tielei Wang discovered that OpenOffice.org does not allocate a large enough memory region when processing a specially crafted JPEG object, leading to a heap-based buffer overflow and potentially arbitrary code execution.

SiliSoftware phpThumb() version 1.7.11 suffers from a cross site scripting vulnerability.

FlashPeak SlimBrowser version 6.0.1.38 suffers from a denial of service vulnerability.

Drupal Aberdeen third party module version 6.x suffers from a cross site scripting vulnerability.

Drupal Hostmaster third party module version 6.x suffers from access bypass and cross site scripting vulnerabilities.

Drupal Post Affiliate Pro third party module version 6.x suffers from access bypass and cross site scripting vulnerabilities.

A vulnerability is caused due to an integer overflow error in the vclmi.dll module when allocating memory for an embedded image object. This can be exploited to cause a heap-based buffer overflow via, for example using a specially crafted JPEG object within a DOC file. OpenOffice.org 3.3.0 and 3.4 beta [...]

PRE-CERT Security Advisory – The Linux kernel contains a vulnerability in the driver for HFS plus file systems that may be exploited for code execution or privilege escalation. A specially-crafted HFS plus filesystem can cause a buffer overflow via the memcpy() call of hfs_bnode_read() (in fs/hfsplus/bnode.c).

The SEC-T 2012 Call For Papers has been announced. It will be held from September 13th through the 14th in Stockholm, Sweden.

Apple Security Advisory 2012-05-15-1 – QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime’s handling of TeXML files. A heap overflow existed in QuickTime’s handling of text tracks. A heap buffer overflow existed in the handling of H.264 encoded movie files. An uninitialized [...]

Unijimpe Captcha suffers from a cross site scripting vulnerability.

Drupal Smart Breadcrumb third party module version 6.x suffers from a cross site scripting vulnerability.

Drupal Advertisement third party module version 6.x suffers from cross site scripting and information disclosure vulnerabilities.

Drupal Ubercart Product Keys third party module version 6.x suffers from an access bypass vulnerability.

Debian Linux Security Advisory 2472-1 – Dave Love discovered that users who are allowed to submit jobs to a Grid Engine installation can escalate their privileges to root because the environment is not properly sanitized before creating processes.

Ubuntu Security Notice 1442-1 – It was discovered that sudo incorrectly handled network masks when using Host and Host_List. A local user who is listed in sudoers may be allowed to run commands on unintended hosts when IPv4 network masks are used to grant access. A local attacker could exploit [...]

Gentoo Linux Security Advisory 201205-2 – Multiple vulnerabilities have been found in ConnMan, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.0-r1 are affected.

Axous version 1.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

Apple Quicktime does not properly parse .pct media files, which causes a corruption in module DllMain by opening a malformed file with an invalid value located in PoC repro01.pct at offset 0x20E. Quicktime Player version 7.7.1 (1680.42) on Windows XP SP 3 – PT_BR is confirmed affected. Other versions may [...]

Liferay version 6.1 is vulnerable to JSON-related cross site request forgery attacks. Proof of concept code is included.

Mandriva Linux Security Advisory 2012-076 – Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial [...]

Apple Security Advisory 2012-05-14-2 – This update disables Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory. This update presents the option to install an updated version of Flash Player from the Adobe website.

Some SVG specifications, like SVG 1.1 and SVG tiny 1.2, allow Java code execution when the file is opened. Proof of concept code included.

Liferay version 6.1 suffers from a vulnerability where it is possible to retrieve the names and email addresses of all users. Proof of concept code included.

Apple Security Advisory 2012-05-14-1 – This update runs a malware removal tool that will remove the most common variants of the Flashback malware. If the Flashback malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is [...]

Mandriva Linux Security Advisory 2012-075 – Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial [...]

Liferay versions 5.x and 6.x suffer from multiple cross site scripting vulnerabilities.

TunInfo suffers from a remote SQL injection vulnerability.

Liferay version 6.1 suffers from a circumvention issue when restricting access to ip blocks. Proof of concept exploit included.