w00t!? world!?

Obeseus is a light-weight, high-speed ip DDOS detector that has been designed to run on an Intel probe running an advanced 10 Gb/s FPGA card. It detects TCP floods, Fragment Floods, raw ICMP/TCP/UDP, reflected (DNS / SMURF) & BOGON misuse. It moreover detects application misuse in HTTP & UDP. View Source

Obeseus is a light-weight, high-speed ip DDOS detector that has been designed to run on an Intel probe running an advanced 10 Gb/s FPGA card. It detects TCP floods, Fragment Floods, raw ICMP/TCP/UDP, reflected (DNS / SMURF) & BOGON misuse. It moreover detects application misuse in HTTP & UDP. View Source

WordPress Flagallery-skins plugin suffers from an SQL Injection vulnerability. Note that this advisory has site-specific information. View Source

WordPress Flagallery-skins plugin suffers from an SQL Injection vulnerability. Note that this advisory has site-specific information. View Source

A usual local privilege escalation vulnerability has been discovered in multiple Infotecs ViPNet products. The affected versions include ViPNet Client version 3.2.10 (15632), ViPNet Coordinator version 3.2.10 (15632), ViPNet SafeDisk version 4.1 (0.5643), & ViPNet Personal Firewall version 3.1. Prior versions of these products are moreover affected. View Source

A usual local privilege escalation vulnerability has been discovered in multiple Infotecs ViPNet products. The affected versions include ViPNet Client version 3.2.10 (15632), ViPNet Coordinator version 3.2.10 (15632), ViPNet SafeDisk version 4.1 (0.5643), & ViPNet Personal Firewall version 3.1. Prior versions of these products are moreover affected. View Source

Slackware Security Advisory – New Linux kernel packages are available for Slackware 13.37 & 14.0 to fix a security issue. View Source

Slackware Security Advisory – New Linux kernel packages are available for Slackware 13.37 & 14.0 to fix a security issue. View Source

Red Hat Security Advisory 2013-0847-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, & old interrupt remapping entries are not cleared, potentially[...]

Red Hat Security Advisory 2013-0847-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, & old interrupt remapping entries are not cleared, potentially[...]

Red Hat Security Advisory 2013-0848-01 – Red Hat Network Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, & remote management of multiple Linux deployments with a single, centralized tool. It was discovered that Red Hat Network Satellite did not fully check the authenticity of a client beyond the initial[...]

Red Hat Security Advisory 2013-0848-01 – Red Hat Network Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, & remote management of multiple Linux deployments with a single, centralized tool. It was discovered that Red Hat Network Satellite did not fully check the authenticity of a client beyond the initial[...]

Ubuntu Security Notice 1832-1 – Emmanuel Bouillon discovered that LibTIFF incorrectly handled certain malformed images when using the tiff2pdf tool. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user[...]

Ubuntu Security Notice 1832-1 – Emmanuel Bouillon discovered that LibTIFF incorrectly handled certain malformed images when using the tiff2pdf tool. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user[...]

Mandriva Linux Security Advisory 2013-166 – The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack. The updated packages have been patched to correct this issue. View Source

Mandriva Linux Security Advisory 2013-166 – The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack. The updated packages have been patched to correct this issue. View Source

View Source

View Source

View Source

View Source

View Source

View Source

Kimai version 0.9.2.1306-3 suffers from a remote SQL injection vulnerability. View Source

Kimai version 0.9.2.1306-3 suffers from a remote SQL injection vulnerability. View Source

Ophcrack version 3.5.0 suffers from stack based buffer overflow vulnerability that leads to local code execution. View Source

Ophcrack version 3.5.0 suffers from stack based buffer overflow vulnerability that leads to local code execution. View Source

Some Linksys Routers are vulnerable to an authenticated OS command injection on their web interface where default credentials are admin/admin or admin/password. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. This Metasploit module has been tested on a Linksys WRT160n[...]

Some Linksys Routers are vulnerable to an authenticated OS command injection on their web interface where default credentials are admin/admin or admin/password. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. This Metasploit module has been tested on a Linksys WRT160n[...]

A local code execution vulnerability is detected in the official PlayStation 3 v4.31 Firmware. The vulnerability allows local attackers to inject & execute code out of vulnerable PlayStation 3 menu main web context. View Source

A local code execution vulnerability is detected in the official PlayStation 3 v4.31 Firmware. The vulnerability allows local attackers to inject & execute code out of vulnerable PlayStation 3 menu main web context. View Source

Trend Micro DirectPass 1.5.0.1060 suffers from local command/path injection, persistent code injection, & a denial of service vulnerability. View Source

Trend Micro DirectPass 1.5.0.1060 suffers from local command/path injection, persistent code injection, & a denial of service vulnerability. View Source

Red Hat Security Advisory 2013-0834-02 – JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, & includes bug fixes & enhancements. View Source

Red Hat Security Advisory 2013-0834-02 – JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, & includes bug fixes & enhancements. View Source

Red Hat Security Advisory 2013-0829-01 – Security fixes: It was found that the kernel-rt update RHBA-2012:0044 introduced an integer conversion issue in the Linux kernel’s Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this[...]

Red Hat Security Advisory 2013-0829-01 – Security fixes: It was found that the kernel-rt update RHBA-2012:0044 introduced an integer conversion issue in the Linux kernel’s Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this[...]

Red Hat Security Advisory 2013-0833-01 – JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, & includes bug fixes & enhancements. View Source

Red Hat Security Advisory 2013-0833-01 – JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, & includes bug fixes & enhancements. View Source

Red Hat Security Advisory 2013-0839-02 – JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, & includes bug fixes & enhancements. View Source

Red Hat Security Advisory 2013-0839-02 – JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, & includes bug fixes & enhancements. View Source

Red Hat Security Advisory 2013-0840-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel’s Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not[...]

Red Hat Security Advisory 2013-0840-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel’s Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not[...]

Red Hat Security Advisory 2013-0841-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel’s Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not[...]

Red Hat Security Advisory 2013-0841-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel’s Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not[...]

View Source

This paper details several issues affecting different game engines. All the vulnerabilities discussed in this paper are 0-days, at time of writing. This paper has been released as a companion paper along with the authors’ talk Exploiting Game Engines For Fun And Profit presented at the NoSuchCon conference. View Source

This paper details several issues affecting different game engines. All the vulnerabilities discussed in this paper are 0-days, at time of writing. This paper has been released as a companion paper along with the authors’ talk Exploiting Game Engines For Fun And Profit presented at the NoSuchCon conference. View Source

WordPress ProPlayer Plugin version 4.7.9.1 suffers from a remote SQL injection vulnerability. Note that this advisory has site-specific information. View Source

WordPress ProPlayer Plugin version 4.7.9.1 suffers from a remote SQL injection vulnerability. Note that this advisory has site-specific information. View Source

Some D-Link Routers are vulnerable to an authenticated OS command injection on their web interface, where default credentials are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. This Metasploit module was tested against a DIR-615 hardware revision[...]

Some D-Link Routers are vulnerable to an authenticated OS command injection on their web interface, where default credentials are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. This Metasploit module was tested against a DIR-615 hardware revision[...]

Moxiecode Image Manager (MCImageManager) versions 3.1.5 & below suffer from a remote shell upload vulnerability. Moxiecode is a commercial plugin for TinyMCE. View Source

Moxiecode Image Manager (MCImageManager) versions 3.1.5 & below suffer from a remote shell upload vulnerability. Moxiecode is a commercial plugin for TinyMCE. View Source

360-FAAR Firewall Analysis Audit & Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate & output firewall commands for new policies, in checkpoint dbedit or screenos commands. View Source

View Source

View Source

View Source

View Source

View Source

View Source

View Source

View Source

codecrypt is a GnuPG-like program for encryption & signing that uses only quantum-computer-resistant algorithms. View Source

codecrypt is a GnuPG-like program for encryption & signing that uses only quantum-computer-resistant algorithms. View Source

View Source

View Source

View Source

View Source

View Source

View Source

View Source

View Source

Local root exploit for Glibc versions 2.11.3 & 2.12.x utilizing LD_AUDIT libmemusage.so. View Source

Local root exploit for Glibc versions 2.11.3 & 2.12.x utilizing LD_AUDIT libmemusage.so. View Source

Moxiecode File Manager (MCFileManager) versions 3.1.5 & below suffer from a remote shell upload vulnerability. Moxiecode is a commercial plugin for TinyMCE. View Source

Moxiecode File Manager (MCFileManager) versions 3.1.5 & below suffer from a remote shell upload vulnerability. Moxiecode is a commercial plugin for TinyMCE. View Source

Apple Security Advisory 2013-05-16-1 – iTunes 11.0.3 is now available & addresses multiple vulnerabilities. In versions prior to 11.0.3, an attacker in a privileged network position may manipulate HTTPS server certificates, leading to the disclosure of sensitive information & a man-in-the-middle attack is possible while browsing the iTunes Store via iTunes & may lead to[...]

Apple Security Advisory 2013-05-16-1 – iTunes 11.0.3 is now available & addresses multiple vulnerabilities. In versions prior to 11.0.3, an attacker in a privileged network position may manipulate HTTPS server certificates, leading to the disclosure of sensitive information & a man-in-the-middle attack is possible while browsing the iTunes Store via iTunes & may lead to[...]

Slackware Security Advisory – New ruby packages are available for Slackware 13.1, 13.37, 14.0, & -current to fix a security issue. Related CVE Numbers: CVE-2013-2065. View Source

Slackware Security Advisory – New ruby packages are available for Slackware 13.1, 13.37, 14.0, & -current to fix a security issue. Related CVE Numbers: CVE-2013-2065. View Source

Slackware Security Advisory – New mozilla-thunderbird packages are available for Slackware64 13.37 & 14.0. These were accidentally omitted from the last upload. View Source

Slackware Security Advisory – New mozilla-thunderbird packages are available for Slackware64 13.37 & 14.0. These were accidentally omitted from the last upload. View Source

Red Hat Security Advisory 2013-0832-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel’s Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not[...]

Red Hat Security Advisory 2013-0832-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel’s Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not[...]

The node secret in various RSA products was stored using an encryption key & encryption algorithm that is no longer considered effective by RSA standards. An attacker could potentially exploit this to eavesdrop on or modify network communications. View Source

The node secret in various RSA products was stored using an encryption key & encryption algorithm that is no longer considered effective by RSA standards. An attacker could potentially exploit this to eavesdrop on or modify network communications. View Source

A vulnerability exists in EMC VNX & EMC Celerra Control Station that could result in elevation of privileges by a lower level administrator with access to the system. View Source

A vulnerability exists in EMC VNX & EMC Celerra Control Station that could result in elevation of privileges by a lower level administrator with access to the system. View Source

Ubuntu Security Notice 1831-1 – Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk. View Source

Ubuntu Security Notice 1831-1 – Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk. View Source

Red Hat Security Advisory 2013-0831-01 – The libvirt library is a C API for managing & interacting with the virtualization capabilities of Linux & other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirtd leaked file descriptors when listing all volumes for a particular pool. A[...]

Red Hat Security Advisory 2013-0831-01 – The libvirt library is a C API for managing & interacting with the virtualization capabilities of Linux & other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirtd leaked file descriptors when listing all volumes for a particular pool. A[...]

Ubuntu Security Notice 1830-1 – Sam Stoelinga discovered that Keystone would not immediately invalidate tokens when deleting users via the v2 API. A deleted user would be able to continue to use resources until the token lifetime expired. View Source

Ubuntu Security Notice 1830-1 – Sam Stoelinga discovered that Keystone would not immediately invalidate tokens when deleting users via the v2 API. A deleted user would be able to continue to use resources until the token lifetime expired. View Source

Red Hat Security Advisory 2013-0830-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel’s Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not[...]

Red Hat Security Advisory 2013-0830-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel’s Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not[...]

View Source

View Source

View Source

View Source