Quantcast
Browsing latest articles
Browse All 25 View Live

SciTools Understand 2.6 DLL Loading Code Execution

A vulnerability in SciTools Understand version 2.6 is caused due to the application loading libraries (wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking...

View Article


D-Link ShareCenter Remote Code Execution

This advisory expands on a previously known authentication bypass issue in D-Link ShareCenter products. It documents how the vulnerability can also be leveraged to execute arbitrary commands.

View Article


Zero Day Initiative Advisory 12-021

Zero Day Initiative Advisory 12-021 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this...

View Article

Zero Day Initiative Advisory 12-022

Zero Day Initiative Advisory 12-022 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to...

View Article

Zero Day Initiative Advisory 12-023

Zero Day Initiative Advisory 12-023 - This vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of CA Total Defense Suite UNC Management Web Service....

View Article


Zero Day Initiative Advisory 12-024

Zero Day Initiative Advisory 12-024 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to...

View Article

Zero Day Initiative Advisory 12-025

Zero Day Initiative Advisory 12-025 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this...

View Article

Zero Day Initiative Advisory 12-026

Zero Day Initiative Advisory 12-026 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this...

View Article


Android Webkit XSS / Cross Domain Issues

Android suffers from multiple cross site scripting, cross domain, auto file download and cross protocol vulnerabilities.

View Article


ClubHACK Magazine Issue 25

ClubHACK Magazine Issue 25 - Topics covered include Exploiting Remote Systems Without Being Online, Firewall 101, Introduction To Skipfish, and more.

View Article

ZENphoto 1.4.2 Code Execution / XSS / SQL Injection

ZENphoto version 1.4.2 suffers from PHP code execution, cross site scripting and remote SQL injection vulnerabilities.

View Article

Zero Day Initiative Advisory 12-027

Zero Day Initiative Advisory 12-027 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this...

View Article

HP Security Bulletin HPSBMU02742 SSRT100740

HP Security Bulletin HPSBMU02742 SSRT100740 - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. The vulnerability could be exploited...

View Article


CLiki Cross Site Scripting

CLiki suffers from a cross site scripting vulnerability.

View Article

Zero Day Initiative Advisory 12-028

Zero Day Initiative Advisory 12-028 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit...

View Article


Viper FakeUpdate Script

This is a simple script to spawn dns spoofing, arp spoofing, a fake update page for Windows and a backdoored executable on a webserver to cause the Windows box to connect back. Requires Metasploit.

View Article

trixd00r 0.0.1

trixd00r is an advanced and invisible userland backdoor based on TCP/IP for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic...

View Article


Red Hat Security Advisory 2012-0103-01

Red Hat Security Advisory 2012-0103-01 - SquirrelMail is a standards-based webmail package written in PHP. A cross-site scripting flaw was found in the way SquirrelMail performed the sanitization of...

View Article

Red Hat Security Advisory 2012-0105-01

Red Hat Security Advisory 2012-0105-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes...

View Article

Red Hat Security Advisory 2012-0104-01

Red Hat Security Advisory 2012-0104-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer overflow flaw was found in the way...

View Article

Zero Day Initiative Advisory 12-029

Zero Day Initiative Advisory 12-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit...

View Article


Haveged 1.4

haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on...

View Article


TORCS 1.3.2 Buffer Overflow

TORCS versions 1.3.2 and below XML buffer overflow /SAFESEH evasion exploit.

View Article

Zero Day Initiative Advisory 12-030

Zero Day Initiative Advisory 12-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit...

View Article

Zero Day Initiative Advisory 12-031

Zero Day Initiative Advisory 12-031 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Server. Authentication is not required to exploit...

View Article

Browsing latest articles
Browse All 25 View Live