SciTools Understand 2.6 DLL Loading Code Execution
A vulnerability in SciTools Understand version 2.6 is caused due to the application loading libraries (wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking...
View ArticleD-Link ShareCenter Remote Code Execution
This advisory expands on a previously known authentication bypass issue in D-Link ShareCenter products. It documents how the vulnerability can also be leveraged to execute arbitrary commands.
View ArticleZero Day Initiative Advisory 12-021
Zero Day Initiative Advisory 12-021 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this...
View ArticleZero Day Initiative Advisory 12-022
Zero Day Initiative Advisory 12-022 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to...
View ArticleZero Day Initiative Advisory 12-023
Zero Day Initiative Advisory 12-023 - This vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of CA Total Defense Suite UNC Management Web Service....
View ArticleZero Day Initiative Advisory 12-024
Zero Day Initiative Advisory 12-024 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to...
View ArticleZero Day Initiative Advisory 12-025
Zero Day Initiative Advisory 12-025 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this...
View ArticleZero Day Initiative Advisory 12-026
Zero Day Initiative Advisory 12-026 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this...
View ArticleAndroid Webkit XSS / Cross Domain Issues
Android suffers from multiple cross site scripting, cross domain, auto file download and cross protocol vulnerabilities.
View ArticleClubHACK Magazine Issue 25
ClubHACK Magazine Issue 25 - Topics covered include Exploiting Remote Systems Without Being Online, Firewall 101, Introduction To Skipfish, and more.
View ArticleZENphoto 1.4.2 Code Execution / XSS / SQL Injection
ZENphoto version 1.4.2 suffers from PHP code execution, cross site scripting and remote SQL injection vulnerabilities.
View ArticleZero Day Initiative Advisory 12-027
Zero Day Initiative Advisory 12-027 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this...
View ArticleHP Security Bulletin HPSBMU02742 SSRT100740
HP Security Bulletin HPSBMU02742 SSRT100740 - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. The vulnerability could be exploited...
View ArticleZero Day Initiative Advisory 12-028
Zero Day Initiative Advisory 12-028 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit...
View ArticleViper FakeUpdate Script
This is a simple script to spawn dns spoofing, arp spoofing, a fake update page for Windows and a backdoored executable on a webserver to cause the Windows box to connect back. Requires Metasploit.
View Articletrixd00r 0.0.1
trixd00r is an advanced and invisible userland backdoor based on TCP/IP for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic...
View ArticleRed Hat Security Advisory 2012-0103-01
Red Hat Security Advisory 2012-0103-01 - SquirrelMail is a standards-based webmail package written in PHP. A cross-site scripting flaw was found in the way SquirrelMail performed the sanitization of...
View ArticleRed Hat Security Advisory 2012-0105-01
Red Hat Security Advisory 2012-0105-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes...
View ArticleRed Hat Security Advisory 2012-0104-01
Red Hat Security Advisory 2012-0104-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer overflow flaw was found in the way...
View ArticleZero Day Initiative Advisory 12-029
Zero Day Initiative Advisory 12-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit...
View ArticleHaveged 1.4
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on...
View ArticleTORCS 1.3.2 Buffer Overflow
TORCS versions 1.3.2 and below XML buffer overflow /SAFESEH evasion exploit.
View ArticleZero Day Initiative Advisory 12-030
Zero Day Initiative Advisory 12-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit...
View ArticleZero Day Initiative Advisory 12-031
Zero Day Initiative Advisory 12-031 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Server. Authentication is not required to exploit...
View Article