QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
c36de57d7ab3a90b142b711a19dbf122b53028a8143ef709d1ee0e406b116ca4
This Metasploit module creates and enables a custom UDF (user defined function) on the target host via the SELECT ... into DUMPFILE method of binary injection. On default Microsoft Windows installations of MySQL (=< 5.5.9), directory write permissions not enforced, and the MySQL service runs as LocalSystem. NOTE: This Metasploit module will leave a payload executable on the target system when the attack is finished, as well as the UDF DLL, and will define or redefine sys_eval() and sys_exec() functions.
f8fac6ece5e7759e092fdf7d42b1c758a65c1c18f72811b790103380f29a9be0
Whitepaper called Getting SSL Traffic. It describes how to perform a man-in-the-middle attack and leverage sslstrip. Written in Portuguese.
8c84e1ca798e5e3db786476ed7a45c2bd1a0e97f4f09d5df0f706e8bd1f1d9ce
QuickTime Player version 7.5.x stack buffer overflow exploit that creates a malicious .m3u file that triggers a connect-back shell.
a319d5068af721afd1fb462b59d9d5ac1adec2459ec05c78c49ed9b30ffa5286
RecordPress version 0.3.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
07d21cd6f4aadd66cdb8b39a664e0699b3cc4d2ac5d83e1944f2c9250ce842da
Maian Weblog versions 4.0 and below remote blind SQL injection exploit.
73ba1a574a86ea1ad9e8cbff7e75e94df2524208fd8ea29df94e9f2fc5b16c1f
Esselbach Storyteller CMS System version 1.8 suffers from a remote SQL injection vulnerability.
25f07884831ce46c44f8186238527772b5c791667bb3293bdce77635437f46fd
Ruubik CMS version 1.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
56dae94481d4111d9cf931f14c6f8bc87db754b196fb31c32526d51c70eb6fb7
The International Conference on Information Society (i-Society 2011) Call For Papers has been announced. It will take place from June 27th through the 29th, 2011 in London, UK.
6f7e10bc14a2ba2882f2f34fd17c66a433aae2e2255d792fbd49770983703956
Ubuntu Security Notice 1086-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. Dan Rosenberg discovered that the RDS protocol did not correctly check ioctl arguments. A local attacker could exploit this to crash the system, leading to a denial of service.
8b47c6ebe7f6860e5fb3da4897e68af88a18eccd3e4d5e77146dc58143df0d3c
Technical Cyber Security Alert 2011-67A - There are multiple vulnerabilities in Microsoft Windows and Microsoft Office. Microsoft has released updates to address these vulnerabilities.
11c1493ff37858051007b321d175ba29fc6552e9f2113df3f5407b15c52b3c87
Debian Linux Security Advisory 2185-1 - It was discovered that an integer overflow in the SFTP file transfer module of the ProFTPD daemon could lead to denial of service.
8c0a9460615a79f2a39af6deb02e7ddb72b3c39bf9a721e9f487b650ee90953a
Secunia Security Advisory - A vulnerability has been reported in Citrix XenApp and XenDesktop, which can be exploited by malicious people to compromise a vulnerable system.
879ce1c700cf75b514a88f1dcd447410d0e8d6468069cded2d6fe66453f238a0
Secunia Security Advisory - SUSE has issued an update for java-1_6_0-sun. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
c391eb0acd04ce29d19d0dad841582bc55b9158f919b5305132fb757ba672671
Secunia Security Advisory - Multiple vulnerabilities have been reported in Joomla!, which can be exploited by malicious users to bypass certain security restrictions and cause a DoS (Denial of Service) and by malicious people to disclose sensitive information, conduct cross-site scripting and request forgery, and SQL injection attacks.
31bb1a170f668e815d8c2cf9b0b9126498221eb115336f6584e0d091311e6496
Secunia Security Advisory - Dennis P. Nikolaenko has discovered a security issue in TeamViewer, which can be exploited by malicious, local users to gain escalated privileges.
b7c8e3d8475ef1dd49e82d5874d182d98d0a17119a5c37799d8bb0cbca238013
Secunia Security Advisory - Avaya has acknowledged multiple vulnerabilities in Avaya Call Management System, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges and by malicious people to disclose system information, cause a DoS (Denial of Service), and compromise a vulnerable system.
05351d6cd2b20a51b0daa077614178ede49dc0a671713b4074fbb873cd92d9f3
Secunia Security Advisory - Ubuntu has issued an update for linux-ec2. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information and to cause a DoS (Denial of Service).
b62a3fac1976da589026dc9066b559ad8aceea7729056a3046d9070af65c316c
Secunia Security Advisory - Red hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
5eb4949aa502c46bd10d8078dcf4f27eda89dbc34a5443ed9adc7122f3b02a44
Secunia Security Advisory - Multiple vulnerabilities have been reported in Google Chorme, where some have an unknown impact while others can be exploited by malicious people bypass certain security restrictions, disclose system information, and compromise a user's system.
3f18a914187e51e4d9057a3b03d902ec4fc93c575948a68d98a96e2e85cc9664
Secunia Security Advisory - SUSE has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks and compromise a user's system.
60a35c3bdb99136ba8c872e31837e36847ab1abbbf91055ff7db4c090edef04e
Secunia Security Advisory - Oracle has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
c210e14b69292cc6a86577b4a3302e8773436bf38a7a1f18c73bbf41699ebb63
Secunia Security Advisory - AutoSec Tools has discovered a vulnerability in Automne, which can be exploited by malicious people to compromise a vulnerable system.
56396f95515ed1e84197e9a2ed43df03a9c3a8a89b65e0fd807d539983519761
Secunia Security Advisory - A vulnerability has been reported in VMware ESX Server and ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service).
dbf10891e5fc436e17b19986488eac3dc53f4645c56027558f984ed6ed841741
Secunia Security Advisory - Red Hat has issued an update for logwatch. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
a4b8e02a33fe64b8279c73fc77cc11ceb31cc9d245e25e5b3b5ea5227168a972