Ubuntu Security Notice 1454-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service.
f28320f5538e98298ed28cf4be19ea1c9e1808d3f2e263ff05dd1b27f77c788d
This Metasploit module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution.
80a84c00e66900b12e9cef081970706d89671fdd6de08048a29a545f296cfe05
This Metasploit module exploits a vulnerability found in RabidHamster R4's web server. By supplying a malformed HTTP request, it is possible to trigger a stack-based buffer overflow when generating a log, which may result in arbitrary code execution under the context of the user.
9bd2fe133907afe8dae3b0872be07135e15c6152fbb081eaf7b8fefe328ad0a3
The GreHack 2012 Call For Papers has been announced. It will be held in Grenoble, France on October 19th, 2012.
6e421da4cd6b7010e65487f7a52f69e401e8bb337e0877e8a18abd3df844ccff
ResEdit version 1.5.11-win32 suffers from a buffer overflow. Proof of concept denial of service exploits included.
b262a9976e97dcbc6e64df36a7f4ee9302668979e3d09d6cc91825b139dcfede
Kolkata is a tool for IDS evading web application fingerprinting. It is written in perl and uses LibWhisker.
51799f93b27c4bf9963d9bb0be06a9c97f9292d2a95f88350b3c19c6dc197876
This Metasploit module exploits a vulnerability found in Dorn Content Management Script (CMS), version 1.4. By abusing the add_page.php file, the attacker can upload/add a new file (.php) to the /cms/pages/ directory without any authentication, which results in arbitrary code execution.
d9e8467b701cbfb9bbe903c58d26bef4b2a9541424f51ceb8b51542282f6f250
The Hacktivity 2012 Call For Papers has been announced. It will be held from October 12th through the 13th, 2012 in Budapest, Hungary.
a163595c09a95340653cd554ab451e60125bc5eac1cd39d4800f8efeb1c8b86f
LogAnalyzer version 3.4.2 suffers from cross site scripting, arbitrary file reading, and remote SQL injection vulnerabilities.
20e0cd6da8ae12e950d981ee3947ff25853bdc8fedef7053293f570dfee099d1
Pligg CMS version 1.2.1 suffers from cross site scripting and local file inclusion vulnerabilities.
a7d8c229d604afce14ad7a8fb8d44e7b7cc72c937a69259550169bc098531f63
pragmaMx version 1.12.1 suffers from a cross site scripting vulnerability.
cff5f8ae37aa417115fc3dcd726341dfa6ed0e74700583b162c5da31739d0fdb
Ubuntu Security Notice 1453-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
0ce91b7b629cfee8a757c0aaf95f5ab728dc7c0c8392a5ba774db361dc1f15e3
Ubuntu Security Notice 1452-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
1743e5e0d5cc2c51eea82b08fd5a2379a2483478b76cb54de2e7c2aec5d7e59f
Ubuntu Security Notice 1451-1 - Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). It was discovered that an integer underflow was possible when using TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.
c2d728621ad0692803f2775f1741405360b7d473c41ea474fa8427075d3d957a
DynPage version 1.0 suffers from cross site request forgery and shell upload vulnerabilities.
37621a0070cbaef6aa5d4f64bb886aef4c1af19162680673b6c79897100c5b03
Secunia Security Advisory - Astaro has issued an update for IPsec. This fixes a vulnerability with an unknown impact.
c2d0a69e4b51e595af1b3bad527d9683450cdb2471261fe7ab64b6f3a1b844d8
Secunia Security Advisory - A weakness has been reported in PyCrypto, which can be exploited by malicious people to conduct brute force attacks.
5f2d792f0678900743f9df4aa9e9530a0e4003f8e23b1989f7e10265d0d39e33
Secunia Security Advisory - A vulnerability has been reported in dotCMS, which can be exploited by malicious users to compromise a vulnerable system.
25eae5750d2834fb8e3079d5d6af05076a0ec2412dd6392f27ce72e2dd790185
Secunia Security Advisory - Tiago Natel de Moura has discovered multiple vulnerabilities in SocialEngine, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and request forgery attacks.
e124c0d562158eaaac866756fd5c64449c84ace9ff0384849a08d12c68d65cdc
Secunia Security Advisory - Multiple vulnerabilities have been reported in the Search API module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
44ce1f3c1fe56a9a2c5cbae8339e227a89bd710bc0e79daeb8adf7af74ff21fa
Secunia Security Advisory - A vulnerability has been reported in Apache Commons Compress, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.
e1758af41f3ed887f3c0c4afbd3927d225129ce4148fbbb73309128a76056389
Secunia Security Advisory - Apache has acknowledged a vulnerability in Ant, which can be exploited by malicious people to cause a DoS (Denial of Service).
aec6213039755eb3445fa4ddca1d4af1ee1154545ed2970322958184ea5ba2f8
Secunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to compromise a user's system.
2d6a808c3d9d5cd84a8a28db0274894cf44f7279351616685fd52fea7c935283
Secunia Security Advisory - SUSE has issued an update for cobbler. This fixes two vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site request forgery attacks.
9b2b777076f0077659ec329d9c211e8f33c419c5815f5bc8b059ee6bee3fb43c