DirectAdmin 1.483 Cross Site Request Forgery / Cross Site Scripting
DirectAdmin web control panel version 1.483 suffers from cross site request forgery and cross site scripting vulnerabilities.
View ArticleWindows win32k!NtUserSetInformationThread Type Confusion
The Windows Kernel is subject to a kernel-mode type-confusion vulnerability inside win32k!NtUserSetInformationThread due to referencing a user-mode handle via ObReferenceObjectByHandle with a "NULL"...
View ArticleAutoexchanger 5.1.0 Cross Site Request Forgery
Autoexchanger version 5.1.0 suffers from a cross site request forgery vulnerability.
View ArticleQlikview 11.20 SR4 Blind XXE Injection
The Qlikview platform is vulnerable to XML External Entity (XXE) vulnerabilities. More specifically, the platform is susceptible to DTD parameter injections, which are also "blind" as the server feeds...
View ArticleMobius Forensic Toolkit 0.5.22
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined...
View ArticleZed Attack Proxy 2.4.2 Linux Release
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security...
View ArticleBro Network Security Monitor 2.4.1
Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more...
View ArticleZed Attack Proxy 2.4.2 Mac OS X Release
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security...
View ArticleZed Attack Proxy 2.4.2 Windows Installer
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security...
View ArticleLinux/x86 /bin/cat /etc/passwd Shellcode
75 bytes small Linux/x86 execve("/bin/cat", ["/bin/cat", "/etc/passwd"], NULL) shellcode.
View ArticleDebian Security Advisory 3354-1
Debian Linux Security Advisory 3354-1 - Frediano Ziglio of Red Hat discovered a race condition flaw in spice's worker_update_monitors_config() function, leading to a heap-based memory corruption. A...
View ArticleHP Security Bulletin HPSBOV03506 1
HP Security Bulletin HPSBOV03506 1 - A potential security vulnerability has been identified with TCP/IP Services for OpenVMS running BIND. The vulnerability could be remotely exploited to cause a...
View ArticleUbuntu Security Notice USN-2737-1
Ubuntu Security Notice 2737-1 - It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic...
View ArticleUbuntu Security Notice USN-2738-1
Ubuntu Security Notice 2738-1 - It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic...
View ArticleRSA Identity Management And Governance Cross Site Scripting
RSA Identity Management and Governance contains fixes for cross site scripting vulnerabilities that may potentially be exploited by malicious users to compromise the affected system. All versions are...
View ArticleGNU Privacy Guard 2.0.29
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management...
View ArticleEvading All Web-Application Firewalls XSS Filters
This whitepaper documents shortcomings in various popular web application firewalls (WAFS) and how to trigger cross site scripting attacks regardless of the protections in place. Covered are F5 Big IP,...
View Article