Mandriva Linux Security Advisory 2012-023 - A vulnerability has been found and corrected in libvpx. VP8 Codec SDK before 1.0.0 Duclair allows remote attackers to cause a denial of service unspecified corrupt input or by starting decoding from a P-frame, which triggers an out-of-bounds read, related to the clamping of motion vectors in SPLITMV blocks. The updated packages have been patched to correct this issue. This is a symbolic advisory correction because there was a clash with MDVSA-2012:023 that addressed libxml2.
5760ddad7ab7f5d50d45e9d6d2b01846dcf94ede1f8a9d2ef97fe65d6bc27c3f
Mandriva Linux Security Advisory 2012-022 - Security issues were identified and fixed in mozilla firefox and thunderbird. An integer overflow in the libpng library can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable. The mozilla firefox and thunderbird packages have been upgraded to the latest respective versions which is not affected by this security flaw. Additionally the rootcerts packages has been upgraded to the latest version as of 2012/02/18 and the NSS library has been rebuilt accordingly to pickup the changes. This is a symbolic advisory correction because there was a clash with MDVSA-2012:022 that addressed libpng.
6c745d9d52173219392680d02b0a80f2ccd95e95f7941c4746e37f33fda62ceb
Mandriva Linux Security Advisory 2012-025 - Heap-based buffer overflow in process.c in smbd in Samba allows remote attackers to cause a denial of service or possibly execute arbitrary code via a Batched request that triggers infinite recursion. The updated packages have been patched to correct this issue.
af6946ff7346145357d5f9633e3b4cabee3c482c6018138fa764fa1f07c698c8
Mandriva Linux Security Advisory 2012-024 - Ruby before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service via crafted input to an application that maintains a hash table. The updated packages have been patched to correct this issue.
44b5393632217703390da470f7fefc75b8bdaafb0b6e2a9d36de950d30ad3bcd
darkb0t is an IRC bot written in Python that is capable of doing reverse DNS lookups, google dork searching, performing link checking on SQL injection, and more.
fc4219efe6ae1275b002e2675f490152ed141e4cb8ee0e508199e6134eff932d
Ubuntu Security Notice 1377-1 - Drew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site scripting attacks when displaying error pages. A remote attacker could use this flaw to run arbitrary web script. Drew Yao discovered that Ruby's BigDecimal module did not properly allocate memory on 64-bit platforms. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
cec298eba7976ebaa181ffd4c17d9f86fd8b7f0120e64642a7761c57933776cd
Whitepaper called Metasploit: Low Level View. It touches on topics such as code injection and malware detection evasion / Metasploit encoders.
07e3eb3f9a8a6d81bd3f80976de99d9b360b6c9b90ddb4432b6343a6f12cc0c2
ImgPals Photo Host version 1.0 STABLE suffers from a remote administrative account disabling vulnerability.
8c780762899fca7c8bc34cb516d77adf4aed068e1971cb7d7c17d6457fafd235
The REC0N 2012 Call For Papers has been announced. It will take place June 14th through June 16h, 2012 in Montreal, Canada.
d8be753bc58b7479ec005c38ff804b7f008e8d9737d33209f5c4b6326927ca60
Ubuntu Security Notice 1375-1 - The httplib2 Python library earlier than version 0.7.0 did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information in applications that used the httplib2 library.
a63a7a4c0796d2e294993168bb60e26b7a9fa704397e1fe1bdc13730e913f609
Gentoo Linux Security Advisory 201202-7 - Multiple vulnerabilities were found in libvirt, the worst of which might allow guest OS users to read arbitrary files on the host OS. Versions less than 0.9.3-r1 are affected.
174a3477cdb83676abe9282ccb2195b63c18c5ee3d51f67ae0d74c3aeffc9587
Ubuntu Security Notice 1376-1 - Juraj Somorovsky discovered that libxml2 was vulnerable to hash table collisions. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause a denial of service.
073bc618e97ea21ba50aa4f143095cd3ce54bb7398fe488d63f3e1eda1db3105
Debian Linux Security Advisory 2419-1 - Two vulnerabilities were discovered in Puppet, a centralized configuration management tool.
11d35b7f35e7ba4a7e843737818ea54afa99b8b4146c843dba48c5f54f55e6d0
Debian Linux Security Advisory 2418-1 - Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database.
11a657217072f0210bb50b55f2208a3bed8d0b8e9a9900e5683fd14a41024efb
Debian Linux Security Advisory 2414-2 - It was discovered that the last security update for F*X, DSA-2414-1, introduced a regression. Updated packages are now available to address this problem.
163b9eaa211f872e647739bda275ef73dadabe562d1e45464ced23724f4d2944
Microsoft AdCenter Service at advertising.microsoft.com suffers from a cross site scripting vulnerability.
bfc3b732d673df4880817aa7756d4afdd7c03f172b1d0eec1bcb0099bf1d84cb
DeepSec 2012 Call For Papers - "Sector v6" will be held November 27th to the 30th, 2012 in Austria.
bf095e6d0d3623b8f974e12bbcf45836644c033d55b9a4139a9f2ff5cc9d6c0b
Sysax Multi Server versions 5.53 and below SSH username buffer overflow pre-authentication remote code execution exploit with egghunter shellcode that binds a shell to port 4444.
1a9e244ba23211e8a0745f4370e9f10d0e94ad75ca261b64e8e40b6e0606839f
Sysax Multi Server version 5.53 SFTP post authentication SEH exploit with egghunter shellcode that binds a shell to port 4444.
e3ee80f9e583422dca0ef40fef6b1c192c1da12311e53628b885e95e7f419bbe
Socusoft Photo 2 Video version 8.05 suffers from a buffer overflow vulnerability.
ec0e7d80300a84c40d226a2e9521bc1913c77ea22caf5e0a89c1471ddcca54d6
OSQA CMS version 3b suffers from a cross site scripting vulnerability.
8ccd9aaca10f4913b22f49de9b319d8b4ec82f417d7ad5124948fd42f0a4705a
Wolf CMS version 0.7.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
b9e7ab88017430740c0d855ac83d248cf03578f89ecbe93156b18443bc9dec1b
Mozilla Firefox version 4.0.1 Array.reduceRight() integer overflow exploit.
7765d8391885eb46e7e47c01a9ee30c61bc0afc6001023851f365b67c51d6eae
Lorewing Design suffers from a remote SQL injection vulnerability.
d37d692264cf19a734d977818b9ec9b8557419b10765c6da0bead9c994c984df
Kongreg8 version 1.7.3 suffers from multiple cross site scripting vulnerabilities.
abdf8efff96ddecb1a404dedbb3ce6abfd572e08b10ca43308a053c807578f6b