conntrack-tools is a set of userspace tools for Linux that allow system administrators to interact with the Connection Tracking System, the module which provides stateful packet inspection for iptables. It includes the userspace daemon conntrackd and the commandline interface conntrack.

iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.

Call For Papers for the 8th edition of the Ekoparty Security Conference being held from September 17th through the 21st, 2012, in Latin America.

b2ePMS version 1.0 suffers from multiple remote SQL injection vulnerabilities.

WhyWeb suffers from a remote SQL injection vulnerability.

Santilga CMS version 1.2.6.3 suffers from cross site request forgery and remote SQL injection vulnerabilities.

AzDGDatingMedium version 1.9.3 suffers from cross site request forgery, cross site scripting, php code execution, remote SQL injection, and directory traversal vulnerabilities.

iOS versions 5.1.1 and below Safari Browser JS match(), search() crash proof of concept exploit.

Hyperion is a runtime encrypter for 32-bit portable executables. It is a reference implementation and bases on the paper "Hyperion: Implementation of a PE-Crypter".

PHP List version 2.10.9 suffers from a remote PHP code injection vulnerability.

Small CMS suffers from a remote PHP code injection vulnerability.

Symantec Web Gateway version 5.0.2 remote local file inclusion root exploit.

Ubuntu Security Notice 1454-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service.

Gekko CMS appears to suffer from a file disclosure vulnerability.

This Metasploit module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution.

This Metasploit module exploits a vulnerability found in RabidHamster R4's web server. By supplying a malformed HTTP request, it is possible to trigger a stack-based buffer overflow when generating a log, which may result in arbitrary code execution under the context of the user.

The GreHack 2012 Call For Papers has been announced. It will be held in Grenoble, France on October 19th, 2012.

ResEdit version 1.5.11-win32 suffers from a buffer overflow. Proof of concept denial of service exploits included.

Kolkata is a tool for IDS evading web application fingerprinting. It is written in perl and uses LibWhisker.

This Metasploit module exploits a vulnerability found in Dorn Content Management Script (CMS), version 1.4. By abusing the add_page.php file, the attacker can upload/add a new file (.php) to the /cms/pages/ directory without any authentication, which results in arbitrary code execution.

The Hacktivity 2012 Call For Papers has been announced. It will be held from October 12th through the 13th, 2012 in Budapest, Hungary.

LogAnalyzer version 3.4.2 suffers from cross site scripting, arbitrary file reading, and remote SQL injection vulnerabilities.

Pligg CMS version 1.2.1 suffers from cross site scripting and local file inclusion vulnerabilities.

pragmaMx version 1.12.1 suffers from a cross site scripting vulnerability.