Mandriva Linux Security Advisory 2012-013 - Security issues were identified and fixed in mozilla firefox and thunderbird. Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. Various other issues were also addressed.
8440ddc6266c7f42154730c51559597bUbuntu Security Notice 1355-1 - It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
21014e7685b2de0234ac75fd2b4a5509Ubuntu Security Notice 1355-2 - USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
8791de077f5bd63d5d9c170bf7739905Ubuntu Security Notice 1355-3 - USN-1355-1 fixed vulnerabilities in Firefox. This update provides updated ubufox and webfav packages for use with the latest Firefox. It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
89b0a01e7c3a96dcdd52016aac1b682dConduit Wibiya Login Toolbar suffers from a cross site scripting vulnerability.
829118b7d499d7679e3e051f6a58a91bConduit Wibiya Password Recovery Toolbar suffers from a cross site scripting vulnerability.
08fb2a09c22520dcd558560108ec7578Conduit Image Search Engine suffers from a cross site scripting vulnerability.
771f2feeb18384483f1f7bed70e69293EMC Documentum xPlore contains an information disclosure vulnerability that may allow unauthorized users, under certain circumstances, to see certain information on protected objects in an xPlore search result. They will not, however, be allowed to view the objects themselves, or any associated content. Versions 1.0, 1.1 and 1.2 are affected.
47766ee4538f434cc83fdd7864e8341fSimkom suffers from a cross site scripting vulnerability.
47a7d97ba8b92d125ba12845dbd500b4Douglass Media suffers from a remote SQL injection vulnerability.
43ce577af5ef8e3acfeaffcf663025b6Anfibia suffers from a remote command execution vulnerability.
8ee734f210e0fc429ebfe6f8e39e2a73Raw CMS suffers from a cross site scripting vulnerability.
f6950e8a6b392a2a6748831b7a518a66PHP-Fusion version 7.02.04 suffers from a remote SQL injection vulnerability in weblinks.php.
c7b7077619c230bbd6d7ca48f9c40db8This is a simple little port scanning script written in python.
b8fc2783fbb4849e4ceac338b595bcb3This document specifies an algorithm for the generation of TCP Initial Sequence Numbers (ISNs), such that the chances of an off-path attacker guessing the sequence numbers in use by a target connection are reduced. This document revises (and formally obsoletes) RFC 1948, and takes the ISN generation algorithm originally proposed in that document to Standards Track, formally updating RFC 793.
4bd9d141dba29f999534d68fbcf120f5Torrent-Stats suffers from a denial of service vulnerability in httpd.c.
93cb8010ef7a0d4b878fb544b07e1f0fPHP 5.4SVN-2012-02-03 htmlspecialchars/entities buffer overflow proof of concept exploit.
0ec258ee89e3cba85e56bae3a3aa7458BSides Detroit 12 has announced its Call For Presenters. It will take place June 1st through the 2nd in Detroit, Michigan.
29b6fbd2de729bd2ac17fede3c0a54d2HP Security Bulletin HPSBGN02740 SSRT100741 - A potential security vulnerability has been identified with HP Operations Manager, Operations Agent, Performance Agent, Service Health Reporter, Service Health Optimizer, and Performance Manager. The vulnerability can be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
1ee59b68380765139a6c58c7999ac86aVarious NASA subdomains suffer from shell upload and remote SQL injection vulnerabilities.
7502584f2b686b00d2b9d51841b62a1aDebian Linux Security Advisory 2403-1 - Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.
c4d8e3fd768c60e10ba1bfdc3db5bf69dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts.
e8fe9b4cd524c1549a109ff5e66d828aThe NetSarang Xlpd printer daemon version 4 suffers from a remote denial of service vulnerability. Proof of concept exploit included.
1f73370101126577cb2918b7b219cb82Achievo version 1.4.3 suffers from cross site scripting and remote SQL injection vulnerabilities.
d67bdb28b04d0c4b2ddc8702d445635aFoswiki suffers from a cross site scripting vulnerability.
0017fdc6742e13d301b74a7867e5d187