vulnerability headlines
- Vuln: Pligg CMS 'status' Parameter SQL Injection Vulnerability
- Vuln: Mozilla Firefox/Thunderbird/SeaMonkey SVG Parsing Remote Code Execution Vulnerability
- VU#732115: Project Open cross-site scripting vulnerability
- WordPress uCan Post plugin Multiple HTML Injection Vulnerabilities
- Opera Web Browser Information Disclosure and Security Bypass Vulnerabilities
- IBM Lotus Symphony Image Object Integer Overflow
- OpenSSL DTLS Remote Denial of Service
- Vuln: Joomla! Multiple Information Disclosure Vulnerabilities
- Vuln: QEMU KVM CVE-2012-0029 Local Privilege Escalation Vulnerability
- IBM WebSphere Application Server SibRaRecoverableSiXaResource Information Disclosure
- SAP NetWeaver Multiple Remote Vulnerabilities
- KingSCADA Credential Information Disclosure
- JBoss "mod_cluster" Security Bypass
- VU#410281: Apple Mac OS X CoreText embedded font vulnerability
- VU#403593: Apple Mac OS X ATS data-font memory corruption vulnerability
- Cisco IP Video Phone E20 Default Root Credentials Authentication Bypass
- SolarWinds Storage Manager Server SQL Injection
- VU#763355: 802.1X password exploit on many HTC Android devices
- MS11-100 - Critical : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) - Version: 1.3
- MS11-098 - Important : Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171) - Version: 1.1
- VU#470151: Linux Kernel local privilege escalation via SUID /proc/pid/mem write
- MS12-004 - Critical : Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391) - Version: 1.2
- MS11-049 - Important : Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893) - Version: 2.3
- MS11-025 - Important : Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212) - Version: 4.2
- VU#738961: Oracle Outside In contains an exploitable vulnerability in Lotus 123 v4 parser
- MS12-006 - Important : Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584) - Version: 1.1
- MS12-007 - Important : Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664) - Version: 2.1
- VU#659515: Wibu-Systems CodeMeter remote denial of service vulnerability
- MS12-005 - Important : Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146) - Version: 1.0
- MS12-003 - Important : Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524) - Version: 1.0
- MS12-002 - Important : Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381) - Version: 1.0
- MS12-001 - Important : Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615) - Version: 1.0
- MS11-099 - Important : Cumulative Security Update for Internet Explorer (2618444) - Version: 1.2
- VU#903934: Hash table implementations vulnerable to algorithmic complexity attacks
- VU#723755: WiFi Protected Setup (WPS) PIN brute force vulnerability
- MS11-096 - Important : Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241) - Version: 1.1
- MS11-094 - Important : Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142) - Version: 1.1
- VU#209659: Unbound multiple denial-of-service vulnerabilities
- MS11-089 - Important : Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602) - Version: 1.1
- MS11-088 - Important : Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016) - Version: 1.1
- VU#361441: Microsoft Office Publisher contains multiple exploitable vulnerabilities
- MS11-097 - Important : Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712) - Version: 1.0
- MS11-095 - Important : Vulnerability in Active Directory Could Allow Remote Code Execution (2640045) - Version: 1.0
- MS11-093 - Important : Vulnerability in OLE Could Allow Remote Code Execution (2624667) - Version: 1.0
- MS11-092 - Critical : Vulnerability in Windows Media Could Allow Remote Code Execution (2648048) - Version: 1.0
- MS11-091 - Important : Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702) - Version: 1.0
- MS11-090 - Critical : Cumulative Security Update of ActiveX Kill Bits (2618451) - Version: 1.1
- MS11-087 - Critical : Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417) - Version: 1.0
- VU#158003: Power2Go buffer overflow vulnerability
- VU#759307: Adobe Acrobat and Reader U3D memory corruption vulnerability
- VU#717921: Hewlett-Packard printers and scanner devices allow remote firmware updates
- VU#887409: JasPer memory corruption vulnerabilities
- VU#796883: HomeSeer HS2 web interface multiple vulnerabilities
- VU#713012: CA Siteminder login.fcc form xss vulnerability
- VU#576355: Support Incident Tracker multiple vulnerabilities
- MS11-028 - Critical : Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015) - Version: 2.4
- VU#606539: ISC BIND 9 resolver denial of service vulnerability
- VU#584363: Zenprise Device Manager CSRF vulnerability
- MS11-037 - Important : Vulnerability in MHTML Could Allow Information Disclosure (2544893) - Version: 2.1
- VU#951982: Microsoft Windows UDP packet parsing vulnerability
- VU#675073: Microsoft Windows TrueType font array indexing vulnerability
- VU#448051: eEye Retina audit script could execute untrusted programs as root
- VU#589089: Dell KACE K2000 Appliance database administration account allows arbitrary command execution
- VU#193529: Dell KACE K2000 Appliance contains multiple reflected cross-site scripting vulnerabilities
- VU#702169: Dell KACE K2000 Appliance read-only database account allows account information disclosure
- VU#135606: Dell KACE K2000 Appliance contains backdoor administrator account
- VU#998403: Aviosoft DTV Player buffer overflow vulnerability
- MS11-086 - Important : Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) - Version: 1.0
- MS11-085 - Important : Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704) - Version: 1.0
- MS11-084 - Moderate : Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) - Version: 1.0
- MS11-083 - Critical : Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) - Version: 1.0
- MS11-071 - Important : Vulnerability in Windows Components Could Allow Remote Code Execution (2570947) - Version: 2.0
- VU#316553: Microsoft Windows TrueType font parsing vulnerability
- MS11-081 - Critical : Cumulative Security Update for Internet Explorer (2586448) - Version: 1.2
- VU#819630: NJStar Communicator MiniSmtp packet processing buffer overflow vulnerability
- MS11-078 - Critical : Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930) - Version: 1.2
- MS11-069 - Moderate : Vulnerability in .NET Framework Could Allow Information Disclosure (2567951) - Version: 1.2
- MS11-066 - Important : Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943) - Version: 1.1
- MS11-044 - Critical : Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814) - Version: 1.2
- MS11-039 - Critical : Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842) - Version: 1.1
- MS10-077 - Critical : Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841) - Version: 3.1
- MS10-070 - Important : Vulnerability in ASP.NET Could Allow Information Disclosure (2418042) - Version: 4.2
- MS11-075 - Important : Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699) - Version: 1.2
- MS11-058 - Critical : Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485) - Version: 1.2
- MS11-082 - Important : Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670) - Version: 1.0
- MS11-080 - Important : Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799) - Version: 1.0
- MS11-079 - Important : Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641) - Version: 1.0
- MS11-077 - Important : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053) - Version: 1.0
- MS11-076 - Important : Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926) - Version: 1.0
- MS11-074 - Important : Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858) - Version: 1.3
- MS11-072 - Important : Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505) - Version: 1.1
- MS11-043 - Critical : Vulnerability in SMB Client Could Allow Remote Code Execution (2536276) - Version: 2.1
- MS11-073 - Important : Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634) - Version: 1.0
- MS11-070 - Important : Vulnerability in WINS Could Allow Elevation of Privilege (2571621) - Version: 1.0
- TA12-024A: "Anonymous" DDoS Activity
- TA12-010A: Microsoft Updates for Multiple Vulnerabilities
- TA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
- TA11-350A: Adobe Updates for Multiple Vulnerabilities
- TA11-347A: Microsoft Updates for Multiple Vulnerabilities
- TA11-312A: Microsoft Updates for Multiple Vulnerabilities
exploit archives
- [dos] - Tracker Software pdfSaver ActiveX 3.60 (pdfxctrl.dll) Stack Buffer Overflow (SEH)
- [remote] - MS12-004 midiOutPlayNextPolyEvent Heap Overflow - [CVE: 2012-0003]
- Gitorious Remote Command Execution
- HP Diagnostics Server magentservice.exe Overflow
- MS12-004 midiOutPlayNextPolyEvent Heap Overflow
- Studio Manolibera Listarivisteuk SQL Injection
- IBBY SQL Injection
- Adobe Cross Site Scripting
- Interactive Web Design SQL Injection
- Global Media Service SQL Injection
- [webapps] - vBSEO <= 3.6.0 "proc_deutf()" Remote PHP Code Injection Exploit
- [remote] - HP Diagnostics Server magentservice.exe Overflow - [CVE: 2011-4789]
- vBSEO 3.6.0 proc_deutf() Remote PHP Code Injection
- Peel SHOPPING 2.8 / 2.9 Cross Site Scripting / SQL Injection
- xClick Cart 1.0.1 / 1.0.2 Cross Site Scripting
- Register Plus 3.5.1 Cross Site Scripting / Code Execution
- Sysax Multi Server 5.50 Create Folder Buffer Overflow
- [webapps] - Peel SHOPPING - version 2.8 and version 2.9 xss/sql inject Vulnerability
- [papers] - [Spanish] El fingerprinting dentro de la seguridad web
- [remote] - Sysax Multi Server 5.50 Create Folder Remote Code Exec BoF (MSF Module)
- PHPList 2.10.9 Cross Site Request Forgery / Cross Site Scripting
- VR GPub 4.0 Cross Site Request Forgery
- Etsi.org Cross Site Scripting
- WordPress Slideshow Gallery 2 Cross SIte Scripting
- [webapps] - phplist - version 2.10.9 CSRF/XSS Vulnerability
- [webapps] - VR GPub 4.0 CSRF Vulnerability
- Joomla Products SQL Injection
- Joomla Motor SQL Injection
- vBadvanced CMPS 3.2.2 Local File Inclusion / Remote File Inclusion
- UltraPlayer 2.112 Stack Buffer Overflow
- Microsoft Office 2003 .doc Buffer Overflow
- RSSLounge Cross Site Scripting
- Acolyte CMS 1.5 / 6.3 Cross Site Scripting / SQL Injection
- DClassifieds 0.1 Final Cross Site Request Forgery
- [webapps] - WordPress <= 3.3.1 Multiple Vulnerabilities
- [webapps] - Stoneware WebNetwork6 Multiple Vulnerabilities - [CVE: 2012-0286]
- [papers] - A Backdoor in the Next Generation Active Directory
- [webapps] - DirectAdmin ADD Sub Domain CSRF Exploit
- [webapps] - SpamTitan Application v5.08x - SQL Injection Vulnerability
- [webapps] - Wordpress Kish Guest Posting Plugin 1.0 Arbitrary File Upload
- [local] - Mempodipper - Linux Local Root for >=2.6.39, 32-bit and 64-bit - [CVE: 2012-0056]
- [webapps] - Parsp Shopping CMS [V5] Multiple Vulnerability
- [webapps] - miniCMS v1.0 : v2.0 php inject code
- [webapps] - AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary File Upload
- [webapps] - ARYADAD Multiple Vulnerabilities
- [webapps] - iSupport v1.x CSRF HTML Code Injection to Add Admin
- [webapps] - Nova CMS Directory Traversal
- [webapps] - php ireport v1.0 Remote Html Code injection
- [remote] - Savant Web Server 3.1 Buffer Overflow Exploit (Egghunter)
- [papers] - iPhone Forensics on iOS 5
Full Disclosure - mailing list
- Exploit Pack - Hacking Microsoft Word and Excel
- Re: Vulnerability-lab.com XSS
- Re: Vulnerability-lab.com XSS
- Re: can you answer this?
- Re: Multiple vendor antivirus .kz archive format evasion/bypass vulnerability.
- Advantech/Broadwin HMI/SCADA WebAccess universal network RPC exploit
- Re: can you answer this?
- Re: can you answer this?
- Re: [SECURITY] [DSA 2403-1] php5 security update
- Vulnerability-lab.com XSS
- Re: can you answer this?
- Re: Multiple vendor antivirus .kz archive format evasion/bypass vulnerability.
- [SECURITY] [DSA 2404-1] xen-qemu-dm-4.0 security update
- Re: Tricky Shellcode
- Re: Vulnerability-lab.com XSS
Mirko Iodice
mirko -at- notageek (.dot) it
