Cisco Security Advisory - The Cisco Content Switching Module (CSM) and Cisco Content Switching Module with SSL (CSM-S) contain a memory leak vulnerability that can result in a denial of service condition. The vulnerability exists when the CSM or CSM-S is configured for layer 7 load balancing. An attacker can trigger this vulnerability when the CSM or CSM-S processes TCP segments with a specific combination of TCP flags while servers behind the CSM/CSM-S are overloaded and/or fail to accept a TCP connection.
5fa5d35bb27aaf66ef397fe7c4c0b772aedd2960f8556b737f52fc21fc7e73db
A nice walk through discussing step by step how to brute force ssh logins using the recent Debian OpenSSL random number generator vulnerability.
d5e101b6e51d5c9da76662efdfedf465531d29f30a270099917a27ea930ffd24
Call For Papers for EC2ND. The fourth annual EC2ND conference will take place on December 11th and 12th 2008 in the Faculty of Engineering and Computing at Dublin City University.
92891128b4a94892dbe88d1e407c7847469df6ec9edfdbaa3a5e8bc889928d09
SQL Injector version 1.0 is a fuzzing utility written in Python.
540c59b543ffe0c33b344577bedcbe77ec179eb7b6441061ffb9c703c0bede59
Cross site scripting fuzzing utility written in Python.
d6635e858fcf89ce62f89cf87e20a31f8c853800d25e2d5039fa428808132e90
Microsoft Internet Explorer is prone to a cross-zone scripting vulnerability in its Print Table of Links feature.
ab3b393d7e4b97e90d8aa5846710e4ffa6f5a62715e2e70336e0b5c2da459d67
The IDAutomation Bar Code ActiveX controller suffers from multiple vulnerabilities.
3e27399d30c89c54ea042cb6281bd2e1b44ed17ddb5ab415501a3c2ed001fab0
The Microsoft Malware Protection Engine is susceptible to two denial of service vulnerabilities.
470195fff2629e9ffcacfa65a5d39dfc77abca29a4a5d14aef9889df5fcc0c1d
Debian Security Advisory 1577-1 - Stephen Gran and Mark Hymers discovered that some scripts run by GForge, a collaborative development tool, open files in write mode in a potentially insecure manner. This may be exploited to overwrite arbitrary files on the local system.
87952a1579c9134c0531f1ef3ee4f8b8489a66de0bb398e54181cd1f5842fec8
Debian Security Advisory 1576-1 - The recently announced vulnerability in Debian's openssl package (DSA-1571-1, CVE-2008-0166) indirectly affects OpenSSH. As a result, all user and host keys generated using broken versions of the openssl package must be considered untrustworthy, even after the openssl update has been applied.
5c110ac623d7c7d1b7fe0bd5c06529c3990e1bbe81f0d1236cca7116030765bc
Gentoo Linux Security Advisory GLSA 200805-16 - Multiple vulnerabilities have been reported in OpenOffice.org, possibly allowing for user-assisted execution of arbitrary code. Versions less than 2.4.0 are affected.
82c6a43132ca6c9ca557f4f425c4fd77217a2daa4bbf5b388fdaff52633460b9
Gentoo Linux Security Advisory GLSA 200805-15 - Kentaro Oda reported an infinite loop in the file field.c when parsing an MP3 file with an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0'. Versions less than 0.15.1b-r2 are affected.
64a2b595747ce408c146d00554729756a998466cc25ba15b79165d5de6074019
Ubuntu Security Notice 612-6 - USN-612-3 addressed a weakness in OpenSSL certificate and keys generation in OpenVPN by adding checks for vulnerable certificates and keys to OpenVPN. A regression was introduced in OpenVPN when using TLS and multi-client/server which caused OpenVPN to not start when using valid SSL certificates. It was also found that openssl-vulnkey from openssl-blacklist would fail when stderr was not available. This caused OpenVPN to fail to start when used with applications such as NetworkManager. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
7e63bbffb37c33ccf090346f058368147f3c37390c6dfde931c397adaa21bff0
Ubuntu Security Notice 612-5 - Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with options (such as "no-port-forwarding" or forced commands) were ignored by the new ssh-vulnkey tool introduced in OpenSSH (see USN-612-2). This could cause some compromised keys not to be listed in ssh-vulnkey's output. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
af17f8852f565befbd145d3612df917d7a2e55e49a8e8e765156d700e9d7e1e5
Ubuntu Security Notice 612-4 - USN-612-1 fixed vulnerabilities in openssl. This update provides the corresponding updates for ssl-cert -- potentially compromised snake-oil SSL certificates will be regenerated. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
4bb586ac471bbf5afdd3db8aca2a10418f0d0bee2f43094e75cb546a03f8f2f6
Rgboard versions 3.0.12 and below suffer from remote file inclusion and cross site scripting vulnerabilities.
6923197f6c8202217cda38b84c15b0d80939555ed4f4f5aa647f6392cedfabad
Horde and Turbo Contact Manager suffers from multiple cross site scripting vulnerabilities.
78f011ceac0502412b96770071ff0ac2a795f651e6bbb6460f7e7230c4d41cfa
Feedback and Rating Script version 1.0 suffers from a SQL injection vulnerability in detail.php.
302e71d9d392c63ee6cfbd222067980dcc1a55b491f5243e1f5f23da3a87e338
Freelance Auction Script version 1.0 suffers from a SQL injection vulnerability in browseproject.php.
ef3eec1d95dd3f82637e4982dab05ee44f41fbda22e356847f8f7b2ed1478609
Internet Photoshow Special Edition suffers from an insecure cooking handling vulnerability that allows for arbitrary administrative access.
2de0791d21a2abb235270bfd9eee8e2580c7816594cab4b507bc2746b409986a
ActiveKB versions 1.5 and below suffer from an insecure cooking handling vulnerability that allows for arbitrary administrative access.
1284ced2285c7080c2d3dddb6402742aa194b87daf445adc23fbf30712dde2d6
AS-GasTracker version 1.0.0 suffers from an insecure cookie handling vulnerability.
7f004804598fc697d19d0a11409034d1a0bf93391941a45edc02dbf67a52ce47
La-Nai CMS versions 1.2.16 and below arbitrary file upload exploit.
af05e3147a57375493b011577e65a815ef336d052c068ed6db7c0b8de19a5963
Whitepaper regarding cross site request forgery attacks. Written in Spanish.
119f58f1340993ec03619137b388528f8d76bf5b4c788ff6000735d1d7345f8a
A memory corruption vulnerability exists in Microsoft Office Publisher when it is parsing a PUB file. An attacker who successfully exploits this vulnerability can execute arbitrary code on the affected system.
1dea31de8469b51947a7547a1b68e247e6bf90f70e87403dcaf46d41bdcac46a