Whitepaper called Forgotten World - Corporate Business Application Systems. This paper will describe some basic and advanced threats and attacks on Enterprise Business Applications – the core of many companies. Both the paper and Blackhat DC presentation are included in this archive.
2e70cc9c883bdf948194b3801a4b9fe5f07f8e73912c291bd5c5b643e993e4a6
Mandriva Linux Security Advisory 2011-029 - Multiple vulnerabilities have been discovered and fixed in the Linux 2.6 kernel. The X.25 implementation does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed data, a different vulnerability than CVE-2010-4164. The bcm_connect function Broadcast Manager in the Controller Area Network implementation in the Linux creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename. The install_special_mapping function in mm/mmap.c does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application. Various other issues have also been addressed.
65f216d797172b0ef5fb798cc0c6bfad2e1a9bea20f92874be16068901dbc644
WSN Guest version 1.24 suffers from a remote SQL injection vulnerability.
3721d9ddd4728ff543339e28099e00ef8a376eab430aa7b4befa266cec6786e8
phpBugTracker version 1.0.5 suffers from multiple reflective cross site scripting vulnerabilities.
e653f2dcaa267e5788cce847b1b903fcb155cef35150ac6fd4a767c3f855861d
Zero Day Initiative Advisory 11-089 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Configuration Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the novell-tftp.exe component which listens by default on UDP port 69. When handling a request the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the ZenWorks user.
55ece0d6e6a2aa1abfba68f1a2fe3d382ac7ce1560c3ee6a79c681db1997c8a0
The Joomla MyGarage component suffers from a remote SQL injection vulnerability.
db13e49205e7dccbbefedb310b7e299a7d184b60e8ed1c887ff83e5308e29f88
MNS Portal suffers from a remote SQL injection vulnerability.
f0a374a20ec02e9682e0666cf254965a7c80e7f015149b6d628cf35c0db0af69
Ubuntu Security Notice 1067-1 - It was discovered that Gabble did not verify the from field of google jingleinfo updates. This could allow a remote attacker to perform man in the middle attacks (MITM) on streamed media.
5768e5cb1d617582d62051f4634eb09b6343083e1a7a2a28e896aa3257fef5cf
Ubuntu Security Notice 1066-1 - It was discovered that Django did not properly validate HTTP requests that contain an X-Requested-With header. An attacker could exploit this vulnerability to perform cross-site request forgery (CSRF) attacks. It was discovered that Django did not properly sanitize its input when performing file uploads, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
36104c4235322ded05ccaa17185d640b3a46aa379d05468d669681ba9cf4de86
FlatNux version 2011-01.26 suffers from denial of service and path disclosure vulnerabilities.
e14e89f9938e55f193a332beec701ac58f0394811148895add76514cf18d7f71
Coppermine version 1.5.12 suffers from a path disclosure vulnerability.
83db463dc2d27d98f18acf8674a0e5391a1376a10dd4144c295a581442bbe405
Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes some weaknesses and a vulnerability, which can be exploited by malicious, local users to disclose certain system information and gain escalated privileges.
7c464e361f1d86b50f054aceb88df4925787a6f3232736638d4d96b344c385ef
Secunia Security Advisory - A vulnerability has been discovered in Oracle Database, which can be exploited by malicious people to compromise a user's system.
01e08754bbdeed339ead01cd46ba36abbd36655574520e2dd14d538d808a42db
Secunia Security Advisory - Fedora has issued an update for openoffice.org. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system.
4a6a37b6e34692f03a76edaa41d6c156d51c36ff095b2de6ff4920e761b01bab
Secunia Security Advisory - Debian has issued an update for ffmpeg-debian. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
b0aecefa969ae412325296ec4987ec13ab45d8e2dcf9490b123d3a5d8dabb053
Secunia Security Advisory - A vulnerability has been reported in Cisco Security Agent, which can be exploited by malicious people to compromise a vulnerable system.
33e2680673f1b2cc0c36a80f0c46917e1f961a05431580fb155e95ffbc1498f7
Secunia Security Advisory - Red Hat has issued an update for sendmail. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
7fb753199cf85ae534b13626962a0f90d4eb9f6bf7ad9b82d204fa9f9b5ed699
Secunia Security Advisory - Red Hat has issued an update for bash. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
3b11091449426d106a859dd40b2c11b92b586bf5f63d1ca11ec469c285cddb7b
Secunia Security Advisory - Some vulnerabilities have been reported in Adobe ColdFusion, which can be exploited by malicious people to disclose certain information, conduct cross-site scripting, HTTP header injection, and session fixation attacks.
2ffb345772e0fcd4abe3bbce379138ab0d2e0e7a921f329f9c1d3043dd5de1f9
Secunia Security Advisory - Multiple vulnerabilities have been discovered in Enable Media Replace plugin for WordPress, which can be exploited by malicious users to conduct SQL injection attacks and compromise a vulnerable system.
18ec777a5a1417bee6af6c41cfd1e81e88e802bee45abc3f4828a558856ce991
Secunia Security Advisory - Debian has issued an update for shadow. This fixes a vulnerability, which can be exploited by malicious, local users to manipulate certain data.
342d11db40aff000cb94e79f1f13a554341156d3c2838e38a35d7fd3514f56e6
Secunia Security Advisory - Red Hat has issued an update for ccs. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
a594c72523387b436f6641655f1febb5e4e50d92ebcf257bb981d20e184109c7
Secunia Security Advisory - HP has acknowledged a vulnerability in HP NonStop Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
28aee556213257a195b9c8f8477d2a7043a102d61e9e8498700c0c8e5a1bcd6a
Secunia Security Advisory - A vulnerability has been reported in Telepathy Gabble, which can be exploited by malicious people to conduct hijacking attacks.
713b53d14b152df096419b109d409086b7700bf07c7d89ce2503858921ba124c
Secunia Security Advisory - Ubuntu has issued an update for telepathy-gabble. This fixes a vulnerability, which can be exploited by malicious people to conduct hijacking attacks.
0407705b038105c2a7e62ffb5f356c5c0b56cd4a8f27a6afee4cf701b5cbf2a8