SEC-20051107-0.txt
SEC-CONSULT Security Advisory 20051107-0 - toendaCMS allows for theft of CMS usernames and passwords (XML database mode), session theft (XML database mode), directory traversal attacks (XML database...
View ArticleSEC-20051107-1.txt
SEC-CONSULT Security Advisory 20051107-1 - SEC Consult has found that parameters to ActionDefineFunction (ACTIONRECORD 0x9b) in the Macromedia Flash Plugin are not properly sanitized. Loading a...
View ArticleSA-20060413-0.txt
SEC-CONSULT Security Advisory 20060413-0 title: Opera Browser versions less than or equal to 8.52 CSS Attribute Integer Wrap and buffer overflow
View ArticleSEC-20060512-0.txt
SEC-CONSULT Security Advisory 20060512-0 - The Symantec Enterprise Firewall leaks internal IPs of natted machines in response to certain HTTP requests. Version 8.0 is vulnerable.
View Articlephp-exec.txt
POC exploit for the PHP exec, system, popen file descriptor bug that overwrites Apache's log file.
View ArticleSA-20070309-0.txt
SEC-CONSULT Security Advisory 20070309-0 - Starting with version 5, MySQL provides access to the database metadata. When using functions that operate on strings in combination with subselects on...
View ArticleSA-20071031-0.txt
SEC Consult Security Advisory 20071031-0 - The Perdition Mail Retrieval Proxy versions 1.17 and below suffer from a format string vulnerability.
View ArticleSA-20071101-0.txt
SEC Consult Security Advisory 20071101-0 - The SonicWALL SSL-VPN solution comes with various ActiveX Controls which allows users to access the VPN with Internet Explorer. These controls contain various...
View ArticleSA-20071204-0.txt
SEC Consult Security Advisory 20071204-0 - SonicWALL Global VPN Client suffers from a format string vulnerability that can be triggered by supplying a specially crafted configuration file. Versions...
View ArticleWhitepaper-DNS-node-redelegation.pdf
This whitepaper details a way of making DNS cache poisoning / response spoofing attacks more reliable. A caching server will store any NS delegation RRs if it receives a delegation which is "closer" to...
View ArticleSEC Consult Security Advisory SA-20081109-0
SEC Consult Security Advisory 20081209-0 - Microsoft SQL Server suffers from a limited memory overwrite vulnerability.By calling the extended stored procedure sp_replwritetovarbin, and supplying...
View ArticleSEC Consult Security Advisory 20081210-0
SEC Consult Security Advisory 20081210-0 - By calling the extended stored procedure sp_replwritetovarbin, an attacker can write limited values to arbitrary locations in process memory. This...
View ArticleSEC-CONSULT Security Advisory 20081219-0
SEC-CONSULT Security Advisory 20081219-0 - Fujitsu-Siemens WebTransactions is vulnerable to remote command injection due to insufficient input validation. Under certain conditions, WBPublish.exe passes...
View ArticleIBM Directory CIM Denial Of Service
SEC Consult Security Advisory 20090305-1 - IBM Director for Windows versions 5.20.3 Service Update 2 and below suffer from a remote denial of service vulnerability.
View ArticleIBM Director Privilege Escalation
SEC Consult Security Advisory 20090305-2 - IBM Director for Windows versions 5.20.3 Service Update 2 and below suffer from a local privilege escalation vulnerability.
View ArticleNortel Contact Center Manager Authentication Bypass
SEC Consult Security Advisory 20090525-0 - The Nortel Contact Center Manager server version 6.0 suffers from an authentication bypass vulnerability.
View ArticleWhitepaper Called From 0 To 0 Day On Symbian
Whitepaper called From 0 To 0 Day On Symbian - Finding Low Level Vulnerabilities On Symbian Smartphones.
View ArticleSEC Consult - Symbian S60 / Nokia CODECs
SEC Consult Security Advisory 20090707-0 - Multiple memory corruption vulnerabilities have been identified in multimedia codecs used by the RealPlayer and MMS viewer on Nokia's Symbian/S60 based...
View ArticleModSecurity 2.6.8 Bypass
ModSecurity versions 2.6.8 and below suffer from a bypass vulnerability.
View ArticledotDefender WAF 4.26 Format String
Applicure dotDefender WAF versions 4.26 and below suffer from a format string vulnerability.
View ArticleIBM System Director Agent DLL Injection
This Metasploit module abuses the "wmicimsv" service on IBM System Director Agent 5.20.3 to accomplish arbitrary DLL injection and execute arbitrary code with SYSTEM privileges. In order to accomplish...
View ArticleSysAid Server Arbitrary File Disclosure
SysAid Server is vulnerable to an unauthenticated file disclosure attack that allows an anonymous attacker to read arbitrary files on the system. An attacker exploiting this issue can compromise SysAid...
View ArticleCisco Unified Communications Manager Command Execution
Cisco Unified Communications Manager versions prior to 11.0.1, 10.5.2, and 9.2 suffer from multiple command execution vulnerabilities.
View ArticleHacking Soft Tokens - Advanced Reverse Engineering On Android
Traditional hardware 2FA tokens are increasingly being replaced by "soft" tokens – software OTP generators packaged into regular smartphone apps that run on iOS or Android. This is more convenient for...
View ArticleSmashing Smart Contracts
This pop-scientific conference paper introduces Mythril, a security analysis tool for Ethereum smart contracts, and its symbolic execution backend LASER-Ethereum. The first part of the paper explains...
View Article
