Latest Security Threads

Welcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.

+ LedgerSMB Multiple Vulnerabilities

It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these... + more

+ Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability

Insecure permissions have been detected in the multiple Kaspersky Lab antivirus products.... + more

+ Piwik Cookie Unserialize Vulnerability

Piwik unserializes() user input which allows an attacker to send a carefully crafted cookie that when unserialized utilizes Piwik's... + more

+ Invision Power Board SQL PHP File Inclusion and SQL Injection

Invision Power Board has a PHP file inclusion vulnerability that is trivial to exploit with a web browser and a known location... + more

+ U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) Vulnerability

The U.S. Defense Information Systems Agency (DISA) publishes Security Readiness Review scripts (SRRs) to ensure systems and software... + more

+ Netifera - Modular Open Source Platform for Security Tools

+ WarVOX - Tools for Exploring, Classifying, and Auditing Telephone Systems

+ Webshag - Web Server Audit Tool

+ Browser Fuzzer

+ FSpy - Linux Filesystem Activity Monitoring

+ Publique! CMS and SQL Injection Vulnerabilities

A remotely exploitable vulnerability was found in the framework core component. Exploitation of this bug does not require authentication... + more

+ Files2Links F2L-3000 SQL Injection Vulnerability

The login page of the F2L-3000 version 4.0.0 is vulnerable to SQL Injection. Exploitation of the vulnerability may allow attackers... + more

+ HP-UX Running Apache Data Injection and DoS Vulnerability

A potential security vulnerability has been identified with HP-UX running Apache v2.0.59.12 and earlier. The vulnerability could... + more

+ MIT krb5 KDC denial of service in cross-realm referral processing

An unauthenticated remote attacker could cause the KDC to crash due to a null pointer dereference. Legitimate requests can also... + more

+ AproxEngine Multiple Vulnerabilities

Vulnerabilities have been discovered in AproxEngine, which can be exploited by malicious users to manipulate certain data, conduct... + more

+ Microsoft Indeo Codec Memory Corruption Vulnerability

The Indeo codec on systems running Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow code to run on users... + more

+ HP DDMI Execution of Arbitrary Code

A potential security vulnerability has been identified with HP Discovery & Dependency Mapping Inventory (DDMI) running on Windows.... + more

+ Microsoft Windows License Logging Service Heap Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Authentication... + more

+ Microsoft Office Excel Code Execution Vulnerabilities

Attackers using specially crafted XLS files can execute arbitrary code via memory corruptions, invalid index, and invalid pointer... + more

+ Microsoft SharePoint 2007 ASP.NET Source Code Disclosure

It was found that the download facility of Microsoft SharePoint Team Services can be abused to reveal the source code of ASP.NET... + more

+ Trango Broadband Wireless Rogue SU Authentication Bug

Currently there is a flaw in the authentication mechanism of these radios which, if an attacker knows some details, can allow... + more

+ Exposing HMS HICP Protocol and Intellicom NetBiterConfig.exe Remote Buffer Overflow

SCADA weaknesses created by HICP Protocol and NetBiter WebSCADA.... + more

+ Family Connections Multiple Remote Vulnerabilities

Many fields are not properly sanitised and some checks can be bypassed.... + more

+ VideoCache vccleaner Root Vulnerability

VideoCache is a Squid URL rewriter plugin written in Python for bandwidth optimization while browsing video sharing websites.... + more

+ QuickHeal Antivirus 2010 Local Privilege Escalation

All files under the install folder have Full control for BUILTIN\users and can be replace with malicious files.... + more

+ Why Silent Updates Boost Security

Thomas Duebendorfer Google Switzerland GmbH and Stefan Frei Communication Systems Group, ETH Zurich, Switzerland looked into the... + more

+ PDF Silent HTTP Form Repurposing Attacks

This paper sheds light on a modified approach to triggering web attacks through JavaScript protocol handler in the context of... + more

+ Frame Pointer Overwrite Demonstration (Linux)

This paper assumes you have read the proper background information and/or technical details about the above subject. If not, please... + more

+ Format String Exploitation Demonstration (Linux)

This paper assumes you have read the proper background information and/or technical details about the above subject. If not, please... + more

+ Hacking SOHO Routers

The purpose of this paper is to outline the security measures being taken by vendors to prevent such attacks in their home routing... + more