Puppet Remote Code Execution
When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the...
View ArticleSolaris 10 Patch Cluster File Clobber
Solaris 10 patch cluster suffers from a file clobber vulnerability in /tmp.
View ArticleUbuntu Security Notice USN-1886-1
Ubuntu Security Notice 1886-1 - It was discovered that Puppet incorrectly handled YAML payloads. An attacker on an untrusted client could use this issue to execute arbitrary code on the master.
View ArticleDebian Security Advisory 2698-1
Debian Linux Security Advisory 2698-1 - Multiple issues were discovered in the TIFF tools, a set of utilities for TIFF image file manipulation and conversion.
View ArticleMoinMoin twikidraw Action Traversal File Upload
This Metasploit module exploits a vulnerability in MoinMoin 1.9.5. The vulnerability exists on the manage of the twikidraw actions, where a traversal path can be used in order to upload arbitrary...
View ArticleDebian Security Advisory 2628-2
Debian Linux Security Advisory 2628-2 - The security update DSA-2628 for nss-pam-ldapd failed to build on kfreebsd-amd64 and kfreebsd-i386.
View ArticleJoomla Rokdownloads Shell Upload
The Joomla Rokdownloads component suffers from a remote shell upload vulnerability.
View ArticleFacebook Permanent Photo URIs
Facebook appears to suffer from a critical design flaw in how users share photos using a URI. Once a URI is known the only action the user can take to hide the contents of a photo album is to delete...
View ArticleMusicBee 2.0.4663 Denial Of Service
MusicBee version 2.0.4663 .m3u denial of service exploit.
View ArticleSource Code Analysis With Web Applications II
This is a whitepaper discussing source code analysis of web applications. Part II. Written in Turkish.
View ArticleMod_Security Cross Site Scripting Bypass
Mod_security suffered from a cross site scripting filter bypass vulnerability.
View ArticleTechnical Cyber Security Alert 2013-169A
Technical Cyber Security Alert 2013-169A - Oracle released the June 2013 Critical Patch Update for Oracle Java SE. This patch contains 40 new security fixes across Java SE products and a fix to the...
View ArticleRSA BSAFE SSL/TLS Plaintext Recovery
Researchers have discovered a weakness in the handling of CBC cipher suites in SSL, TLS and DTLS for RSA BSAFE Micro Edition Suite for all versions outside of 4.0.3 and 3.2.5. The Lucky Thirteen attack...
View ArticleTP-Link Print Server TL PS110U Information Enumeration
TP-Link Print Server version TL PS110U suffers from a sensitive information enumeration vulnerability.
View ArticleFreeBSD mmap Privilege Escalation
This exploits performs privilege escalation leveraging the mmap vulnerability in FreeBSD 9.1 as described in FreeBSD-SA-13:06.
View ArticleRSA BSAFE SSL-J BEAST / Lucky Thirteen
RSA BSAFE SSL-J 6.0.1 and 5.1.2 contain updates designed to prevent BEAST attacks and SSL/TLS Plaintext Recovery (aka Lucky Thirteen) attacks.
View ArticleIBM WebSphere Commerce Padding Oracle Attacks
In February 2013, VSR identified a vulnerability in the IBM WebSphere Commerce framework which could allow an attacker to tamper with values stored in the "krypto" URL parameter. This parameter is...
View ArticleGLPI 0.83.7 Parameter Traversal Arbitrary File Access
GLPI version 0.83.7 suffers from a parameter traversal vulnerability that allows for arbitrary file access.
View ArticleDrupal Login Security 6.x / 7.x DoS / Bypass
Drupal Login Security third party module versions 6.x and 7.x suffer from bypass and denial of service vulnerabilities.
View ArticleFreeBSD 9.0 / 9.1 mmap/ptrace Exploit
FreeBSD versions 9.0 and 9.1 mmap/ptrace privilege escalation exploit that leverages the issue described in FreeBSD-SA-13:06.
View Article