Cisco IP Phone version 11.7 denial of service proof of concept exploit.

IRIX suffers from local kernel memory disclosure and denial of service vulnerabilities.

CA Technologies support is alerting customers about a medium risk vulnerability that may allow a local attacker to gain additional privileges with products using CA Common Services running on the AIX, HP-UX, Linux, and Solaris platforms. The vulnerability, CVE-2016-9795, occurs due to insufficient validation by the casrvc program. A local unprivileged user can exploit the vulnerability to modify arbitrary files, which can potentially allow a local attacker to gain root level access.

Xorg X11 server on AIX local privilege escalation exploit.

This Metasploit module has been tested with AIX 7.1 and 7.2, and should also work with 6.1. Due to permission restrictions of the crontab in AIX, this module does not use cron, and instead overwrites /etc/passwd in order to create a new user with root privileges. All currently logged in users need to be included when /etc/passwd is overwritten, else AIX will throw 'Cannot get "LOGNAME" variable' when attempting to change user. The Xorg '-fp' parameter used in the OpenBSD exploit does not work on AIX, and is replaced by '-config', in conjuction with ANSI-C quotes to inject newlines when overwriting /etc/passwd.

BadParser is a vulnerability parser designed to aid in the testing of fuzzers by simulating different kinds of memory corruption issues. Vulnerabilities are simulated by causing write-access violations at specific addresses, which serve as unique identifiers for the different issues. BadParser supports JSON and XML input files, with other file formats planned.

Dovecot version 2.3 suffers from multiple denial of service conditions. Included in this archive is the advisory as well as patches to address the issue.

SolarWinds MSP PME Cache Service versions prior to 1.1.15 suffer from insecure file permission and code execution vulnerabilities.

Microsoft Windows Vista / Server 2008 suffer from a NtUserCheckAccessForIntegrityLevel use-after-free vulnerability.

Microsoft Windows Vista/Server 2008 nsiproxy.sys local kernel denial of service exploit.

This Metasploit module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileString method, which allow the user to write arbitrary files. It's abused to drop a payload embedded in a dll, which is later loaded through the Init() method from the lrMdrvService control, by abusing an insecure LoadLibrary call. This Metasploit module has been tested successfully on IE8 on Windows XP. Virtualization based on the Low Integrity Process, on Windows Vista and 7, will stop this module because the DLL will be dropped to a virtualized folder, which isn't used by LoadLibrary.

This Metasploit module exploits a remote arbitrary file write vulnerability in SolidWorks Workgroup PDM 2014 SP2 and prior. For targets running Windows Vista or newer the payload is written to the startup folder for all users and executed upon next user logon. For targets before Windows Vista code execution can be achieved by first uploading the payload as an exe file, and then upload another mof file, which schedules WMI to execute the uploaded payload. This Metasploit module has been tested successfully on SolidWorks Workgroup PDM 2011 SP0 on Windows XP SP3 (EN) and Windows 7 SP1 (EN).

A DLL side loading vulnerability was found in the NPS Datastore server DLL that ships with Windows Vista. This issue can be exploited by loading the affected DLL as an embedded OLE object. When instantiating the object Windows will try to load the DLL iasdatastore2.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

Network Associates COVERT Labs Security Advisory - The L-Soft LISTSERV web archive (wa,wa.exe) component contains an unchecked buffer allowing remote execution of arbitrary code with the privileges of the LISTSERV daemon. Vulnerable systems include L-Soft LISTSERV Web Archives 1.8d (confirmed) and 1.8c (inferred) for Windows 9x, Windows NT 3.5x, Windows NT 4.0, Windows 2000, UNIX (all vendors), and OpenVMS VAX.

pArAnoIA is a toolkit designed to surf the Internet. It's a browser with TOR built-in, spoofing of user-agent and other functions, ensures strict use of TLS, and more.

User Management System version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Fishing Reservation System suffers from multiple remote SQL injection vulnerabilities.

The Air Contacts Lite iPhone / iPod application suffers from a denial of service vulnerability.

Symantec Mobile Encryption for iPhone version 2.1.0 suffers from a denial of service vulnerability.