This is an archive that houses all of the proof of concept code for the issues affecting Java SE as reported in SE-2012-01 by Security Explorations.
29990bedc5aaf8fec7315dabd3c309b9e55195b778db471fd572429d9a0d9159
Ubuntu Security Notice 1681-4 - USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, Firefox suffered from instabilities when accessing some websites. This update fixes the problem. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
bf192cfff19c29e10b100e4aec1f13cafb8ca88e7634b0553139b7a451b50736
Linksys models E1500 and E2500 suffer from cross site request forgery, cross site scripting, OS command injection, and directory traversal vulnerabilities.
2190f55bd127ac7423c9c743f4167459612f148b992042f0bd75b4b858c6d942
HP Security Bulletin HPSBST02846 SSRT100798 - Potential security vulnerabilities have been identified with HP LeftHand Virtual SAN Appliance hydra. The vulnerabilities could be remotely exploited resulting in execution of arbitrary code. Revision 1 of this advisory.
7cbc99cc15b1c65435a26d46b4aca1b9291a13d67dac603fb9ab64d5a57b2292
Mandriva Linux Security Advisory 2013-007 - This is a maintenance and bugfix release that upgrades mysql to the latest version which resolves various upstream bugs and a total of 18 security related bugs.
f5a1c34858824d1881921e777f921ed942d8506bf1d30a4c663954e96f6caef7
ezStats for Battlefield 3 version 0.91 suffers from cross site scripting and local file inclusion vulnerabilities.
f5b8e559926beca46afba459941ed9dd04aac8f272d789dbb0fd55b3a2fc2fce
ezStats2 for Playstation Network version 1.10 suffers from a local file inclusion vulnerability.
95d1e398fd1f3aed8cc7ee3aa15b6960c309c5660b77cba1b20aa7632a2ea5b9
ezStats2 Serverviewer version 0.62 suffers from a local file inclusion vulnerability.
c47f90f38309baa06b8af48bfa4202d6730bd7e0cdf210720552609fa9c65015
ezStats2 for Medal of Honor Warfighter version 1.0 suffers from a local file inclusion vulnerability.
ff61a0d26f12481d625b37a5a47fffd3ce8c580f6db84af42abb84f45e5f149a
Lorex LNC116 and LNC104 IP cameras only perform basic authentication on the main login page. If you perform direct browsing to any other interface, you are not forcibly authenticated.
532d540044cc96ed4cfe086c59d4780d62b41757e2ba6cc0661bfb60590b25f3
Netzob supports the expert in reverse engineering, evaluation, and simulation of communication protocols. Its main goals are to help security evaluators to assess the robustness of proprietary or unknown protocol implementations, simulate realistic communications to test third-party products (IDS, firewalls, etc.), and create an Open Source implementation of a proprietary or unknown protocol. Netzob provides a semi-automatic inferring process, and includes everything necessary to passively learn the vocabulary of a protocol and actively infer its grammar. The learnt protocol can afterward be simulated. Netzob handles text protocols (like HTTP and IRC), fixed field protocols (like IP and TCP), and variable field protocols (like ASN.1-based formats).
f3b03410fdb11d74fbf08ce3e8bbe50d66ab4885564a4d1e3038648079df1e71
Cisco Unity suffers from cross site request forgery and cross site scripting vulnerabilities.
b068be738d33fe236140afc114dc3e0fbab4151b887109f24eef615fdca1fdaa
Ubuntu Security Notice 1715-1 - Dan Prince discovered that Keystone did not properly perform input validation when handling certain error conditions. An unauthenticated user could exploit this to cause a denial of service in Keystone API servers via disk space exhaustion.
6931121898407cec646aa576445f110d3643fe67cbbeb3559b44c52d6f2575c1
Red Hat Security Advisory 2013-0223-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that a deadlock could occur in the Out of Memory killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service.
23104a0b9abf52386877248cf3fda61cea983577bc8d351a059a8b00c18b9e53
Ubuntu Security Notice 1714-1 - It was discovered that the QXL graphics driver incorrectly handled terminated connections. An attacker that could connect to a guest using SPICE and the QXL graphics driver could cause the guest to hang or crash, resulting in a denial of service.
34e5a5471b41675ffbad0db9aa777c0850bcbeb3a4429c30dbd0066bb7633a06
Apple Security Advisory 2013-02-04-1 - OS X Server version 2.2.1 is now available and addresses security issues in Profile Manager and Wiki Server.
1539326776e23788431f0984ab4d0680604244ca202a398ecc143ae598d269a1
Hiverr version 2.2 suffers from remote shell upload, information disclosure, and remote SQL injection vulnerabilities.
75925c789076694615f0da0d2ea89760bed4b6da0c067ce264f78bd92641c089
Oracle Auto Service Request creates files insecurely in /tmp using time stamps instead of mkstemp(). Due to this, it is possible to clobber root owned files and possibly cause a denial of service condition or worse.
3201569e185a30abb901fe01ff0684a58d22ab75b3d2eb41883373ead659d4e8
The Sony Playstation Vita browser that is in firmware version 2.05 suffers from an addressbar spoofing vulnerability.
4f94f5e5c19e28c6340f59b12d08adb37173a79130562d0dcdf3c0ae6a51fd9a
DataLife Engine versions 9.7 and below appear to suffer from a session fixation vulnerability.
30051446adef01da95c26d8b48d2e2e66c0ec348166de75102ba359fd0d0bb97
The Transport Layer Security (TLS) protocol aims to provide confidentiality and integrity of data in transit across untrusted networks. TLS has become the de facto secure protocol of choice for Internet and mobile applications. DTLS is a variant of TLS that is growing in importance. In this paper, the authors present distinguishing and plaintext recovery attacks against TLS and DTLS. The attacks are based on a delicate timing analysis of decryption processing in the two protocols. The authors include experimental results demonstrating the feasibility of the attacks in realistic network environments for several different implementations of TLS and DTLS, including the leading OpenSSL implementations. The authors provide countermeasures for the attacks. Finally, they discuss the wider implications of their attacks for the cryptographic design used by TLS and DTLS.
5e5f1f853fbe738cb8f080812f033a884a041ffb3a968f219a1bbc25ac8d892d
OpenSSL Security Advisory 20130205 - Nadhem Alfardan and Kenny Paterson have discovered a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. Their attack exploits timing differences arising during MAC processing. Other issues have also been addressed.
9c4459b12d23541849b3b7bba6f0980bf73c7efd0715788c8712fa8d0e9388ee
Opera appears to suffer from a SVG use-after-free vulnerability.
d90e95931435f6286ab827232216ed637ec6b27b22b209246804429448843063
Secunia Security Advisory - Multiple vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to disclose potentially sensitive information.
e92a8ec997894cff2383d7921b310e65489e70f2b096ee4e12f210d46cf0e615
Secunia Security Advisory - Red Hat has issued an update for java-1.7.0-oracle. This fixes multiple vulnerabilities, which can be exploited by malicious local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
6460873f00b577cedf5575de38336ed5b35c232763e43c4f3ba5cd658bda5260