CVE-2013-4307

Multiple cross-site scripting XSS vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow 1 remote attackers to inject arbitrary web script or HTML via a label in the "In other languages"...

Government to Release Hundreds of Documents Related to NSA Surveillance

In response to a lawsuit by the Electronic Frontier Foundation, the Department of Justice is preparing to release a trove of documents related to the government’s secret interpretation of Section 215 of the PATRIOT Act. The declassified documents will include previously secret opinions of the...

[IronWASP v0.9.6.5] Open Source Advanced Web Security Testing Platform

IronWASP Iron Web application Advanced Security testing Platform is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripti...

WordPress Usernoise Plugin 3.7.8 - Persistent XSS

Usernoise plugin is prone to a persistent XSS vulnerability, because the user input is not being properly handled when a feedback is submitted. The affected area is the Wordpress admin dashboard. The vulnerability accepts arbitrary codes, including JavaScript. And all JavaScript code is executed...

NSA Director Alexander Defends Surveillance at Black Hat

LAS VEGAS –NSA director Gen. Keith Alexander’s keynote today at Black Hat USA 2013 was a tense confessional, an hour-long emotional and sometimes angry ride that shed some new insight into the spy agency’s two notorious data collection programs, inspired moments of loud applause in support of the...

ISC BIND 9 RDATA Section Handling DoS

According to its self-reported version number, the remote installation of BIND can be forced to crash via specially crafted queries containing malformed 'rdata' contents. Note that Nessus has only relied on the version itself and has not attempted to determine whether or not the install is actual...

CVE-2013-4854

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query with...

Autocad DWG-AC1021 Heap Corruption

AutoCAD is a software for computer-aided design CAD and technical drawing in 2D/3D, being one of the world leading CAD design tools. It is developed and sold by Autodesk, Inc. Title: AutoCAD DWG-AC1021 Heap Corruption CVE Name: CVE-2013-3665 Permalink:...

Appropriations Amendment Threatens to Cut Funding for NSA Collection Program

A small group of Congressmen is trying to cut off the funding for the NSA’s widespread collection of phone and Internet records under the “business records” collection provision of the Foreign Intelligence Surveillance Act. The provision in FISA that enables law enforcement agencies to get access...

Congress Warns Section 215 May Not Be Renewed

Incensed at the way that the Department of Justice and the intelligence community have used the controversial section 215 of the PATRIOT Act, members of the House Judiciary Committee on Wednesday angrily questioned Justice and NSA officials about their surveillance of U.S. citizens and said that...

Kate's Video Toolkit 7.0 Crash

Exploit Title: Kate's Video Toolkit Version 7.0 .wav - Crash POC Date: 14-07-2013 Exploit Author: ariarat Vendor Homepage: http://fakewebcam.com/Free-Video-Toolkit.asp Software Link: http://download.cnet.com/Kate-s-Video-Toolkit/3000-21394-10628194.html Version: 7.0 maybe all versions! Tested on:...

Kate's Video Toolkit 7.0 - '.wav' Crash (PoC)

Exploit Title: Kate's Video Toolkit Version 7.0 .wav - Crash POC Date: 14-07-2013 Exploit Author: ariarat Vendor Homepage: http://fakewebcam.com/Free-Video-Toolkit.asp Software Link: http://download.cnet.com/Kate-s-Video-Toolkit/3000-21394-10628194.html Version: 7.0 maybe all versions! Tested on:...

IRS Exposes Social Security Numbers Online

The Social Security Numbers of tens of thousands of Americans ended up in a searchable public database that provides access to the tax filing applications of Section 527 political organizations on the Internal Revenue Service’s website. According to OpenSecrets.org, 527s are “…tax-exempt groups...

DNI Clapper Says Statement to Congress About NSA Data Collection Was 'Erroneous'

In a highly unusual move, James Clapper, the director of national intelligence, said Tuesday that he misspoke when he told a Congressional committee in March that the National Security Agency does not assemble dossiers on Americans. Clapper said at the time that the agency does not do so...

CVE-2012-6553

Heap-based buffer overflow in Resource Hacker 3.6.0.92 allows remote attackers to execute arbitrary code via a Portable Executable PE file with a resource section containing a string that has many tab or line feed characters...

CVE-2012-6553

Heap-based buffer overflow in Resource Hacker 3.6.0.92 allows remote attackers to execute arbitrary code via a Portable Executable PE file with a resource section containing a string that has many tab or line feed characters...

CVE-2012-6558

Heap-based buffer overflow in HeavenTools PE Explorer 1.99 R6 allows remote attackers to execute arbitrary code via the size value for a string in the resource section of a Portable Executable PE file...

CVE-2013-2020

Integer underflow in the cliscanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read...

Integer overflow

Integer underflow in the cliscanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read...

CVE-2013-2020

Integer underflow in the cliscanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read...