News

• Infocon: green
• ISC StormCast for Thursday, February 23rd 2012 http://isc.sans.edu/podcastdetail.html?id=2347, (Thu, Feb 23rd)
• ISC Feature of the Week: Handler Diaries, (Wed, Feb 22nd)
• Apache 2.4 Features, (Wed, Feb 22nd)
• ISC StormCast for Wednesday, February 22nd 2012 http://isc.sans.edu/podcastdetail.html?id=2344, (Wed, Feb 22nd)

• ASLR on Android 4 found wanting
• Report: IPv6 sees first DDoS attacks
• Porn portal's user database open and accessible on the net
• Google also bypassed cookie settings in Internet Explorer
• Chrome may get a password generator

[More...]

Sources:  ISC Diary, H-Online

Today’s Defacements

• http://collapseacup.net
• http://collapse-a-cup.net
• http://collapseacup.com
• http://zefti.mobi
• http://smucked.com

[More...]

Source:  zone-h

Exploits

• Sysax Multi Server 5.50 Create Folder Remote Code Exec BoF (MSF Module)
• phplist - version 2.10.9 CSRF/XSS Vulnerability
• VR GPub 4.0 CSRF Vulnerability
• WordPress <= 3.3.1 Multiple Vulnerabilities
• Mempodipper - Linux Local Root for >=2.6.39, 32-bit and 64-bit

[More...]

Source: SecurityReason

Unpublished Vulnerabilities

• Novell
• Oracle
• Novell
• Oracle
• Adobe

[More...]

Source: DVLabs

Vulnerabilities

• TestLink lib/requirements/reqSpecPrint.php req_spec_id Parameter SQL Injection
• TestLink lib/requirements/reqSpecAnalyse.php req_spec_id Parameter SQL Injection
• SB Uploader Plugin for WordPress wp-content/plugins/sb-uploader/sb_uploader.php File Upload Remote PHP Code Executiion
• Dolphin pedit.php Permission Validation HTTP Request Parsing Arbitrary User Privacy Setting Manipulation
• Fork CMS Multiple Function CSRF

• TPTI-12-01 - Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerability
• TPTI-11-14 - Adobe Shockwave DEMX Remote Code Execution Vulnerability
• TPTI-11-13 - McAfee SaaS myCIOScn.dll Scan Method Script Injection Remote Code Execution Vulnerability
• TPTI-11-12 - McAfee SaaS MyAsUtil5.2.0.603.dll SecureObjectFactory Instantiation Design Flaw Remote Code Execution Vulnerability
• TPTI-11-08 - Adobe Shockwave iml32.dll DEMX Chunk GIF Parsing Remote Code Execution Vulnerability

• CVE-2012-1256 (easyvista)
• CVE-2012-0315 (alftp)
• CVE-2012-0291 (pcanywhere, altiris_client_management_suite_pcanywhere_solution, altiris_deployme...)
• CVE-2012-0223 (termis)
• CVE-2012-1235 (advantech_webaccess)

• Vuln: Pligg CMS 'status' Parameter SQL Injection Vulnerability
• Vuln: Microsoft Internet Explorer CVE-2012-0155 VML Handling Remote Code Execution Vulnerability
• Vuln: Microsoft Internet Explorer Use-After-Free Remote Code Execution Vulnerability
• Vuln: Microsoft Windows ASX File Parsing Remote Buffer Overflow Vulnerability
• Bugtraq: [ MDVSA-2012:023 ] libxml2

• [ MDVSA-2012:023 ] libxml2
• Multiple XSS in Chyrp
• [ MDVSA-2012:022 ] libpng
• Multiple security vulnerabilities in Tremulous 1.1.0, GPP1, and unofficial MG and TJW engines
• [SECURITY] [DSA 2415-1] libmodplug security update

[More...]

Sources:  OSVDB, DVLabs, NVD, SecurityFocus, Bugtraq