Proof of concept exploit for Ipswitch Instant Messaging versions 2.0.8.1 and below which suffer from format string, NULL pointer, and file creation vulnerabilities.
Core Security Technologies Advisory - A vulnerability was found in VMware's shared folders mechanism that grants users of a Guest system read and write access to any portion of the Host's file system including the system folder and other security-sensitive files. Exploitation of this vulnerability allows attackers to break out of an isolated Guest system to compromise the underlying Host system that controls it. Proof of concept code included.
Core Security Technologies Advisory - The VideoLAN (VLC) media player package is vulnerable to an arbitrary memory corruption vulnerability, which can be exploited by malicious remote attackers to compromise a user's system. VLC versions 0.8.6d and below and Miro Player versions 1.1 and below are vulnerable. Proof of concept code included.
Multiple security vulnerabilities such as cross site scripting and SQL injection have been discovered in Cacti versions 0.8.7a and below. Full exploitation details provided.
SARA Malware that exploits the vmsplice bug in the Linux kernel. Affects kernel versions 2.6.17 through 2.6.24.1. Successful exploitation allows the disabling of INPUT rules on the firewall, opens TCP port 1407 for execution of remote commands, and more.
Exploit for Foxit Remote Access Server (WAC Server) versions 2.0 Build 3503 and below which suffer from telnet option heap overflow and SSH packet heap overflow vulnerabilities.