Depant, or DEfault PAssword Network Tool, is a scanner that will map out your local network and attempt to check it with a default password list.

Uninformed is pleased to announce the release of its tenth volume which is composed of 4 articles: Can you find me now? Unlocking the Verizon Wireless xv6800 (HTC Titan), Using dual-mappings to evade automated unpacker, Analyzing local privilege escalations in win32k, and Exploiting Tomorrow's Internet Today: Penetration testing with IPv6.

Debian Security Advisory 1653-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

IndexScript version 3.0 suffers from a remote SQL injection vulnerability in sug_cat.php.

The wireless drivers in some Wi-Fi access points (such as the MARVELL-based Linksys WAP4400N) do not correctly parse some malformed 802.11 frames, allowing for denial of service and possible code execution.

Globsy versions 1.0 and below remote file rewriting exploit.

Proof of concept code that demonstrates how an Oracle DB user which has been granted CREATE ANY DIRECTORY can use that system privilege to grant themselves the SYSDBA system privilege by creating a DIRECTORY pointing to the password file location on the OS and then overwriting it with a previously prepared known binary password file using UTL_FILE.PUT_RAW from within the DB.

An Oracle DB user which has been granted CREATE ANY DIRECTORY can use that system privilege to grant themselves the SYSDBA system privilege by creating a DIRECTORY pointing to the password file location on the OS and then overwriting it with a previously prepared known binary password file using UTL_FILE.PUT_RAW from within the DB. This paper will show how the issue can be exploited and most importantly how to secure against it.

LokiCMS versions 0.3.4 and below remote command execution exploit.

Loki CMS version 0.3.4 create local file inclusion exploit that uses admin.php.