The c0c0n 2017 call for papers has been announced. It will take place August 17th through the 19th, 2017 at Le Meridien, Kochi (Cochin), Kerala, India

Cisco Catalyst 2960 with IOS version 12.2(55)SE11 ROCEM remote code execution exploit.

Solaris versions 7 through 11 on both x86 and SPARC suffer from an EXTREMEPARR dtappgather local privilege escalation vulnerability.

Magento versions 2.1.6 and below suffers from cross site request forgery and shell upload vulnerabilities.

53+ WordPress plugins by BestWebSoft suffer from cross site scripting and cross site request forgery vulnerabilities.

Red Hat Security Advisory 2017-0907-01 – The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fix: A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

This Metasploit module exploits a buffer overflow vulnerability found in the MKD command of the PCMAN FTP version 2.0.7 Server. This requires authentication but by default anonymous credentials are enabled.

This Metasploit module exploits a buffer overflow vulnerability found in the NLST command of the PCMAN FTP version 2.0.7 Server. This requires authentication but by default anonymous credentials are enabled.

This Metasploit module exploits a buffer overflow vulnerability found in the GET command of the PCMAN FTP version 2.0.7 Server. This requires authentication but by default anonymous credentials are enabled.

This Metasploit module exploits a buffer overflow vulnerability found in the ACCT command of the PCMAN FTP version 2.0.7 Server. This requires authentication but by default anonymous credentials are enabled.