A Network Time Protocol (NTP) Amplification attack is an emerging form of Distributed Denial of Service (DDoS) that relies on the use of publicly accessible NTP servers to overwhelm a victim system with UDP traffic. The NTP service supports a monitoring service that allows administrators to query the server for traffic counts of connected clients. This information is provided via the “monlist” command. The basic attack technique consists of an attacker sending a “get monlist” request to a vulnerable NTP server, with the source address spoofed to be the victim’s address. This tool is a proof of concept that demonstrates this attack.

FreeBSD Security Advisory – BIND 9 is an implementation of the Domain Name System (DNS) protocol. The named daemon is an Internet Domain Name Server. The libdns library is a library of DNS protocol support functions. Due to a software defect, specially constructed zone data could cause named to crash with an assertion failure and rejecting the malformed query when DNSSEC validation is enabled. An attacker who can cause specific queries to be sent to a nameserver could cause named to crash, resulting in a denial of service.

WordPress Easy2Map-Photos plugin version 1.09 suffers from a remote SQL injection vulnerability.