A cross site scripting vulnerability exists in VBulletin.
fd66808e15a736a0b19ab79de528aa189d3c154e6d989518c950b793d4db25a6
aimSniff.pl 0.9b has a file deletion flaw. If the utility is run as root, a symlink attack can be used against a file in tmp to get root to remove any file on the system.
d35abb58d182e2ac03ec120bfbe800992445c733034160f3f66e0705ad173573
iDEFENSE Security Advisory 02.11.04: Exploitation of a buffer overflow in the XFree86 X Window System allows local attackers to gain root privileges. The vulnerability specifically exists in the use of the CopyISOLatin1Lowered() function with the 'font_name' buffer. While parsing a 'font.alias' file, the ReadFontAlias() function uses the length of the input string as the limit for the copy, instead of the size of the storage buffer. A malicious user may craft a malformed 'font.alias' file, causing a buffer overflow upon parsing and eventually leading to the execution of arbitrary code.
969dc5cfdd69d231c477b299e5f6ef17b853eac7ca564fd483dcefed01c82792
DallasCon Information Security Conference and Network Security Boot Camp will be April 27 to May 2, 2004. The Call for Papers is now open.
a3f5e2b49b0e431fc0cc8642f2fa2d0f01f8b51695c625e8b037fda98fa6ae17
Various game engines and games developed by Ratbag is vulnerable to a denial of service attack. Full analysis given.
0b1089fe129f3c8ed14504b82bf9fa212d6479c35297ebd93aed59986e66802d