Secunia Security Advisory - Some vulnerabilities have been reported in XFree86, which can be exploited by malicious, local users to disclose sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.
0e04db08c0a14bbd2fd8bbe4a1751083d93b6f553196b362a1cabc80a646e9fe
Secunia Security Advisory - DarkFig has reported a vulnerability in MyBB, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
2e9224232020aa08ac2e4f48dada4c13b25b81f022f615d133f53bed40709821
Secunia Security Advisory - Gentoo has issued an update for zziplib. This fixes a vulnerability, which can be exploited by malicious people to gain escalated privileges or compromise a vulnerable system.
d4587804a6d6dc5a9b3387965c31dc6e5e6c14d222bff89b37a446dbc1402079
Secunia Security Advisory - Gentoo has issued an update for openpbs. This fixes some vulnerabilities, which can be exploited by malicious, local users and malicious people to potentially compromise a vulnerable system.
0c60d94e2ed85b037cbe0983ead2e730a4d5805914947da5e97ca1902d6c4af9
Secunia Security Advisory - ajann has discovered a vulnerability in the PopnupBlog module for Xoops, which can be exploited by malicious users to conduct SQL injection attacks.
88f7ea262ef1460a28d4c37cf51188e71e938a47d548b1e1fea03fb67571cc9d
Secunia Security Advisory - Red Hat has issued an update for XFree86. This fixes some vulnerabilities, which potentially can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.
2cbfc31d6cd4d31f467ee980046d973aeb5030c9e6fc9b8db03401e978495f38
iDefense Security Advisory 04.03.07 - Local exploitation of a heap overflow vulnerability in Kaspersky Lab's Internet Security Suite klif.sys could allow an attacker to execute arbitrary code within kernel context. iDefense confirmed this vulnerability in Kaspersky Internet Security 6.0.1.411 for Windows. Previous versions may also be affected.
cb86f97a8e68118b170d67d5ac9573954988b96454ce53ff0d0a58556693ced9
iDefense Security Advisory 04.04.07 - Remote exploitation of a information disclosure vulnerability in Kaspersky AntiVirus 6 could allow malicious websites to steal files off of a user's machine. iDefense has confirmed the existence of this vulnerability in version 6.0 of Kaspersky Antivirus.
b90f0bdcb2ad661747c567945e87febf3ab55b1c4b1b2989b69aa84c70bc6761
Debian Security Advisory 1277-1 - Multiple errors have been found in the skin handling routines in xmms, the X Multimedia System. These vulnerabilities could allow an attacker to run arbitrary code as the user running xmms by inducing the victim to load specially crafted interface skin files.
4c05c6e7a8aa1280d48fe3b1e5be826084e650e4e4b2fd7155f6f14d29692a7d
Mandriva Linux Security Advisory - iDefense integer overflows in the way freetype handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code.
d4da0504bcad1dad21f7e27ad6722ecbd0d461fba5c492fe3ced6afa5497909a
Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. TightVNC uses some of the same code base as Xorg, and has the same vulnerable code.
330fcb42f22893aed5d9dc72a5e4c07dd0445ff1c5c94024359d87760efc0e63
Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. Multiple integer overflows in the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow.
c68398453cdd0da008a82f8abe40ea08649a33cada1190cb14fbbabea9298e8f
Mandriva Linux Security Advisory - Quite a few kernel related vulnerabilities have been fixed for the Linux 2.6 series.
10c5929aed3baa55da532114a82a81496e27e687951bb570f70098fe552e0d18
Mandriva Linux Security Advisory - A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password. Buffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC. Successful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes. Finally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes.
4c85472c6c076fc42ea60fe1902ed6ac8df4cba85d66cc80bb7857e1689352c5
Gazi Okul Sitesi 2007 suffers from a SQL injection vulnerability in fotokategori.asp.
907f6dc3bd50ed9678e5289f18c58f5cdaa08b54cee570a2743ca46f597f62ea
VMware Security Advisory - ESX 3.0.1 and 3.0.0 patches address several security issues.
00501d3613c989dc8596886834f4aebb712f92e614164602fc56e3fbe61fd121
ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.
83cb422e91d20d05afbe49119a394fe82ea883046f73d3a4484f08440e667307
phpexplorator version 2.0 suffers from remote file inclusion vulnerabilities.
ad0fbf74df31f973d0a1e0124f05bf1dc3582a5b09a97c0793b045d4036f3044
eXV2 CMS versions 2.0.4.3 and below suffer from cross site scripting and session fixation vulnerabilities.
d5233fec8ea149595a12f4f06501a776db911ec3e1cfae898a9ef16f9afa3979
This Metasploit module exploits a flaw in the AOL Sb.SuperBuddy ActiveX control.
c4f84c19a69aaa614387d7a5b6263bdeda1ac6eaacdca63ebc8674c8c9bd1256
HP Mercury Quality Center Spider90.ocx ProgColor proof of concept overflow exploit.
865b573d40da03154b5d83cd106f8dae02b210ab5a3d1cd3a079862c24bd722c
Exploit for the Microsoft Windows .ANI LoadAniIcon stack overflow vulnerability. (Hardware DEP).
712fe1c2ff48b375d86ed79e79a516acf08a26ac10ba886752f4ca552ec005a2
Local privilege escalation exploit for TrueCrypt versions 4.3 and below.
67d7762db7996956fbb9268d558f5abb58d3b7b54ffe452695dfc85de1061d5d
Xoops module Rha7 Downloads versions 1.0 remote SQL injection exploit that makes use of visit.php.
8a4657d159e4814be5f9df63a366c1fae34a527745d1fd24d91e05bd884b7386
Xoops module WF-Snippets versions 1.02 and below blind SQL injection exploit.
03d6b881358a18c992b157ad04bfbe32eaae1b46ce5cffc957ad9f95846d5fc6