Gentoo Linux Security Advisory GLSA 200812-11 - Several remotely exploitable bugs have been found in CUPS, which allow remote execution of arbitrary code. Versions less than 1.3.9-r1 are affected.
412ed9cc273be9120ea72d7b2ed4fcc8
CA ARCserve Backup contains a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient verification of client data. A remote attacker can crash the LDBserver service or execute arbitrary code in the context of the service. Note: The client installation is not affected.
3199e210467e764518ad5ff768796b19
Microsoft Internet Explorer 7 XML parsing remote buffer overflow exploit that spawns calc.exe.
d496f9a07952ac8fefff369a1d776a88
CF Forum suffers from a blind remote SQL injection vulnerability in forummessages.cfm.
ef54051abc85634b684d08a50fe2b226
CFMBLOG suffers from a blind remote SQL injection vulnerability in index.cfm.
8c9880ddff71bfd2b5b4999695bb2f41
Mandriva Linux Security Advisory 2008-240 - Alfredo Ortega found a flaw in how Vinagre uses format strings. A remote attacker could exploit this vulnerability if they were able to trick a user into connecting to a malicious VNC server, or opening a specially crafted URI with Vinagre. With older versions of Vinagre, it was possible to execute arbitrary code with user privileges. In later versions, Vinagre would abort, leading to a denial of service. The updated packages have been patched to prevent this issue.
b2e67d424ad100502a168ee7c2004525
Max's Guestbook version 1.0 suffers from a cross site scripting vulnerability.
25a58b6e60fd8d2fdc44a439d9784b5a
CF Auction suffers from a blind remote SQL injection vulnerability.
3c435f75885f8181371138f7e37c4d43
CF Calendar suffers from a remote SQL injection vulnerability in calendarevent.cfm.
1554d9271beee06c3a91a038c3ce24d4
iDefense Security Advisory 12.09.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel spreadsheet could allow attackers to execute arbitrary code with the privileges of the current user. This issue exists in the handling of certain malformed object records within an Excel spreadsheet (XLS), allowing memory corruption to occur. This could lead to an exploitable situation. iDefense has confirmed the existence of this vulnerability with Office 2000 SP3 fully patched as of July 2008.
9466a65eb7380edb98fba1c7e6571a47
CF Shopkart version 5.2.2 suffers from remote SQL injection and database disclosure vulnerabilities.
3e14f4b1709c69f5878ec5354a453917
Butterfly Organizer version 2.0.1 suffers from a remote SQL injection vulnerability in view.php.
0123de35f5cc99c1aaa92512a9eb92cf
Nebula is a data analysis tool that automatically generates intrusion signatures from attack traces. It runs as a daemon that processes data submitted from honeypots. New signatures are published as Snort rules and can be used to defend a network from future intrusion attempts.
06eabd66634e7969203465fb94900f18
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running DCE. The vulnerability could be exploited remotely to create a Denial of Service (DoS).
3e6a283f2bdbdfd261fa15d1f419665e
SEC Consult Security Advisory 20081210-0 - By calling the extended stored procedure sp_replwritetovarbin, an attacker can write limited values to arbitrary locations in process memory. This vulnerability has been described in a prior security advisory for MS SQL Server 2000.
100b389de53df5833f845321a44aaa62
It is possible to protect an ELF binary against f-prot by corrupting its ELF header, while letting the binary completely functional. F-prot will crash when analyzing the file, letting the possible malware undetected. f-prot version 4.6.8 for GNU/Linux is affected.
784ec034097cd2a378d0ac99587e8f24
Sophos Antivirus deterministically crashes (segmentation fault) when analyzing corrupted packed files for multiple packers: armadillo, asprotect, asprotectSKE. The same behavior has also been observed when analyzing corrupted CAB files. Sophos SAVScan 4.33.0 for Linux and possibly others are affected.
38e2007ac4098ad444940502fa07d90b
AVG antivirus can be deterministically forced to crash (segmentation fault) when analyzing corrupted UPX files. AVG for Linux version 7.5.51 (current) and possibly other versions are affected.
567323a87a689aff43c464049365374c
Multiple buffer overflows were discovered in the GNU/Linux version of Avast when analyzing corrupted ISO and RPM files. Avast for Workstations version 1.0.8 Trial versions and possibly others are affected.
fd8b11cc90d0183b9cb9b7f59c96f0fb
Multiple integer overflows were discovered in the GNU/Linux version of Bitdefender when analyzing corrupted PE binaries packed with neolite and asprotect packers. Bitdefender for GNU/Linux versions 7.60825 and below are affected.
cb458d0cea1c0dab406e443d79b5c17a
Clamav uses an external unpacker, which can be deterministically crashed, when processing corrupted LZH files. Versions 0.93.3 and below are affected.
5e380141b9b8aca38d9b56fe22d493a0
Microsoft Internet Explorer 7 XML parsing remote buffer overflow exploit that spawns calc.exe.
7a72b665a0b23128a343b57df44502c2
Core Security Technologies Advisory - A vulnerability has been found in the way that Microsoft Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed record value. An attacker who successfully exploited this vulnerability could execute arbitrary code with the privileges of the user running the MS Word application.
f1f46493517fefc63140ee39402d2470
Insomnia Security Vulnerability Advisory - A vulnerability was found in the way that webdav requests are cached and then later retrieved by Internet Explorer. This results in the use of uninitialized memory which under the right situation can lead to command execution.
bac6b8f0af3d3c8a07a00f3b1369b5fd
NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
ebf4315b24ca4033c9cdd20289ed8c3a