Gentoo Linux Security Advisory GLSA 200812-11 - Several remotely exploitable bugs have been found in CUPS, which allow remote execution of arbitrary code. Versions less than 1.3.9-r1 are affected.
827cf9ee7779b7a80dd45cbbe00a496e41377152190668ccd97c51324afc527b
CA ARCserve Backup contains a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient verification of client data. A remote attacker can crash the LDBserver service or execute arbitrary code in the context of the service. Note: The client installation is not affected.
c3f42a1781959a4e232299fd40445813782d401f6a4ad863bcdc64c3aefdb67a
Microsoft Internet Explorer 7 XML parsing remote buffer overflow exploit that spawns calc.exe.
68f9fa88b21b8862740cac4d6058e5ea49f525f8a10b4724d1d4297a7a3e4da5
CF Forum suffers from a blind remote SQL injection vulnerability in forummessages.cfm.
ebc826e3757bc8e495970a7e3759749423bfb04df583e504d7bedc54766f8a97
CFMBLOG suffers from a blind remote SQL injection vulnerability in index.cfm.
99fee75837ee20f62c240d0ffc1c1f7934ba8a5ff7036a95879da3fa4d70a37f
Mandriva Linux Security Advisory 2008-240 - Alfredo Ortega found a flaw in how Vinagre uses format strings. A remote attacker could exploit this vulnerability if they were able to trick a user into connecting to a malicious VNC server, or opening a specially crafted URI with Vinagre. With older versions of Vinagre, it was possible to execute arbitrary code with user privileges. In later versions, Vinagre would abort, leading to a denial of service. The updated packages have been patched to prevent this issue.
39d368ad79c4624b60368ed3801cfa631cf29c75ff6e77ddce8838a0cbd8afe4
Max's Guestbook version 1.0 suffers from a cross site scripting vulnerability.
6929c525157307cfb8c066422be51c338b5e131994e4ab28e2455268cf6d607e
CF Auction suffers from a blind remote SQL injection vulnerability.
6893efae3026ceb24806ed2f478acc9942a8c8b8f726704da885fb0b40dec9af
CF Calendar suffers from a remote SQL injection vulnerability in calendarevent.cfm.
f0fac2796a6d478bf1285aebff0460edc1e34ad258d71f9e816f57f184a457e3
iDefense Security Advisory 12.09.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel spreadsheet could allow attackers to execute arbitrary code with the privileges of the current user. This issue exists in the handling of certain malformed object records within an Excel spreadsheet (XLS), allowing memory corruption to occur. This could lead to an exploitable situation. iDefense has confirmed the existence of this vulnerability with Office 2000 SP3 fully patched as of July 2008.
4441eb16250d65d8bc6ff4a748607eb35ff4755d0a9fde4c53f0225021c96e4d
CF Shopkart version 5.2.2 suffers from remote SQL injection and database disclosure vulnerabilities.
693f24f76e8795a2c9fadc701f58825470b74b5f39b01fd5cf08865a23644a83
Butterfly Organizer version 2.0.1 suffers from a remote SQL injection vulnerability in view.php.
7a32fc917b63a62485b3b5b92f85145c7297227227ad6036aa9d06884c1fe042
Nebula is a data analysis tool that automatically generates intrusion signatures from attack traces. It runs as a daemon that processes data submitted from honeypots. New signatures are published as Snort rules and can be used to defend a network from future intrusion attempts.
6d90fe1c5c1d81045134485e8ee4e888e9fce5d4323a2b6b321bf8a9765fc856
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running DCE. The vulnerability could be exploited remotely to create a Denial of Service (DoS).
471823d5e54224359fc29c8657b25f4c4bb648e0288c1c9d07f9b36f3614c09b
SEC Consult Security Advisory 20081210-0 - By calling the extended stored procedure sp_replwritetovarbin, an attacker can write limited values to arbitrary locations in process memory. This vulnerability has been described in a prior security advisory for MS SQL Server 2000.
35360a7acfa1a99b8a092110b58250c85ed5ca8c4ccd0d0b760cbb8a46b38a39
It is possible to protect an ELF binary against f-prot by corrupting its ELF header, while letting the binary completely functional. F-prot will crash when analyzing the file, letting the possible malware undetected. f-prot version 4.6.8 for GNU/Linux is affected.
a1424ff8ad9ff444b319433fdf1a2163ec6ad872d6772bed154f4806cb4e88df
Sophos Antivirus deterministically crashes (segmentation fault) when analyzing corrupted packed files for multiple packers: armadillo, asprotect, asprotectSKE. The same behavior has also been observed when analyzing corrupted CAB files. Sophos SAVScan 4.33.0 for Linux and possibly others are affected.
9228d18fc3b87e9dfa481b98001a67b62060706c5652631568b031109f3efa05
AVG antivirus can be deterministically forced to crash (segmentation fault) when analyzing corrupted UPX files. AVG for Linux version 7.5.51 (current) and possibly other versions are affected.
5e961e37dbebcceed6eeb4bb17a3094e91573d02baa5556259658da15b68d26f
Multiple buffer overflows were discovered in the GNU/Linux version of Avast when analyzing corrupted ISO and RPM files. Avast for Workstations version 1.0.8 Trial versions and possibly others are affected.
45808bf369b9de88af97274c0bdbdb9c6a37f8c49f6d650f396a93a786278ecc
Multiple integer overflows were discovered in the GNU/Linux version of Bitdefender when analyzing corrupted PE binaries packed with neolite and asprotect packers. Bitdefender for GNU/Linux versions 7.60825 and below are affected.
e166e24e386d19eeb0be908dfb8aff0db2050d27a19747733c8f6db105b3d5f1
Clamav uses an external unpacker, which can be deterministically crashed, when processing corrupted LZH files. Versions 0.93.3 and below are affected.
af9e2f87235c167df539925d2d3e6d8133912250f66b6b29626b3fb8d4cbdf95
Microsoft Internet Explorer 7 XML parsing remote buffer overflow exploit that spawns calc.exe.
bf0cf3c2d60be063bd15565d0f2e4c146b0b396c2c2fd67bb3b37d350e1ecbe3
Core Security Technologies Advisory - A vulnerability has been found in the way that Microsoft Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed record value. An attacker who successfully exploited this vulnerability could execute arbitrary code with the privileges of the user running the MS Word application.
6f84551f3249c3aa35a7feb4f055de3b8c4220bfed506d6013db37f88a75caec
Insomnia Security Vulnerability Advisory - A vulnerability was found in the way that webdav requests are cached and then later retrieved by Internet Explorer. This results in the use of uninitialized memory which under the right situation can lead to command execution.
0ebee2503764c3f44cce43818618fb05a3255230042be4a70fb22d4b93f6b573
NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
877b7e9b725720cd726819e5c02975055cb56ed9c064fc11b6e503f648519c32