iDefense Security Advisory 03.25.09 - Remote exploitation of an integer signedness vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists within the font parsing code in the JRE. As part of its font API, the JRE provides the ability to load a font from a remote URL. iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.'s Java JRE version 1.6.0_11 for Windows. Previous versions and versions for other platforms may also be affected.
3bc84907efc86fab9cc714244a3052994583300cd2f5c0cdbaf928ca680eb1b5
Acute Control Panel version 1.0.0 suffers from remote file inclusion and SQL injection vulnerabilities that allow for authentication bypass.
d4f0665235428efebf424f90a99c4376ebe15e8c2d9de65047b14b6ab0c57bd6
This is a security evaluation of Frog CMS version 0.9.4. This software suffers from cross site scripting, directory traversal, and various other security vulnerabilities.
afc51897436ec6ce1b456babde7d7c5100b861900330d48f6b4dbe6b435c5635
PowerCHM suffers from a stack-based buffer overflow when processing files with the .HHP extension. Version 5.7 is affected.
50beb1abca1fac7fae023040ca0c6ca831492331c8e39f44a9bcd22c4e141334
BlogPlus version 1.0 suffers from multiple local file inclusion vulnerabilities.
ac584b938fd7e0850a67571e01db0d823b83ef3f4747a42a23dde97034478120
PhotoStand version 1.2.0 remote command execution exploit.
33acea214b6c3109d61b4aebe98cf7eb051be607078d8fc25cdfeec5e27b7d9f
adsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites such as ad servers, crawlers, etc. It can be used locally, for the road warrior, or on the network perimeter in order to protect local machines from malicious sites.
6c0befe65f76510765c0efad2aa8a687d85349928a74a3da5e7d97f5f1dcbef7
Secunia Security Advisory - A vulnerability has been reported in the Gigaset SE461 WiMAX router, which can be exploited by malicious people to cause a DoS (Denial of Service).
2d57ea5e7389bf4a91bd3b36da8dae1447c2fe4b75be102c2a6516a3ef84d2c1
Secunia Security Advisory - Some vulnerabilities have been reported in VooDoo cIRCle, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).
bfb5da1b663fc49f8c7a46782b575b65f09f44ac196ee64313276551fb967d3d
Secunia Security Advisory - Fedora has issued an update for argyllcms. This fixes some vulnerabilities, which can potentially be exploited by malicious people to compromise an application using the library.
195f1769721ee670a9d641fc7b727a28f01456d864eae1073c2ba742d3d4cc91
Secunia Security Advisory - A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to gain escalated privileges.
d6f6ec0def66d53b75eff0110830f37bb71a0d96ffb70ce175a35f815158acdc
Secunia Security Advisory - A vulnerability has been discovered in Jinzora, which can be exploited by malicious people to disclose sensitive information.
fff213c32ff827e33f98ec22249f361d3f7c5e08377c03b7a7d13e81bf005f5d
Secunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information or potentially compromise a user's system.
060be212755fa2de29b64ebc13151c5e0c31f54b77863de152341bd0406e7bb0
Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes some security issues and vulnerabilities, where one has unknown impacts and others can be exploited by malicious, local users to bypass certain security restrictions, and by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and cross-site request-forgery attacks, conduct script insertion attacks, manipulate data, cause a DoS (Denial of Service), and compromise a vulnerable system.
26258b610a96509647e54d212ebb1acc9bdf8bd478c8760cd42be326c9f53252
Secunia Security Advisory - Slackware has issued an update for for mozilla-thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), conduct spoofing attacks, or potentially compromise a user's system.
3796ebe8ea0cc501252c2709b79b182f526d08691b4ad6aac2dd11b556b35130
Gentoo Linux Security Advisory GLSA 200903-39 - Two vulnerabilities in pam_krb5 might allow local users to elevate their privileges or overwrite arbitrary files. Versions less than 3.12 are affected.
d736a5e491154169e90336376e2729432b759f619f95ac81399cad1e946d0d69
Debian Security Advisory 1755-1 - Erik Sjoelund discovered that a race condition in the stap tool shipped by Systemtap, an instrumentation system for Linux 2.6, allows local privilege escalation for members of the stapusr group.
85821ca0db4ababee6c5087c25d750720baebc424b47a27ad601f790dfdd2ace
RAID 2009 Call For Papers - This symposium, the 12th in an annual series, brings together leading researchers and practitioners from academia, government, and industry to discuss issues and technologies related to intrusion detection and defense. The Recent Advances in Intrusion Detection (RAID) International Symposium series furthers advances in intrusion defense by promoting the exchange of ideas in a broad range of topics. This event will be held from September 23rd through the 25th, 2009 in Saint Malo, Brittany, France.
adc1c96d5fa0218c6c35d29bfa10d45034d865ba869c39395e10f390c401fd1b
Cisco Security Advisory - A vulnerability in the handling of IP sockets can cause devices to be vulnerable to a denial of service attack when any of several features of Cisco IOS Software are enabled.
8401d00ab5208059e231e306c1471fbc3297a33b50140224fd9d3a8a51a6e8e0
Cisco Security Advisory - Several features within Cisco IOS Software are affected by a crafted UDP packet vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked input queue on the inbound interface. Only crafted UDP packets destined for the device could result in the interface being blocked, transit traffic will not block the interface.
d7c7801e5593cc1d56d45fb532604c74459fabf8eb1ec761e05e4ee6458e597c
Cisco Security Advisory - A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that can be exploited remotely to cause a reload of the Cisco IOS device.
9aeff3ac6624b0acd51e8bdef45a818417a1cb077cb942319b1ba9325af60d29
Cisco Security Advisory - Cisco IOS Software contains a vulnerability in multiple features that could allow an attacker to cause a denial of service (DoS) condition on the affected device. A sequence of specially crafted TCP packets can cause the vulnerable device to reload.
9e9a90544800678d068057fefc2fb388030582f354d242a3c7772701808ce930
Cisco Security Advisory - The server side of the Secure Copy (SCP) implementation in Cisco IOS software contains a vulnerability that could allow authenticated users with an attached command-line interface (CLI) view to transfer files to and from a Cisco IOS device that is configured to be an SCP server, regardless of what users are authorized to do, per the CLI view configuration. This vulnerability could allow valid users to retrieve or write to any file on the device's file system, including the device's saved configuration and Cisco IOS image files, even if the CLI view attached to the user does not allow it. This configuration file may include passwords or other sensitive information.
89c62856369209d23f7e86a8a347090994a2c3bd1eb7ae5366e739c7a69af336
Cisco Security Advisory - Devices that are running Cisco IOS Software and configured for Mobile IP Network Address Translation (NAT) Traversal feature or Mobile IPv6 are vulnerable to a denial of service (DoS) attack that may result in a blocked interface.
8be582b635f622a6da5938ea795792eb076c6b771a286c319f11eac43115b214
Cisco Security Advisory - Cisco IOS software contains two vulnerabilities within the Cisco IOS WebVPN or Cisco IOS SSLVPN feature (SSLVPN) that can be remotely exploited without authentication to cause a denial of service condition. A crafted HTTPS packet will crash device. SSLVPN sessions cause a memory leak in the device.
539b67513178c8d6e96c45b5e65a773d7fb06b37cf4b6d9b4a9675a8b9bb63e7