Secunia Research has discovered two vulnerabilities in UltraISO, which can be exploited by malicious people to potentially compromise a user's system. A format string error when handling DAA file names can be exploited by tricking a user into opening a file with a specially crafted name containing format specifiers. A format string error when handling ISZ file names can be exploited by tricking a user into opening a file with a specially crafted name containing format specifiers. Successful exploitation may allow execution of arbitrary code. UltraISO version 9.3.1.2633 is affected.
e8b6b22234286c933c86caf76bc04d458d2b2cf5e2ee7ca1dd7d5c4daabe4ad8
Secunia Research has discovered three vulnerabilities in UltraISO, which can be exploited by malicious people to compromise a user's system. A boundary error when parsing CIF files can be exploited to overflow a global buffer by tricking a user into opening a specially crafted CIF file. A boundary error when parsing C2D files can be exploited to overflow a global buffer by tricking a user into opening a specially crafted C2D file. Insufficient validation when parsing GI files can be exploited to overflow a global buffer by tricking a user into opening a specially crafted GI file. Successful exploitation allows execution of arbitrary code. UltraISO version 9.3.1.2633 is affected.
4f0fdc8ac2f3df91d55d57dbd2bfbf7651b26b2c441c2ffb9e376cee3ea8cb9f
Whitepaper on Google Hacking written in Farsi.
d5032a9f65d13006e164fa42ec4ea999228b57aaacedc449f9e3311def3ed61c
TinyPHPForum version 3.61 suffers from file disclosure and code execution vulnerabilities.
cda1dcb6105337c0ab9dc986dfd645440bc866bcfa9f14a7e53b60fc60fc958c
MyioSoft Ajax Portal version 3.0 suffers from a remote SQL injection vulnerability in ajaxp_backend.php.
004c5129b639cfb7359b0ac23680322a6c1c57a06bfb966584af12468c39b6d5
Oracle Weblogic IIS connector remote overflow exploit that relates to JSESSIONID.
de5529e482413e2be9f8012fa29e6af9eacfb0d3ebb8fd6bad42b75fa2617dcb
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running OpenSSL. The vulnerability could be exploited remotely to allow an unauthorized access.
32408dedc7b1bb3beef81d26777720b83a5a7e169d02098aec0b1d7b30492e3f
Koschtit Image Gallery version 1.82 suffers from multiple local file inclusion vulnerabilities.
e0c6fccdf0451b8bce296fe4677fea5362cf8d48ee0f46e49acfd059caab7aad
Packet Storm new exploits for March, 2009.
e9f153b2931d639cb5badec0f38cdae04b6d25fab8707fc696b5deb4cad118a8
DeepBurner version 1.9.0.228 stack buffer overflow proof of concept exploit.
d1737e2e36552a204d8753b7f7f41231d72da7819abb0f411576f550e2322ac9
Mandriva Linux Security Advisory 2009-084 - Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.8. This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages requiring it have also been rebuilt and are being provided as updates.
7337027c6d9eab4a1b99091201ccfc3d20e82590fc265a2fca649cc8d927d330
Mandriva Linux Security Advisory 2009-083 - A number of security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Thunderbird program, version 2.0.0.21. This update provides the latest Thunderbird to correct these issues. Additionally, Mozilla Thunderbird released with Mandriva Linux 2009.0, when used with Enigmail extension on x86_64 architecture, would freeze whenever any Enigmail function was used. Also, when used on i586 architecture, Thunderbird would crash when sending an email, if a file with an unknown extension was attached to it. This update also fixes those issues.
8511d6a4698ceeef5b4163b72f2396b90cb854230c08895dc46332e0b785248e
QtWeb Internet Browser version 2.0 remote denial of service exploit.
e64c56fbb977dcb8db71cc1138721733c0f9e421bc3153c68259cb6cd11b9b12
VMware Security Advisory - ESX patches for OpenSSL, vim and bind resolve several security issues. OpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. A flaw was discovered in the way Berkeley Internet Name Domain (BIND) checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. Various vulnerabilities were discovered in vim such as format string issues and input validation problems.
6cb3c24c65b6ce75a60be81d773ffe92365d8866329c83302255f5fa55cec7f1
XBMC version 8.10 proof of concept exploit code for multiple buffer overflows related to GET requests.
630e1ff4c87341bbc0d442422a65b0fbbda8376d48c984df1335117845f76dab
XBMC version 8.10 get tag from file name remote buffer overflow exploit.
c7b8919d2d1d3063802ac34741da2d095d10aa6076e4a9487051c26951ba38f6
XBMC version 8.10 takescreenshot remote buffer overflow exploit for Windows.
eba0bb541e3a78ea046d3e1678e22f7cb2080253e1cfabb4b322ef3d94d508c4
XBMC version 8.10 GET request remote buffer overflow exploit for Windows.
aa63b4ad5a6f2a442b6f2731b35ac6e2b862f6e0835b9f145e6cb5784cc92506
Secunia Security Advisory - Fedora has issued an update for glib2. This fixes some vulnerabilities, which can potentially be exploited by malicious people to compromise an application using the library.
a4354d487a63101d758fffd689379ae14c61212b22171db1c54395b602899d23
Secunia Security Advisory - VMware has issued an update for VMware ESX Server. This fixes some vulnerabilities and weaknesses, which can be exploited by malicious people to conduct spoofing attacks or to compromise a user's system.
17b3b43996f9d8be9d72be35b6a457274ab13ea845fab23d57463b808844e0c2
Secunia Security Advisory - Debian has issued an update for xulrunner. This fixes a weakness and a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
9ab7ddbf8f5392145d06357db2a58bbfa7dba7ab0eb68c7abf757874ba99f311
Secunia Security Advisory - Methodman has reported a vulnerability in Turnkey Ebook Store, which can be exploited by malicious people to conduct cross-site scripting attacks.
564af25ccde7a7a279d9b50284f586b99b7b90c7ea50b48b3853dbfb34ebf25a
Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in UltraISO, which can be exploited by malicious people to compromise a user's system.
7249c7c996cf08e994a1c1ae2dc16e556e10cf8cfe91b0ae8e0c54ca63010b5d
Secunia Security Advisory - Some vulnerabilities have been reported in Sun Java System Calendar Server, which can be exploited by malicious people to conduct cross-site scripting attacks or to cause a DoS (Denial of Service).
b9ca637527ade8f11cc68aa134a155a1436ccfd2f744624e8061967c3d64b194
Secunia Security Advisory - Avaya has acknowledged a security issue in Avaya Messaging Storage Server, which can be exploited by malicious, local users to gain escalated privileges.
ad1e90d3006b694202bc16d7fba32b68df0cd1138862aa37d7adf7856aef8a60