Core Security Technologies Advisory - Internet Explorer suffers from a security zone restrictions bypass vulnerability.
00ae2f69dfa84d56b233d948b78867e7ebdeb7f893db82ff83c658484348e7c6
Core Security Technologies Advisory - The DX Studio Player Firefox plug-in suffers from a command injection vulnerability.
f5f901c9f6726f2f43e4d97c8d0750144416ef2ed9e07d3b11923f7251e90b24
MRCGIGUY FreeTicket suffers from insecure cookie and remote SQL injection vulnerabilities.
58dcefd6b474cee524ae567c9d4e7eebb8fc0c225dc9efc2ea9d5ed9c487e79c
Zero Day Initiative Advisory 09-042 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious web address or open a malicious file. The specific flaw exists when parsing malformed U3D model files contained in a PDF. When a specially crafted extension block of a model is processed, insufficient bounds checking is done before a call to wcsncpy(). Because of this a stack overflow can occur resulting in reliable code execution. Proper exploitation of this vulnerability will result in system compromise under the credentials of the currently logged in user.
079b6aa096d4012448e6cbf7d5cc58f1dade4492fc5a6b0bce3f0706a69f81c0
Zero Day Initiative Advisory 09-041 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 8. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the rendering of an HTML page with malformed row property references, resulting in a dangling pointer which can be abused to execute arbitrary code. Internet Explorer 7 is not affected.
9f3186225e7857293264e9a548aaaf9ddb2fff77185fc3e9097918b2b133ef32
Zero Day Initiative Advisory 09-040 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires user interaction in that a victim must open a malicious XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. When Excel 2007 encounters a malformed Qsir record (0x806) user data is improperly handled leading to potential code execution. Successful exploitation of this can lead to a remote compromise of the affected system running under the credentials of the currently logged in user.
205d1a229b3b5f56b3a50cddfa4367c291b7f6f22b48710bdeed66463b23f120
Zero Day Initiative Advisory 09-039 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when repeated calls are made to getElementsByTagName() and the reordering of the elements in the document causes an object to be allocated. The use of the event "onreadystatechange" during this operation improperly frees the previously allocated resource. The combination, with repeated page rendering, leads to the exploitable memory corruption.
734c8e9d689788326c270b6927f63314f910100e5bb0c1233d82ed4aa2ecdfd0
Zero Day Initiative Advisory 09-038 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when repeatedly calling event handlers after adding nodes of an HTML document. When a specially crafted webpage is repeatedly rendered, memory is improperly reused after it has been freed. Due to the controllable nature of the web browser, this vulnerability can be exploited to remotely compromise a system running under the security context of the currently logged in user.
05732f6ce3c8d98252e04c354b17fafdfc3be63b43e1576c714d287fe65e43bb
Zero Day Initiative Advisory 09-037 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exist due to improper AJAX request synchronization in Internet Explorer. When many asynchronous XMLHttpRequest are running concurrently memory corruption can occur that could be remotely exploited by a malicious attacker.
f73f184ed9a97b6cb4ae0d589baeb7dc226707b9a87f8259d2382f9b9c65968c
Zero Day Initiative Advisory 09-036 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists when calling the setCapture method on a range of objects. When setCapture is called on a collection of specially crafted objects memory becomes corrupted. When the capture is released, arbitrary memory is accessed potentially leading to remote code execution. Exploitation of this vulnerability will lead to system compromise under the credentials of the currently logged in user.
a9f006ef6bd21ba52c0621358c4151b6d3750b5e16fb94c567951ae9bcfe652a
Zero Day Initiative Advisory 09-035 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious e-mail, or open a malicious file. The specific flaw exists within the parsing of vulnerable tags inside a Microsoft Word document. Microsoft Word trusts a length field read from the file which is used to read file contents into a buffer allocated on the stack. When an invalid length is present, a stack based buffer overflow occurs, resulting in the ability to execute arbitrary code.
656b5c10b9f3f9f74e89cfce5b555fe8009029a331a8d20be798c15ce3a2a1fb
Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.
b28730a4c3043868564337b391e9a944eacbf0808d40552e50dddb8f31a8c0a3
School Data Navigator suffers from local and remote file inclusion vulnerabilities.
046f29294692c72d073c4cdaa7e7a8e8cc5f8cb55be51ef4306830d47a92b6d7
Technical Cyber Security Alert TA09-161A - Adobe has released Security Bulletin APSB09-07, which describes several buffer overflow vulnerabilities that could allow a remote attacker to execute arbitrary code.
160353c3ff3e2d890878fd47c4db1f449348a0268d2c6b57a0c8f817f55db7a5
Desi Short URL Script suffers from an insecure cookie handling vulnerability that allows for authentication bypass.
1da0633aeae95a1dd62a9b50f17296d49de7789f40f7ed1d051ff6f2acd3de93
Nettle is a cryptographic library that is designed to fit easily in more or less any context: in crypto toolkits for object-oriented languages (C++, Python, Pike, etc.), in applications like LSH or GNUPG, or even in kernel space. In most contexts, you need more than the basic cryptographic algorithms; you also need some way to keep track of available algorithms and their properties and variants. You often have some algorithm selection process, often dictated by a protocol you want to implement. And as the requirements of applications differ in subtle and not so subtle ways, an API that fits one application well can be a pain to use in a different context, which is why there are so many different cryptographic libraries around. Nettle tries to avoid this problem by doing one thing, the low-level crypto stuff, and providing a simple but general interface to it. In particular, Nettle doesn't do algorithm selection. It doesn't do memory allocation. It doesn't do any I/O. The idea is that one can build several application- and context-specific interfaces on top of Nettle and share the code, testcases, benchmarks, documentation, etc.
65b9e230b953bfb075f10473917e216df9b825fc325b88f69cdf756ffa17cbd6
LightNEasy sql/no-db versions 2.2.x and below system configuration disclosure exploit.
37e608575685af6f2870722c95ef79349e48bb8f5deb588dab5becef98fdb979
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
f5f2a5a9984fd1ade69a7c2cc78da2f5dc0c505f94ab58fb2aa6613399ab1c56
PDshopPro suffers from a cross site scripting vulnerability.
c3372cd09fcb54f62f1f8b023e0d6f79042a406d825868f41630d3954e8acba2
phpMyAdmin /scripts/setup.php PHP code injection remote command execution proof of concept exploit. Versions 3.0.1.1 and below are affected.
248840c70012e11357ef99fad4231ced49b2b483705bbb3ca00997d5808a5a1b
Secunia Research has discovered a vulnerability in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error when processing the number of strings in a file and can be exploited to cause a heap-based buffer overflow via a specially crafted Excel file. Successful exploitation allows execution of arbitrary code. Microsoft Office Excel 2003 is affected.
0251d077d2031e1be742cc7ddd46fb1a1e943fa6b34bd0b48d23aaf5025773a5
Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an array-indexing error when processing certain records. This can be exploited to corrupt memory via a specially crafted Excel file. Successful exploitation may allow execution of arbitrary code. Microsoft Office Excel 2000 is affected.
7725b19dd8e3e0acbaaf264cb1ac14822f245b9d54a2da1fd520fa26383caf23
Ubuntu Security Notice USN-775-2 - USN-775-1 fixed vulnerabilities in Quagga. The preventative fixes introduced in Quagga prior to Ubuntu 9.04 could result in BGP service failures. This update fixes the problem. It was discovered that the BGP service in Quagga did not correctly handle certain AS paths containing 4-byte ASNs. An authenticated remote attacker could exploit this flaw to cause bgpd to abort, leading to a denial of service.
1f36cefe153357281caca5c07b73caf8d9b1becc52bf0cb63a6b0870e48b055d
Technical Cyber Security Alert TA09-160A - Microsoft has released updates that address vulnerabilities in Microsoft Windows, Office, and Internet Explorer.
62e3f8be36f54086f42e7bc31b39b9078f61c6a69d832fe145283176db212867
S-CMS versions 2.0 Beta3 and below blind SQLi exploit.
8fdd6c8d39aa5c8bfe1d65f1d5624bfdad1b5ade2182056f58eb9f76252adee3