Mandriva Linux Security Advisory 2009-148 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. These include multiple buffer overflows and an integer underflow.
2e03f296ac75cbe809a4a00ae374675d542cd81b2125b42c8d069553916be85c
The Citrix XenCenterWeb suffers from cross site scripting, cross site request forgery, SQL injection, and code execution vulnerabilities.
5c47fe62cf61a6038e2a5bad0664996739b56e89e69724269e110ef201384050
The Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
74f0ef89d40cd7ce76ae136da44446c3bd5c8e59fbed96d4bf0d38dc3d879c93
Ajisai is a SSL/TLS implementation providing a high level C++ interface. It uses the Botan library for cryptographic operations and certificate handling.
e104dfb5d5b6ae8281a3a3c054431e595c91ec676ba52a75ae5338be56862725
Whitepaper discussing how to predict social security numbers from public data.
b225c75965030836cf78134fefc4cb12187a1e461eaa345cea84181660f9a113
Harald Scan is a Bluetooth discovery scanner. It determines Major and Minor device classes according to the Bluetooth SIG specification and attempts to resolve a device's MAC address to the largest known vendor/MAC address list. Written in Python.
474e9de8694c065b1963359bcb4898b3795f5e36b74e89132e404d51bdcd23ec
Debian Security Advisory 1828-1 - It was discovered that the ocsinventory-agent which is part of the ocsinventory suite, a hardware and software configuration indexing service, is prone to an insecure perl module search path. As the agent is started via cron and the current directory (/ in this case) is included in the default perl module path the agent scans every directory on the system for its perl modules. This enables an attacker to execute arbitrary code via a crafted ocsinventory-agent perl module placed on the system.
01ea95ee4e4ff0ba15deed33170e9f12d9edf5d90549f107b4a205e0cd2a1e84
Electronic File Management version 1.5.01 suffers from a remote file inclusion vulnerability.
37f973b2a798cdf692fd6d81f65e4154166f272db1ca2b3c7e39b4cd67b10073
SEC Consult Security Advisory 20090707-0 - Multiple memory corruption vulnerabilities have been identified in multimedia codecs used by the RealPlayer and MMS viewer on Nokia's Symbian/S60 based smartphones. An attacker could leverage these bugs to gain control of the program counter register and execute arbitrary code on a target smartphone. The bugs can be triggered directly inside the MMS viewer of the target, by sending an MMS with an embedded video file.
aeaa346858f3d297167128f3741765a3b8de649f8ac8e79ef104a8614c5c1bc6
Whitepaper called Decompilation Injection that presents a novel way to protect .NET assemblies against reverse-engineering and recompilation. By injecting them with commands that are activated only at the recompilation stage, the application retroactively detects the reverse-engineering process and acts upon it.
12d4589bb5f91670a964a1629a6f36f1f95790998b11e8db506c7185b197fe57
The Indian portal at www.clubmahindra.com suffers from a remote SQL injection vulnerability. This has been posted after the author has exhausted efforts attempting to get the site to fix the issue.
a334f088bae7a989087daf5d7f0593c4a3d8743653e6a0d2f112bae7f1351e95
iPhones running OS 3 have a usability feature where Safari is launched immediately when joining a network. This allows rogue access points a known vector of attack.
f048f1ea52e449199ae2c08e3b737c937896e873aa379fa8eee444f3b52c3198
The Security Byte and OWASP AppSec Asia conference call for papers has been announced. It will be held November 17th through the 20th, 2009 in New Delhi.
17f76a326bcdb64098fbc50142c360dcb935456b4cbb41e26afa13952a419f7d
Yet Another Cisco Type 7 Password Decryptor. Written in Python.
6e15cec2ceb247c92bc01c89985a0442897a6a41ad2b520fcece53e31ae6aaf6
Secunia Security Advisory - A vulnerability with an unknown impact has been reported in Socks Server 5.
9ddb98d7b4466fda06c08fa278d8e26160bdf5c7a9fef523ac5f233a59976c00
Secunia Security Advisory - A vulnerability has been reported in Almnzm, which can be exploited by malicious users to conduct SQL injection attacks.
873b560aefd813f4f07b4fbf481ad35db4b9fa4daadef4c3e18dcadbe6aaab31
Secunia Security Advisory - Ubuntu has issued an update for tiff. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.
a5651a2ba79327c5e965b3ddfbdfd31445bbadb7f8d3974466e4d0ac22b4f28b
Secunia Security Advisory - Ubuntu has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).
81c0e658e9ce8f1e3c77730cee52be4d1fc8d0d3da8cdf3dfae1234d7c2a70b5
Secunia Security Advisory - A vulnerability has been reported in IO::Socket::SSL, which can be exploited by malicious people to bypass certain security restrictions.
d320039fcd42ed8120c95012810077a4627cded7747b885ad1a02f35cd8d0a6f
Secunia Security Advisory - Some vulnerabilities have been reported in KerviNet Forum, which can be exploited by malicious people to conduct SQL injection attacks.
8bcaed39804bcaf35816d5c39261cd5b5f3508e6ba4f92f89783032ae14511d1
Secunia Security Advisory - Some vulnerabilities have been reported in multiple Hitachi products, which can be exploited by malicious people to potentially compromise a vulnerable system.
36052afd39a394e5891918c129064a67c5da6dba19f36d06837a90d4e64e6ef7
Secunia Security Advisory - A vulnerability has been reported in FCKeditor, which can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system.
31d823dd6d295dc1ca15402275a5a0108aef08e4312d0c2a0db39b77caa4091f