Zero Day Initiative Advisory 09-056 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists in the OWC10.Spreadsheet.10 ActiveX control installed by Microsoft Office. By accessing specific methods in a certain order heap corruption occurs leading to remote code execution. If exploited, complete control of the affected system can be achieved under the rights of the currently logged in user.
e92fccf22af688163d767248670bb42419de15c7fcab666839cd9f33be715a3f
Easy Music Player version 1.0.0.2 universal local buffer overflow exploit that creates a malicious wav file.
b32540a997bd55516376e13e27b2fe53406ff1c4c3fc97cea656a64e32fbca61
Easy Music Player version 1.0.0.2 universal local buffer overflow exploit that creates a malicious wav file.
b40b3541032328b2a569a4af39927811e7ce2bc01d7bff45ecfc6f4834da3719
Microsoft Windows 2003 EOT file BSOD crash exploit.
514c42533cf5970170afb6c5ce199f2f1f171f1e7825a7d778f2d2819af3fc7d
Zero Day Initiative Advisory 09-057 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft's Remote Desktop Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within mstscax.dll when parsing packets from an RDP server. A design flaw in the client allows a malicious RDP server to write to arbitrary memory inside the connecting processes memory space. By hosting a malicious RDP server, an attacker can execute arbitrary code on any client that attempts to connect to it. Privileges gained depend on which user is running the client.
ea19b712b96a7f21f8e3c4697f846c1191bccad1db97ef99978a72212d85bfda
Zero Day Initiative Advisory 09-055 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when loading and unloading the vulnerable control (0002E543-0000-0000-C000-000000000046) and results in transfer of control to unallocated memory. This issue can be exploited to execute arbitrary code under the context of the currently logged in user user.
c672c40273674168a900ee8b128c1fd852f58d21791047755a699339c155912f
Zero Day Initiative Advisory 09-054 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the processing of malicious parameters to the routine msDataSourceObject() and results in transfer of control to unallocated memory. This issue can be exploited to execute arbitrary code under the context of the currently logged in user.
6f40fa8d7176ee796ea4df869b27744542a68bea5a6da7913295f6a0d2f6dcea
Zero Day Initiative Advisory 09-053 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WINS.exe process which provides name resolution services for NetBIOS networks. While parsing a push request the WINS service copies packet data to a static heap buffer while within a controlled loop. By providing a specially crafted request an attacker can overflow this heap buffer leading to arbitrary code execution under the SYSTEM context.
2e68161a299337b26b5fcfeb6f94d50d1c6f0669f38457bcd4c04277d37c5cf5
Technical Cyber Security Alert TA09-223A - Microsoft has released updates to address vulnerabilities in Microsoft Windows, Windows Server, Office Web Components and Remote Desktop Connection for Mac.
12aaf66e60d9ddd7cee826233bce282a3902f69343e419758ab5b2ff1b881fc0
Ubuntu Security Notice USN-815-1 - It was discovered that libxml2 did not correctly handle root XML document element DTD definitions. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. It was discovered that libxml2 did not correctly parse Notation and Enumeration attribute types. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. It was discovered that libxml2 did not correctly handle long entity names. If a user were tricked into processing a specially crafted XML document, a remote attacker could execute arbitrary code with user privileges or cause the application linked against libxml2 to crash, leading to a denial of service.
ada06af85bd2937d29ebaacad566ced0f560d6260b3ec68450b71b0c4ab7aac0
This script provides an all-in-one easy installation of Snort in a box in bridge mode with a complex configuration.
527e35e81c79071a3170ba4bc5d9b499b0471717e931e65c8d776e9950ba2744
Elicio Idea Manager Software suffers from a remote SQL injection vulnerability.
b1cde55e6ac916f4660153a402f1670a33c454f4622c6bd0f5a4edced807b025
The OCS Inventory NG Server version 1.2.1 suffers from a remote SQL injection vulnerability.
7f7b3f552864176202fce85cdbbbb082d53aa44191cb7702fd8f03f3c564ad03
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Valid user credentials are required to exploit this vulnerability. The specific flaw exists in the Workstation RPC Service. When handling the arguments for the NetrGetJoinInformation function, memory is improperly freed and can lead to remote code execution. Successful exploitation can lead to a remote system compromise under SYSTEM credentials.
5393183c36ea88d2139644a6de4145537f2757f69041687b605c096b7e348484
Asterisk Project Security Advisory - On certain implementations of libc, the scanf family of functions uses an unbounded amount of stack memory to repeatedly allocate string buffers prior to conversion to the target type. Coupled with Asterisk's allocation of thread stack sizes that are smaller than the default, an attacker may exhaust stack memory in the SIP stack network thread by presenting excessively long numeric strings in various fields.
b1dc46b65ba0899d179d5df802c216ac411cd9b7c37c701cd854541313c4d1e2
HP Security Bulletin - A potential security vulnerability have been identified with HP-UX programs using the ttrace(2) system call. The vulnerability could be exploited locally to create a Denial of Service (DoS).
56785d56968f7dbe900fa5995cce5636bbf13fa9e900d38589b999ad13fe222f
48 bytes small /bin/sh polymorphic shellcode for Linux/x86.
1dcd3596a16e9e685f114d0880a46aac2878699f4546df0cae7e3adea919c423
61 bytes small killall5 polymorphic shellcode for Linux/x86.
af2c1334a03c4ca897aa504dbdff10da3c95a320eded32e64ae6b63401b6ed71
Embedthis Appweb remote stack buffer overflow proof of concept exploit.
51a292dc00016f0c7562cc29590b5051749c2170a4b6e61f9648b6687d2f2194
Ubuntu Security Notice USN-814-1 - A substantial amount of vulnerabilities in openjdk-6 have been addressed and fixed. These issues range from denial of service to code execution vulnerabilities.
8d697a9751f57fbe8413cde8fc1c7dc6b4cc1de4d608811d3f65cf6b190ea1d8
The Joomla IDOBlog component version 1.1b30 suffers from a remote SQL injection vulnerability.
ddddb686ef477a901ca4af9a77d0a108557463c0367b3af08a62aa2e4d3013ea
Secunia Security Advisory - A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to conduct spoofing attacks.
b610961bdc83120e8a331d6e5bafc52feaa38c394d012d1151828f4c1289c0b7
Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft Windows and Microsoft Remote Desktop Connection Client for Mac, which can be exploited by malicious people to compromise a user's system.
30013980977566f17260f32ba9df386dd0888c76f32d935f1cae3a7f8ff0afbd
Secunia Security Advisory - Multiple vulnerabilities have been reported in various Windows components, which can be exploited by malicious people to bypass security features or compromise a user's system.
d3de1ebc4d618202b3bef8f0b385c564afeeb7719daa3e19889879ae0b72483c
Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
b8dfda450dcfc69f66c73d901cbba13b096783a71bcfc0a4bef7854259845703