Core Security Technologies Advisory - A remote arbitrary-code-execution vulnerability has been found in Libpurple (used by Pidgin and Adium instant messaging clients, among others), which can be triggered by a remote attacker by sending a specially crafted MSNSLP packet with invalid data to the client through the MSN server. No victim interaction is required, and the attacker is not required to be in the victim's buddy list (under default configuration). Libpurple versions 2.5.8 and below are affected.
f363baeb98fdd656675988b12ada553e50c4b259ca0340eeb44952b1b17ac21d
Linux 2.x kernel sock_sendpage() local root exploit. Written to exploit kernels on Android released prior to August of 2009.
fd16f6a447a65587cb5e3d1d2098b300f6f3adc7d0b25f1f47293e1ea78c3458
VUPlayer versions 2.49 and below universal buffer overflow exploit that creates a malicious .m3u file.
bef2420aac1e9154823240a8f0bcb8f9b4de077b3a53b8f5c08ff991132fd9fa
CA's technical support is alerting customers to a security risk with CA Internet Security Suite. A vulnerability exists that can allow a local attacker to cause a denial of service. CA has issued updates to address the vulnerability.
9c3d68ac3dad0276ab9339d015dc14dc652b5e16394e015cb1e8cb17467ad31f
CA's technical support is alerting customers to a security risk with CA Host-Based Intrusion Prevention System. A vulnerability exists that can allow a remote attacker to cause a denial of service. CA has issued a patch to address the vulnerability.
f455554c212e25843047986dea31c1900e3efee354d31a7324a20d7fd58aa3a3
Gentoo Linux Security Advisory GLSA 200908-10 - An integer overflow in the PNG handling of Dillo might result in the remote execution of arbitrary code. Tilei Wang reported an integer overflow in the Png_datainfo_callback() function, possibly leading to a heap-based buffer overflow. Versions less than 2.1.1 are affected.
9713950b61dbbb2436c43e54b7f1ebf3a2ceadaae7fb79b2a1c3f0bac7036199
Gentoo Linux Security Advisory GLSA 200908-09 - An input sanitation error in DokuWiki might lead to the disclosure of local files or even the remote execution of arbitrary code. girex reported that data from the config_cascade parameter in inc/init.php is not properly sanitized before being used. Versions less than 2009-02-14b are affected.
8b96fac7efc0ee3126be3a0d99cc84c023ee7cf9d25eef4eb7555cc0b3410e35
asaher pro 1.0.4 suffers from a remote database backup vulnerability.
c3f45037cc7a8b63cacb8bd80b8757c023e06c4c84c240d2e06f629151a80dd0
Traidnt UP version 2.0 remote SQL injection exploit.
5cef782cd3c9c76717d4a315d8615c1a65134e4adc974b57653b528faaf6e7d8
secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.
d3789ad9fb98fe1800b2b66250851c6a83e32b00fc350b9daab757600f0da2e8
Gentoo Linux Security Advisory GLSA 200908-08 - dhcpd as included in the ISC DHCP implementation does not properly handle special conditions, leading to a Denial of Service. Christoph Biedl discovered that dhcpd does not properly handle certain DHCP requests when configured both using dhcp-client-identifier and hardware ethernet. Versions less than 3.1.2_p1 are affected.
ff0d14334baad78d4797effa091995831fdfeb854f674eb3f33ffb6e0fcab7f5
Gentoo Linux Security Advisory GLSA 200908-07 - An off-by-one error in Compress::Raw::Zlib and Compress::Raw::Bzip2 might lead to a Denial of Service. Leo Bergolth reported an off-by-one error in the inflate() function in Zlib.xs of Compress::Raw::Zlib, possibly leading to a heap-based buffer overflow (CVE-2009-1391). Versions less than 2.020 are affected.
4a49f705f825d516631a540be3743e3d68ae6a34883fbf64195eb093757ccf16
broid version 1.0 Beta 3a local stack overflow proof of concept exploit that creates a malicious .mp3 file.
594ea519883c8b105ed6bb46b9116602d439c01df883b1c2f5e269db245e38ef
HTML Email Creator and Sender version 2.3 suffers from a local buffer overflow vulnerability.
b676c38626b33981c213d7fdb520a9bde1d6b336c2645301ab64da167a43d1d4
Linux kernel versions prior to 2.6.30.5 cfg80211 remote denial of service exploit.
45970a756cf7a9942c7a2e7c7b0dc26134f658d3ccb8fb4c7b15f7dd91b61591
Gentoo Linux Security Advisory GLSA 200908-06 - Multiple heap-based buffer overflows in CDF might result in the execution of arbitrary code. Leon Juranic reported multiple heap-based buffer overflows for instance in the ReadAEDRList64(), SearchForRecord_r_64(), LastRecord64(), and CDFsel64() functions. Versions less than 3.3.0 are affected.
1bd5bd3dad245c313d20fc41d27f1e98d2a4c5dfa825c03f9bd1d513d3f29940
Gentoo Linux Security Advisory GLSA 200908-05 - Multiple integer overflows, leading to heap-based buffer overflows in the Subversion client and server might allow remote attackers to execute arbitrary code. Matt Lewis of Google reported multiple integer overflows in the libsvn_delta library, possibly leading to heap-based buffer overflows. Versions less than 1.6.4 are affected.
d43f69725d63bd8f7091d436ccc1cfea30581f616138c0d0af38760567e35a80
PHP Email Manager suffers from a remote SQL injection vulnerability in remove.php.
7b980331fd191ef070e4bc3d1164d223ae22f053a7b172a010c5004ea6a984b7
Videos Broadcast Yourself version 2 suffers from a remote SQL injection vulnerability.
680c65e3517904afb569b5d47a0cf2465eff6c7f72473e0e6efe5043520e8564
Arcadem Pro version 2.8 remote blind SQL injection exploit.
661392f8771ed718c34e9aa9960688d82c8f125addfb21a791381298cb5d8ca0
Dreampics Builder suffers from a remote SQL injection vulnerability.
d1ee48421d66c67f358b7b8ae00c453205d2c540ba051e49d86ed0744ad4c382
SPIP CMS versions prior to 2.0.9 copy all passwords to XML file exploit.
58282d3eb767390b7e7216751ce34103095607b10e5834c7a894e4562c1c7059
Ultimate Fade-in Slideshow version 1.51 suffers from a shell upload vulnerability.
5c7a7c01d54c43fcfad20f1330f47ad8fbbd28c1d78960d60938b2f650b952dc
ntop versions 3.3.10 and below suffer from a basic authentication null pointer denial of service vulnerability.
aad3f03488f5dcebf8a3f95a8a2dd8fd1ea219bc8c5bf2382388fed6da94eb39
Xenorate Media Player version 2.6.0.0 universal local buffer overflow exploit that creates a malicious .xpl file.
d75780a68b577482e7b62604eef55eb1dc7da13f2e3cfbbac8223080d7390562