Asterisk Project Security Advisory - A missing ACL check for handling SIP INVITEs allows a device to make calls on networks intended to be prohibited as defined by the "deny" and "permit" lines in sip.conf. The ACL check for handling SIP registrations was not affected.
a028170ecb278eb6b1813a2f959521f86bee010953bfc98dd29af7dda75eda1c
Debian Linux Security Advisory 1920-1 - A denial of service vulnerability has been found in nginx, a small and efficient web server.
a58d06e16a9d3a6b827169a516aff66f2157145f16fcf840430a9cbddc18b800
SquidGuard versions 1.3 and 1.4 suffer from multiple buffer overflow vulnerabilities that can lead to filtering policy bypass and denial of service.
94086b40a1ab7017bb9bc377bf84cfff6fd6d58ed0253373907a92dca67adc7d
SharePoint Team Services suffers from a remote source code disclosure vulnerability in its download facility.
4e7055eb3038cde6c4ec6d7dddd8f7a0b00a1c88f6274975ea98f42e56ba948e
xp-AntiSpy versions 3.9.7-4 and below local buffer overflow exploit that creates a malicious .xpas file.
fb7c0d38c62756cc07427f4f9cc68a113bb21c52a93dcd03c74d4ea5f5190bc2
Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.
32e9e06c425bc37a382439688f3aa52f6edd0bffe5039116acef4bc00ae5811e
keychain is a utility that helps manage ssh keys in a convenient and secure manner. It acts as a frontend to ssh-agent, but allows the user to easily have one long running ssh-agent process per system, rather than the norm of one ssh-agent per login session. It also makes it easy for remote cron jobs to securely hook-in to a long running ssh-agent process, allowing your scripts to take advantage of key-based logins.
7784773ca4eaed559c0ad7be1d9a0b7c3d96bad1be03696a3dffa90458737a22
Oracle Database versions 9G and 10G are susceptible to a PL/SQL injection vulnerability in the ctxsys.drvxtabc.create_tables procedure.
84daa237dd1a6738c1129e914291f5c78d13ae5fea34ce0cf4c5505af298c54a
The Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
d218ae46a81a248e35dee10baea3e087404f8327ea92a0b2aee6adf48cad3ca6
This pdf has the Anti-virus PWN2RM Challenge results. An amusing read discussing how to disable McAfee, Norton, and various other AV software.
232bf4211083bfc95c523a4af38a1e65423009125b74c66afdafd26c6bd3968a
Cherokee web server version 0.5.4 remote denial of service exploit.
bc5ae7c21bcb8c03242d5ca9efe893b038532ab37ece8f6120f1d93318696b2b
Netreconn is a collection of network scan/recon tools that are relatively small compared to their larger cousins. These include nstrobe, ipdump, and ndecode.
ee882726312658fdb64084f3d9a51c98927c49b5b5f040c16b122a0cbe79e6eb
Gentoo Linux Security Advisory 200910-3 - Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code, or other attacks. Multiple vulnerabilities were discovered in Adobe Reader. Versions less than 9.2 are affected.
cf303bc61426589808c198dba2d9c4e5dc717575857163c0c64d5200873a727a
59 bytes small Linux/i686 pacman -R <package> shellcode.
9fdcaebcc059d12655b9ae6ddaf35b30a0d628ce708478877b288fa9989270a8
Jetty versions 6.x and 7.x suffer from cross site scripting, injection, and information disclosure vulnerabilities.
5f6bdd64a6596d46cbd0a5ae2448106b4656a8543eb8f07317ef5d4b92ae82d9
Debian Linux Security Advisory 1919-1 - Several remote vulnerabilities have been discovered in Smarty, a PHP templating engine.
e81d5c75010f479d4b00e96bf9841a9e460fd58089ab86927076c5b5f3212808
Debian Linux Security Advisory 1918-1 - Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web.
4d4adb4605ffe4527fd5c970fde5a8eb921aa1aa3a8d0bb58a365697b47926cd
RunCMS version 2M1 store() remote SQL injection exploit.
5ec198e21d6cd21d61f5fdc3c6a5ee8d87713cb7314e10d3097198cadcd066a8
TFTgallery version 0.13 is susceptible to a cross site scripting vulnerability.
63c864ab65c6626cd22619a37272b2397a4e4a8dfda92c12502c770de28ed5ca
RunCMS version 2M1 /modules/forum/post.php semi-blind remote SQL injection exploit.
b2726e7da364c32aec8f8908559cc2dcf26bc16728ad3c42b92e056f14f27478
Novell eDirectory version 8.8 SP5 for Windows proof of concept buffer overflow exploit.
ba9b1bdb9f350ebe348f99b9a102fd4c9f4d556dfbe999f07b23a3755a9a0738
Debian Linux Security Advisory 1917-1 - Several vulnerabilities have been discovered in mimetex, a lightweight alternative to MathML.
f4eec4bd418d00f6295ba89cc77c83571f52da70023e4e2e892335b60cb58dc1
Debian Linux Security Advisory 1916-1 - Dan Kaminsky and Moxie Marlinspike discovered that kdelibs, core libraries from the official KDE release, does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
88d9ef536fbb093198ad22faeeb4c73bad0b94a4bafd1f42e43a6c1f079e8091
Debian Linux Security Advisory 1912-2 - Due to the fact that advi, an active DVI previewer and presenter, statically links against camlimages it was necessary to rebuilt it in order to incorporate the latest security fixes for camlimages, which could lead to integer overflows via specially crafted TIFF files (CVE-2009-3296) or GIFF and JPEG images (CVE-2009-2660).
ba7b34b0bb05be6dd15df8083c54a4d732ff7cd274c08c9d1f9b0cbd29a04c52
Mandriva Linux Security Advisory 2009-288 - The mod_tls module in proftpd < 1.3.2b is vulnerable to a similar security issue as CVE-2009-2408. This update fixes these vulnerability.
0e8d72525416ecf43373f296880c86846c238d5af213c156135bba25e17696f4