Secunia Research has discovered a vulnerability in Serv-U, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused by a boundary error in a function when processing a hexadecimal representation of a string using a TEA decoding algorithm. This can be exploited to cause a stack-based buffer overflow by passing an overly long string. Successful exploitation may allow execution of arbitrary code. Version 9.0.0.5 is affected.
91578cec99ab6bd596015abc46151a4524003351c0b7b52ba97ff0920567f0c5
HP Security Bulletin - A potential vulnerability has been identified with the Cisco Catalyst Blade Switch 3020/3021. The vulnerability could be exploited remotely to create a Denial of Service (DoS).
ea08f093537b584373ba4ecea842587a49b52eed50b47dd316839ec3ef17823e
This paper explains the TLS / SSLv3 vulnerability for a broader audience and summarizes the information that is currently available.
e3e2ec70ee2040efbdbd9bc976ec570be8d2ff285c3860f57e0e4a9dff455e2f
SUSE Security Announcement - The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate already sent data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's mod_ssl was vulnerable to this kind of attack because it uses openssl. It is believed that this vulnerability is actively exploited in the wild to get access to HTTPS protected web-sites. Please note that renegotiation will be disabled for any application using openssl by this update and may cause problems in some cases. Additionally this attack is not limited to HTTP.
64dd6d04fc2d6d8902730cdd4ebe8561bc511ab3d3891aabc2ba909b1c8b1636
Paper on poisoning a torrent's peer swarm with large numbers of fake peers, including proof of concept code. Works on most trackers. Could possibly be adapted to perform a reflected denial of service (DRDoS) on a target.
9ef8fa4913dfc7ea605f7ff92cc9b58d17bb8847b4e976ba538c2d898c68c01e
Gentoo Linux Security Advisory 200911-2 - Multiple vulnerabilities in the Sun JDK and JRE allow for several attacks, including the remote execution of arbitrary code. Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Versions less than 1.6.0.17 are affected.
6c09d770120fdd5f0fd5936497c4e389e3872a0dc13ec5c2b2565221dc0a2be7
Core Security Technologies Advisory - HP Openview Network Node Manager is one of the most widely-deployed network monitoring and management platforms used throughout enterprise organizations today. The platform includes many server and client-side core components with a long list of previously disclosed security bugs. In this case, a remotely exploitable vulnerability was found in the database server core component used by NNM. Exploitation of the bug does not require authentication and will lead to a remotely triggered denial of service of the internal database service. HP Openview NNM version 7.53 is affected.
7d534a7b0dbe0cbc5abd0d58b4d34abfed0c6b32115eace7c6021c6659df10e8
Debian Linux Security Advisory 1936-1 - Several vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation.
66708303038192047a61eddb05e535eccc4f5020eceeb60349b6a70ac5c0494e
Kaspersky Anti-Virus 2010 version 9.0.0.463 suffers from a denial of service vulnerability.
7ae0cfcd643b35679b0935fa72b27c7089e68d07020a0c1a2084c395b59bc687
HP Security Bulletin - A potential security vulnerability has been identified with HP Discovery & Dependency Mapping Inventory (DDMI) running on Windows. The vulnerability could be exploited remotely by an authorized user to execute arbitrary code.
b855638e504c36224e12fe96f7f3ef6f6bdcb6ad6ab169f40486ddc6af19bfd9
Secunia Research has discovered a vulnerability in Gimp, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an integer overflow error within the "read_channel_data()" function in plug-ins/file-psd/psd-load.c. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PSD file. Version 2.6.7 is affected.
d7ed67ca8048162c65807572876c20725ffeeafb25e10c4e521996f9876bd56c
Home FTP Server version 1.10.1.139 suffers from a remote directory traversal vulnerability.
3e2aebb0adee075436258fb142539b20bef583fe7ffa202bd139a3339fc90e1b
Novell eDirectory version 8.8 SP5 HTTPSTK login stack overflow proof of concept exploit.
aaff44cb7e0507ba901a88e6833da6ac7746837d03811e3d7515b64aa4b00925
Adobe's AcroPDF.dll Active-X controller version 7.0.5 suffers from a denial of service vulnerability. Proof of concept code included.
e2f760594e35ad2f78542900bf23c1fe3c24c3c59698335541a9bd9414797cab
Mandriva Linux Security Advisory 2009-158 - Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow. This update corrects the issue. pango for CS3 broke applications like MandrivaUpdate, mcc and so on. This update corrects this problem.
376767689a770b410a1a4463080312327ed9d33c1b032b67fcb9b94eaadc2488
Joomla Extion iF Portfolio Nexus suffers from a remote SQL injection vulnerability.
2544bbaeedb2fa932acf7f721f6fd221aa50b8b6985ff009361c8774703446f9
The Joomla / Mambo Ezine component version 2.1 suffers from a remote file inclusion vulnerability.
64e128e7842dcece7bfeb3a3c1c62129f99a25bd02e4949442ecae7ddec3654e
71 bytes small ip6tables -F polymorphic shellcode for Linux x86.
ec9b712caa705ccbd87234f9ebb1e5ae3ffc0307009e35dc3f6d1501f301801f
47 bytes small ip6tables -F shellcode for Linux x86.
3840566c05ffaa2ffc2617d924372f2f816bb87c9d53ca6c2a2c26bd0c98ee67
Home FTP Server suffers from a remote denial of service vulnerability.
66a1b9607f465cc97dd2702d08b04d74f0289162cc31c8f3e78630982ad4b1c7
Call For Papers for Troopers 2010 - The conference will be held in Heidelberg, Germany from March 10th through the 11th, 2010.
be8c5e5f52ad4de4728b84de59c6accecba9377c46e7a506ac066710d384bfc9
Alteon OS BBI versions 21.0.8.3 and below suffer from cross site scripting and cross site request forgery vulnerabilities.
1b51194ddfb04e33e624402eb4d2735d44b283fa92494f8c50b04ddc871b6c91
Linux kernel pipe.c proof of concept local privilege escalation exploit.
5a47903584a2c97af605391e2cc36aa5943b60bfcc2f6b301ab746c32cc5867f
Call For Papers for the Second International Alternative Workshop on Aggressive Computing and Security. It will take place from May 12th through the 14th, 2010 in Paris, France.
0cb078c4a9b363a11c8e6fb5167eef53437c243fe5d15968a3cb1ca679bdcafa
PHD Help Desk version 1.43 suffers from cross site scripting vulnerabilities.
9e31d678e762edb548c87400979bdc81a4269333d3425fb379c8406bf176fc71