Zero Day Initiative Advisory 10-023 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of both IBM Informix Dynamic Server and EMC Legato Networker. User interaction is not required to exploit this vulnerability. The specific flaw exists within the RPC protocol parsing library, librpc.dll, utilized by the ISM Portmapper service (portmap.exe) bound by default to TCP port 36890. During authentication, a lack of a proper signedness check on a supplied parameter size can result in exploitable stack based buffer overflow leading to arbitrary code execution under the context of the SYSTEM user.
aaeb74e2cc0ffffef2fdd611f181810d3fb06be0fc048c991c3f9b087c281335
Zero Day Initiative Advisory 10-022 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of both IBM Informix Dynamic Server and EMC Legato Networker. User interaction is not required to exploit this vulnerability. The specific flaws exist within the RPC protocol parsing library, librpc.dll, utilized by the ISM Portmapper service (portmap.exe) bound by default to TCP port 36890. During authentication, a lack of proper sanity checking on supplied parameter sizes can result in exploitable stack and heap based buffer overflows leading to arbitrary code execution under the context of the SYSTEM user.
b2cfcca980df20db137f44def916924293a9a434ac09aa8b97906454ed28d72f
Mandriva Linux Security Advisory 2010-052 - sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. The updated packages have been patched to correct this issue.
76f1e9f408dc7026f1f3164f9ef04641a98c14ea1373b28efa65c1dd1fbaee09
CMS By MyWorks suffers from cross site scripting and remote SQL injection vulnerabilities.
5291bb167a3c4e36f5af3d5acc642b8d6f094baf3bbe4840f796a532f0841763
Whitepaper called A Practical Attack to De-Anonymize Social Network Users.
ed65dbead7899691dfc803c32908728c915afb3169557d59b69ac0326eea62aa
Call For Papers for EC2ND - The sixth European Conference on Computer Network Defense (EC2ND) will be held at the Faculty of Electrical Engineering and Computer Science at Berlin Institute of Technology (TU Berlin). The conference brings together researchers from academia and industry within Europe and beyond to present and discuss current topics in applied network and systems security. It will occur from October 28th through the 29th, 2010 in Berlin, Germany.
fd08e991fc545b364b65fbd1dbf21a97cba4c85b5399c755e386b3c4b7320b30
phpTroubleTicket version 2.0 suffers from a remote SQL injection vulnerability.
efcad9c42ba5dd1fe85a3dd2dba9dc270990693c1bf2e967c1099f41e247f832
CONFidence 2010 Call For Papers - This conference will take place from May 25th through the 26th, 2010 in Krakow, Poland.
61d7c1b17fd9b01b4fe569ec96e4fc380d72950c6d180da8a19ec52e67f97ead
RCA DCM425 Cable Modem micro_httpd denial of service proof of concept exploit.
0582961a302988fec1604ff0860df406edb69f9ae526e316d6f8a57c0e38be35
Debian Linux Security Advisory 2005-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. Note that this advisory says DSA-2004-1 but it is actually DSA-2005-1.
4e91cfa025d3713c772ca08542d5fe2924c2840b742a5513213aa737787a70c7
37 bytes small Microsoft Windows XP Home Edition SP3 English calc.exe shellcode.
dfb12892aa925e3ef94e1c01ecd5d8aa7b240a7f187a308a907a9b6bcbd8973c
Internet Exploiter II version 3.0 DHTML memory corruption proof of concept exploit that bypasses DEP.
8d79ef782e79343218a4752b8edf2781a2dc684a0214bce8d86443e1e017905d
Debian Linux Security Advisory 2004-1 - Two local vulnerabilities have been discovered in samba, a SMB/CIFS file, print, and login server for Unix.
da19232c162776c736a03d1a16ac798f1539e38b97c6a1ae2359ab73c0156ab0
Oracle Siebel CRM version 7.x suffers from a cross site scripting vulnerability.
d9b8d785baaec4c817bb1fc5be6e354ef43d9a6c8da1f1bffdc2b704fbf65d0b
Easy FTP Server version 1.7.0.2 remote buffer overflow RET overwrite exploit.
35d27eb6cda7ed96990aebb92e2bf405de86118170a839bfb80142b000f807cf
iPhone / iTouch FTPDisc version 1.0 3 exploits-in-one buffer overflow denial of service exploit.
62779e7dd76b73933c43b13f505afa537707af0e057f00a738627738ffd11ead
This archive contains all of the 396 exploits added to Packet Storm in February, 2010.
beaa6e3c403f9909b6e8bf88d9a40459b90717b258a821f33e3fe6a594f075f9
Uiga Church Portal suffers from a remote SQL injection vulnerability.
a70ab20bd3b0e710e1c1d2297210025aa7018c0d2071391b152e900d46c8752a
Mandriva Linux Security Advisory 2010-051 - Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
9161b7c55f138a603afbdc8c394e09baa1144b47e34cf2fa7b04047346825ed1
Secunia Security Advisory - Maurycy Prodeus has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
01ef87c3cb97a500864823b3c6866d202122dbae32c0bf7ca68ea603fe5b5f2d
Secunia Security Advisory - Some vulnerabilities have been discovered in Uiga FanClub, which can be exploited by malicious people to conduct SQL injection and cross-site scripting attacks.
0efbadbd61a7cf200c038e27f4ec6d27d18b41ea8c300e7b2c61cd5a46bceb6d
Secunia Security Advisory - Multiple vulnerabilities have been reported in Pre Classified Listings ASP, which can be exploited by malicious people to conduct script insertion and SQL injection attacks.
189511825db34116df56d4a6263a846fbf047efb5ae178e06ea4428176359c61
Secunia Security Advisory - Debian has issued an update for linux-2.6.24. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), disclose potentially sensitive information, and gain escalated privileges, and by malicious people to cause a DoS.
1e89b7e0f3c3f5cc571c6ed3903d40e522a66a1ff289d2bc0b8982b82263abbf
Secunia Security Advisory - Some vulnerabilities have been reported in ScriptsFeed Business Directory Software, which can be exploited by malicious people to conduct SQL injection attacks.
477c87c3e1f862cc145b16a7e202b1ba03c1464d0696274cc03d7796aaccaca4
Secunia Security Advisory - Some vulnerabilities have been reported in ScriptsFeed Dating Software, which can be exploited by malicious people to conduct SQL injection attacks.
270c404e91628e7e7d96aaff7c127e8a26ee2f7dfc737fca07fad16565dc7ad8