Acoustica Audio Converter Pro version 1.1 suffers from a heap overflow vulnerability.
6fe70bf67f386ffa96a5ec9a9281efa39e74f8f126906dac4fb3b69467545067
Gentoo Linux Security Advisory 201009-8 - An untrusted search path vulnerability in python-updater might result in the execution of arbitrary code. Robert Buchholz of the Gentoo Security Team reported that python-updater includes the current working directory and subdirectories in the Python module search path (sys.path) before calling import. Versions less than 0.7-r1 are affected.
1ff60790d2f7405b802381d13a92f2fc74aef95178c0c3b99d23582bb56b7d64
Gentoo Linux Security Advisory 201009-7 - Multiple Denial of Services vulnerabilities were found in libxml2. Versions less than 2.7.3-r2 are affected.
bdab84a12192d58604b471ca794e6a7959ec1e5edaa94c5aed690fb93624ee16
WebSuite suffers from a remote SQL injection vulnerability.
c678b5364b351b1f8cdfde36a20d82701483f85ef55e6e38dd8d9f03e647d985
Atmail Webmail suffers from a cross site scripting vulnerability. Versions prior to 6.2.0 are affected.
cb6f90aa2c4b5814e7f1cc5ff1519d4fa832cced07f124d15e44fbe5111fb627
Tuenti.com suffers from an insecure direct object reference vulnerability allowing anyone to read arbitrary blog posts.
6f39659cdbc856ac25c93f23092ab2733e4e5ea90e0c2c8f02eb97c48177fd45
SnowFox Total Video Converter DLL hijacking exploit.
f305fbb47c1bafab15a61b7666cd2abaf37a056179305162482fb7708fd38355
CollabNet Subversion Edge versions 1.2 and below suffer from a cross site scripting vulnerability.
2b31fec8620d98b41749f84d2fdbd6e20459a5fbc5117ef577677d263e760e03
Softek Barcode Reader Toolkit version 7.1.4.14 Active-X related buffer overflow proof of concept exploit.
dceb54e1f32d6772544fa6532904219bd3241b6d0353f08dbdff2c9fb43cb1b2
wpQuiz version 2.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
85020cf3d0c88fd61910a8a4186652a6f78783e70b8465b29810d12f7e22b90b
ibPhotohost version 1.1.2 suffers from a remote SQL injection vulnerability.
466f6f08172c676eddfac173eaccc72cc7e5c63b2dc337e0a85aace6712ff9a5
Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers from a WOPT record parsing heap memory corruption vulnerability. Proof of concept included.
fe880ccab01d65f59e8f668c6229f63f7ddcc6fc21b3ff91caf035b6a6c9da43
Ubuntu Security Notice 990-2 - USN-860-1 introduced a partial workaround to Apache that disabled client initiated TLS renegotiation in order to mitigate CVE-2009-3555. USN-990-1 introduced the new RFC5746 renegotiation extension in openssl, and completely resolves the issue. After updating openssl, an Apache server will allow both patched and unpatched web browsers to connect, but unpatched browsers will not be able to renegotiate. This update introduces the new SSLInsecureRenegotiation directive for Apache that may be used to re-enable insecure renegotiations with unpatched web browsers. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it.
cccbd306122a0cbb598817a4a808664cd2a88b4fdb163db24e5ce00f2835f58f
Ubuntu Security Notice 990-1 - Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it.
a0b60b36d1de06cc835d2420585e797c041653ecf96ec460c5a7ce10e0651f75
Month Of Abysssec Undisclosed Bugs - Personal.Net Portal version 2.8.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
43e1c2be4560ce1395c64a1b0cd930f7ab6a8d07084b282a1f6f0c725830faf5
Month Of Abysssec Undisclosed Bugs - Personal.Net Portal version 2.8.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
1c4b687e3deccab54c8f2c63ef0051120b09fe4d1b00c5094edb52789eb215a2
This Metasploit module exploits a stack-based buffer overflow in Novell iPrint Client 5.42. When sending an overly long string to the 'call-back-url' parameter in an op-client-interface-version action of ienipp.ocx an attacker may be able to execute arbitrary code.
7cbaaf11994cc2aa297944de64087d82388e708d5b6a96ed7191080f1ca223d0
This Metasploit module exploits a stack-based buffer overflow in Novell iPrint Client 5.40. When sending an overly long string to the 'debug' parameter in ExecuteRequest() property of ienipp.ocx an attacker may be able to execute arbitrary code.
e50f64e1f69d2ac7f0d33800fc3dc1283cd8c9b8ee93f24befcc1d27e5d76691
Mandriva Linux Security Advisory 2010-186 - Cross-site scripting vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name. This upgrade provides phpmyadmin 3.3.7 which is not vulnerable for this security issue.
1ed48851199098893a0ac5c5e4283162106e4c007e1f0e5f31aa3f5f41b6e8d8
This Metasploit module exploits the RPC service impersonation vulnerability detailed in Microsoft Bulletin MS10-061. By making a specific DCE RPC request to the StartDocPrinter procedure, an attacker can impersonate the Printer Spooler service to create a file. The working directory at the time is %SystemRoot%\\\\system32. An attacker can specify any file name, including directory traversal or full paths. By sending WritePrinter requests, an attacker can fully control the content of the created file. In order to gain code execution, this module writes an EXE and then (ab)uses the impersonation vulnerability a second time to create a secondary RPC connection to the \\\\PIPE\\\\ATSVC named pipe. We then proceed to create a remote AT job using a blind NetrJobAdd RPC call.
04cbfe670279e81d3e5cc91c21f2c90426a352f556e914a6b712e856fe79bdf1
Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
472da02a75450868ed4b78ce2d0e8356699fd1f0e3dd2bfd28997b8a70cbd502
Secunia Security Advisory - A vulnerability has been reported in JP1/Remote Control Agent, which can be exploited by malicious people to bypass certain security restrictions.
0793f525bcfa7c2b33331977964c80603cccf02ae4831bd7f8b89ba53dc052bf
Secunia Security Advisory - A vulnerability has been reported in Alcatel-Lucent OmniTouch Contact Center Standard Edition, which can be exploited by malicious people to disclose sensitive information.
ae8519bc068c6624f76f4eb602d5bf933b8c949e51f3d8183c24c2b1e8f163f6
Secunia Security Advisory - A vulnerability has been reported in Alcatel-Lucent OmniTouch Contact Center Standard Edition, which can be exploited by malicious people to bypass certain security restrictions.
a3dbd319b746bb0f3f35b7dc60ddd7ff177f7b3b92fab0264d393a0e6e706cbd
Secunia Security Advisory - A vulnerability has been reported in Alcatel-Lucent OmniVista 4760, which can be exploited by malicious people to compromise a vulnerable system.
081b553ec2c3e82fb9da4a40bf10a871a623f9d017a9dfffa7e9d699cad22e99