Zero Day Initiative Advisory 10-193 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application explicitly trusting a string's length embedded within a particular file format. The application will duplicate an arbitrarily sized string into a statically sized buffer located on the stack. This can lead to code execution under the context of the application.
13b8e90f73d446785cc068baba1c949551ccec4ceb3454c549d4e3f198d8108e
Zero Day Initiative Advisory 10-192 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required in that a target must be coerced into opening a file or visiting a web page. The specific flaw exists within the ACE.dll module responsible for parsing ICC streams. Within the 'desc' tag there exists an embedded 'mluc' data structure. The code within ACE performs arithmetic on the second DWORD from the mluc structure and a value from the desc structure. The resulting integer is used for an allocation of a heap-based buffer. An attacker can forge these values to force the process to under-allocate this buffer and later overflow it during a copy operation. This leads to remote code execution under the context of the user running the application.
ecd9e32d6f577f1936ad4eb02c36581111f3a572888a3e928346a7aadfc57941
RSA Authentication Client 2.0.x, 3.0, and 3.5.x contain a potential vulnerability that could allow the unintended extraction, by a properly authenticated user, of secret (or symmetric) key objects stored on an RSA SecurID 800 Authenticator. This potential vulnerability is corrected in RSA Authentication Client 3.5.3.
41ebae2a8b510e2bd8181c50df475c394e772dc9ce8fcb156ecb559222b1e530
Core Security Technologies Advisory - Adobe Acrobat Reader is prone to a use-after-free vulnerability due to an invalid usage of a released memory chunk. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Adobe Acrobat Reader to open a specially crafted file and click on PAGES thumbnails.
b904c5a6e5a8de97f43c56644b6a9ba52dae475e7eef0a3f2c048059d81b1e24
The Joomla Bsadv component suffers from local file inclusion and directory traversal vulnerabilities.
f0a91161d93e71c8fa6368ed314fcfb84a017a4068d9a91b9ed954709e8bc003
Zero Day Initiative Advisory 10-191 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required in that a target must be coerced into opening a file or visiting a web page. The specific flaw exists within the ACE.dll module responsible for parsing ICC streams. When processing an ICC stream, the process performs math on two DWORD values from the input file. If these values wrap over the maximum integer value of 0xFFFFFFFF a mis-allocation can occur. Later, the process uses one of the original DWORD values as a size to a copy function. This can be abused by an attacker to overflow a stack buffer and subsequently execute code under the context of the user running the process.
9d1255f5b4ecf288e999e01be413aba17e903c8feb3faf1f8611a6a3b99010d1
Digital Whisper Electronic Magazine issue 13. Written in Hebrew.
b7cc976897c1fbff9b7b4eabf0431487e8385d72fbd8b357810641e70cf6b600
Ubuntu Security Notice 1001-1 - The cluster logical volume manager daemon (clvmd) in LVM2 did not correctly validate credentials. A local user could use this flaw to manipulate logical volumes without root privileges and cause a denial of service in the cluster.
60ef4b53af760eed408ee330b96dade5bab28e4714a5817c765994cdd52f9f75
Joomla Club Manager component remote SQL injection exploit.
f920eb2aa7f437b6fceafa52dd148d54bb4e425ad3d9623492a31e72b84f146b
Technical Cyber Security Alert 2010-279A - Adobe has released Security Bulletin APSB10-21, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.
247cff6275d923983e783ca6fe3f07cc6d56411f2a628fb9373e429c1bd4c9dd
HP Data Protector Media Operations NULL pointer dereference remote denial of service exploit.
841e28c2f3b05995e7611afe106f1457a4f4820f5d1fcb49ee4289049980fd6b
Mandriva Linux Security Advisory 2010-197 - An authenticated database user can manipulate modules and tied variables in some external procedural languages to execute code with enhanced privileges.
60b055a722cc4bc0545e71200d94b800b38708d3e38b1a277486b92cc61f22cb
This Metasploit module exploits a stack buffer overflow flaw in the Microsoft IIS FTP service. The flaw is triggered when a special NLST argument is passed while the session has changed into a long directory path. For this exploit to work, the FTP server must be configured to allow write access to the file system (either anonymously or in conjunction with a real account).
03dd84b1fa133f23eef6c093613e5dc4647bab107afd312e34d65559564a1da3
HP Data Protector Manager version 6.11 NULL pointer dereference remote denial of service exploit.
0656224a4a7971dfd8da2db9267e240a02ea3b0541ef905aeba6d75aea755ad4
TomatoCart version 1.0.1 suffers from a cross site scripting vulnerability.
34e741bd38e2824dc1af50ab1654419bc4ca5aa287742999e631921b7a7d5738
nSense Vulnerability Research Security Advisory - Adobe Acrobat and Reader are prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Adobe Reader and Acrobat versions prior to and including 9.3.4 and 8.2.4 are affected.
be0006662c3db8dd0bb9877ae4a9ce05a5bb18b964135f696d2609daf428de1a
Feindura File Manager version 1.0 suffers from a shell upload vulnerability.
6446bc8ad6e73c6bfd3c9f9125f2753375617e5288fc644f3afcd7035b75102d
AlZip version 7.4 DLL hijacking exploit that leverages ieframe.dll.
f11b489fd05b6163a033a2db6af09cd74af7a298a3fb3ea07b6c7388c2ef88f4
My Vacation Tracker DLL hijacking exploit that leverages svctaglib.dll.
cd774d81a162c4cea916cc060cb86ae6085a8d39ec07877a1a1b1fffd390ff44
Dupehunter Professional DLL hijacking exploit that leverages fwpuclnt.dll.
fc0c631f01578170965c5664090a0d3a1ec4cae4dce83ea001062041ff69bd44
Secunia Security Advisory - A vulnerability has been discovered in Foxit Reader, which can be exploited by malicious people to compromise a user's system.
cc29aea1d3242e9f3595ca0a7e0db62a9d699ac7d7310219235820fcb79fe512
Secunia Security Advisory - A security issue has been reported in BrailleNote Apex devices, which can be exploited by malicious people to compromise a user's system.
8d71ac82ad1394c632da1fe6e2c2a9acee28e738eecd8267df2979433d2dbc5d
Secunia Security Advisory - A vulnerability has been discovered in Foxit Phantom, which can be exploited by malicious people to compromise a user's system.
42d067b215d5970b002bac07c6989392dc42731343704879bdde5b439a725526
Secunia Security Advisory - Some vulnerabilities have been reported in TYPO3, which can be exploited by malicious users to conduct script insertion attacks, disclose sensitive information, and perform certain actions with escalated privileges and by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
ffa8c5691773687c348c685a349950fa14e4bf2f55b0683e1edad86e03fd20c7