Theo de Raadt has received a mail stating that the IPSEC stack in OpenBSD may have been backdoored since the year 2000 thanks to the FBI.
8fe9ad852287fca32221a3cf69a2fe343de075d6442787f336fb7f5ef2265bba
Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.
af165a702f2f9a749b6f53a0287ef13aee87d7343cc261526623841775b5accf
This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution. It seems like Microsoft code inadvertently increments a vtable pointer to point to an unaligned address within the vtable's function pointers. This leads to the program counter being set to the address determined by the address "[vtable+0x30+1]". The particular address depends on the exact version of the mshtml library in use. Since the address depends on the version of mshtml, some versions may not be exploitable. Specifically, those ending up with a program counter value within another module, in kernel space, or just not able to be reached with various memory spraying techniques. Also, since the address is not controllable, it is unlikely to be possible to use ROP to bypass non-executable memory protections.
c5af90428a60eae212629d6165cc2ab369c2d3111464b63c3d7505ceda36a191
USBsploit is a proof of concept that will generate Reverse TCP backdoors (x86, x64, all ports) and malicious LNK files. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET. The Meterscript script usbsploit.rb of the USBsploit Framework can otherwise be used with the original Metasploit Framework.
74de154e6346c40601af71d4ea64de7b4546327cdc860ad6a0dcf99b225c4692
VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling malformed RA5 files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
6f509b1f5017a3048fef78a085858a29e8d684c16251cd60c9024a686c3cdd00
BlogCFC suffers from multiple cross site scripting vulnerabilities.
4a5f358eaed72d5ca282ae8e50804475f5e28c6ce5892b58a294a6f1fbd50eca
Google Urchin version 5.7.03 suffers from a local file inclusion vulnerability.
5e4cb1f96abd4d0dba19822c6f4cb88dbe18e99c1e9e68021ef02e64759e4502
slickMsg version 0.7-alpha suffers from a cross site scripting vulnerability.
c47f15d291a098777d8049b7c442a0f27bae35a13d72423b9d87eaea12757872
iDefense Security Advisory 12.14.10 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists due to an uninitialized variable in the "CLayout::EnsureDispNode" method. This method is called to recalculate the location of various HTML elements within the page. This function passes a "CDispNodeInfo" object to another function, "CLayout::GetDispNodeInfo," which is supposed to initialize the object passed in; however, the function fails to properly initialize a flag's value that is used later to determine how many "extra" bytes to allocate for a heap buffer. This eventually leads to an undersized buffer being allocated to hold a "CDispClipNode" object in the "CLayout::EnsureDispNodeCore" function. The vulnerability manifests itself when the "CDispNode::SetUserClip" function attempts to use the invalid "extra size" to calculate an offset into the object and manipulate a bit at this location. This corrupts the objects VTABLE by setting the second bit to 1, which can lead to the execution of arbitrary code when this pointer is accessed later. Microsoft Internet Explorer 6, 7 and 8 are vulnerable.
71219e3d4aa0a8af4a6f70f59166543e9d763cb490d82b8b85ea2ee887b4898d
Honggfuzz is a general-purpose, easy-to-use fuzzer with interesting analysis options. Given a starting corpus of test files, Honggfuzz supplies and modifies input to a test program and utilizes the ptrace() API/POSIX signal interface to detect and log crashes. It works on Linux, FreeBSD and Mac OS X.
5eabcb34e63989ed4f5642d912c8641cae186311d69337401092b6d50f806e3a
VUPEN Vulnerability Research Team discovered three critical vulnerabilities in RealPlayer. These vulnerabilities are caused by heap overflow errors when handling malformed RealMedia data, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
3e744f583f0bb3a9b86c94fa386cfddbd0421f8807c4245fdcff1e5cb69a4a8b
ACROS Security Problem Report #2010-12-14-1 - A binary planting vulnerability in Windows Address Book and Windows Contacts allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.
5d01b3714e5a1a07936f8d579e1f7f0c5b96811e39e1536e72e0ff2fd817f142
Secunia Security Advisory - Multiple vulnerabilities have been reported in Orion Network Performance Monitor, which can be exploited by malicious people to conduct cross-site scripting attacks.
59bb62140bcea093be05c1dbd686bd9f6c70103f2f72a2d806c27770432fcadd
Secunia Security Advisory - A vulnerability has been reported in Lotus Mobile Connect, which can be exploited by malicious people to conduct cross-site scripting attacks.
85401715cf0ac0ada42352559cfc97ea1eab5025bdc99b22b85f69639e0804a4
Secunia Security Advisory - R
9e42b971aa1a288eb0737f74050923329e951f22561e2bbe6e8f868a3fa95943
Secunia Security Advisory - Some vulnerabilities with an unknown impact have been reported in Adobe Photoshop.
1c01da367357af6e3d2ae9ef591fad36ba3c14d6bf37e5486cccd56db9475cd4
Secunia Security Advisory - Two weaknesses and some vulnerabilities have been discovered in SilverStripe, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and conduct SQL injection attacks
92bf1c89f9077ee82bd9b34feef8e58b88fd70dae323cc9a6cf27f19b9a93b42
Secunia Security Advisory - Debian has issued an update for xulrunner. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system.
892970053aac12ea9031bbdafae6eeec4be64999d0e94476c6f55ad4e2261ade
Secunia Security Advisory - Fedora has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
18d18170b497096e6e4fb614e52ae26ce9bec0cf791c4a40be04080834756879
Secunia Security Advisory - Fedora has issued an update for firefox and xulrunner. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system.
0553de17f6237290198ce8435601c59d57a83815674def9e22053e2c0d299b87
Zero Day Initiative Advisory 10-285 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Desktop Management. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpd server component which listens by default on UDP port 69. When handling the filename in a Read Request (0x01) packet type the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the tftpd server process.
82ccd040dbaba20699b014b47ff6ef8abe2763e1feeb146935df2c95f013eff2
Zero Day Initiative Advisory 10-284 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ZenRem32.exe process which listens by default on TCP and UDP ports 1761. When processing the Console DN field of incoming requests, the process can be made to overflow a stack buffer by 2 bytes. Due to the location of the destination buffer, an attacker can abuse this to overwrite a portion of a return address and execute remote code under the context of the SYSTEM user.
f769b1198961a1a95ef8fdec2b927504455807ef3244a9b9a20650b8abf2a28a
Zero Day Initiative Advisory 10-283 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ZenRem32.exe process which listens by default on TCP and UDP ports 1761. When processing incoming connections with specific version fields the process fails to initialize a string buffer intended to hold the name of the client. After making allocations based on the size of the uninitialized string, ZenRem32 proceeds to convert the buffer between wide-char and multi-byte data types. As the pointer is directed at uninitialized memory, this can be abused to corrupt the heap. An attacker can leverage this to execute remote code under the context of the SYSTEM user.
f9396dac764d7d1a9c721681fce74e2c96816fd09ecb655c0425db0a91d4c695
HP Security Bulletin HPSBUX02608 SSRT100333 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
97fdc4808f88742bed53b9c9225a0922b852aedbc8b9300b631e7e0f734fc91c
FontForge version 0.0.20100501-2 is vulnerable to a .bdf file font file stack-based buffer overflow vulnerability.
89e18269a2ce0ac9a0deb84e3e64b9bcd74d7342f689b5a63d8c76e42afc7f22