There exists multiple integer overflows in routines that handle copying in user supplied data for the Linux Sbus PROM driver. They allow for a local denial of service attack and possible code execution.
d82e6c596490895e4fdf7268fb5bd8cee56764769900a142ebd3a32e518925b8
A potential vulnerability has been identified in the HP-UX ARPA Transport which could be exploited by a local user to create a Denial of Service. Impacted versions: HP-UX B.11.00, B.11.04, B.11.11.
17f663c163cc0a1b3955e0baaedcee9ff9074517b9c67194e9c1726046d3f4cb
A potential vulnerability has been identified with HP-UX running ObAM 5.0 with the WebAdmin capability enabled. This vulnerability could be exploited remotely to allow unauthorized access. Impacted version: HP-UX B.11.11 running ObAM 5.0.
a5d595e7e8db5feb1e24a0320f356a22d80058000f4edf28636fd3d517698024
A vulnerability in JUNOS can be exploited by transmitting specially-crafted IPv6 packets.
12ff91720d4131c0c520633c03bd6f056ede06b3fb7f9246677476486695d7b3
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
d227ab776db6a98ba8fc6fe490d06e340aebe7f5636fc14af294ec5091ee14f4
Exploit for the atari800 atari emulator. This exploit is local, and may in some circumstances give local root.
726481df498f83c26393c601faeb59541a54dda4fc18be0dda8d134d643a2ff3
A security issue has been discovered in BEA WebLogic, potentially allowing unauthorised users to access affected web applications. Due to improper filtering of data, an asterisk may be used in a spot to allow for a random user to get loaded into a role. The issue affects WebLogic Server and WebLogic Express version 8.1 and 7.0.
7dbb3e1ef8269fddff36b4231c3c003fb8a07bf8f1ece8e1cfcd8c3cb95191b5
There is denial of service in Apache httpd 2.0.49. It is possible to consume arbitrary amount of memory. On 64 bit systems with more than 4GB virtual memory this may lead to heap based buffer overflow whose exploitation is unclear at the moment.
a8cc5f8ac30aaea07627d9adc2917e311c049a9732c8e5df1d08b9e3855672e0
Confixx Pro 2 and 3 are susceptible to an attack where files in /root can be accessed due to an error in the backup script.
e3a9ee63cd35f3378997d12f529189f75d0e6e0f0b1e74d1c4cc326272ac4347
Two authentication errors within a verify_x509cert() function allows for malicious people to bypass security restrictions. Affected products include: superfreeswan 1.x, openswan 1.x to 2.x, strongSwan below 2.1.3, and any version of FreeS/WAN 1.x or 2.x with the X.509 patch.
253023ac78a99200fa4a578eb2c552042b67862d2e97d6c8f5ec337c052c25e6
Secunia Security Advisory - Valerie Holfield has discovered a vulnerability in phpmyfamily, which can be exploited by malicious people to gain edit privileges. It is possible to be automatically logged in as user nobody when clicking to download a document and then leaving the page. This grants the person ability to add people, change information, upload and delete documents and images.
ef0bd9a2a68bcae1d6b1b92976dc9b320fce5d68f1024b28d5795349f5c19787
An off-by-one condition exists in the POP3 handler code present in popclient 3.0b6. By crafting a malicious email a remote attacker may cause a denial of service against users of this software.
37477ee91fb39858381402adf7f0db7f0667492f2d0b8d2109a09061ffc25866
A remote exploit has been discovered in the Apache 2.0.49 HTTP server which allows an attacker to cause the server to allocate increasing amounts of memory until system memory is exhausted or until process limits are reached.
d52c9414d2197f648b3d31a6f01f66b36cd2811cf96502d02d2519eb5d7614b1
Full source code of the Scob trojan downloader. Archive password is set to p4ssw0rd. Use at your own risk.
9d3ea6980c1a089c7b195db591439b0e1223ce24749786e85d7765405443f7a2
Original research data regarding ISC DHCPD 3.0.1 rc12 and rc13 denial of service attacks.
af7361e4caaf6e24854e73423f133ae3002cdac83b977215361840b8ae51b713
csFAQ is susceptible to a path disclosure vulnerability.
e82731bb7aafdfb21d28fa46bad6977a00deffb2a4e5fb1caabc0fdedba9efaa
PowerPortal version 1.x suffers from full path disclosure, cross site scripting, and arbitrary directory browsing flaws.
c2ead58aa5b18cef122380780b1677c7bfd50ea35b5f30c403f12cce123047e2
CuteNews version 1.3.1 is susceptible to a cross site scripting flaw.
7ed2bbb81e542045e1ee215883d3871bb25403d00ee7161199bfb071268e10bd
During the client-side Windows installation of Lotus Notes, a notes: URL handler is registered in the registry. An argument injection attack allows an intruder to pass command line arguments to notes.exe, which can lead to execution of arbitrary code.
7f1d5d7fa6e4854573d335dc29ba01617e06478c0fbeabab00dc2a8338959037
The Zone-H Security Team has discovered a SQL injection flaw in Infinity WEB that allows malicious attackers to bypass the authentication mechanism without having an account.
38f4ddea3d5eb05ff4217cd5f69e210542b334b36ba152257c34449d81ff759e
All versions of MPlayer, the movie player for Linux, are vulnerable to a buffer overflow attack that allows for privilege escalation. Local exploit included. Tested against Redhat Linux with Gnome, FreeBSD and latest cvsup plus ports with Gnome.
6850af71802ee705a1be21d2e279558327d7f8c14f4363ad429d736e33bfa329
artmedic_links 5, the PHP script, is susceptible to a file and URL inclusion vulnerability.
fcb5bd9d71d92305c88ad7546002bb9461b97c61d6b4476192e7c92d834817af
Symbian SIS file dumping utility that allows for analysis of potential malware without actual installation of files. It provides information on file headers (UIDs, Version, Number of Languages, Number of files), file list (Destination name by default, Source filename and file type).
d0b5a4ac2ae9c2a7e25d96eb3a066b7934371142f4f87debfe9c326b0ca0ab29
Secunia Security Advisory - Alan Fitton has discovered a vulnerability in giFT-FastTrack, allowing malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error, which can be exploited to crash the giFT daemon via a specially crafted signal. Version 0.8.6 and prior are reportedly affected.
952b88a417674f0acb22f4a6dfd67756190439d585dfd1efab3bb1623259e089
A flaw in Kerberos password handling under Sun Solaris 9 allows for passwords to be logged in clear text on clients with services using pam_krb5 as an auth module.
3e8f112307c599098b445c863693bd8fada2f48c9458a8350f1589bcb01e67a7