iDEFENSE Security Advisory 05.03.05 - Local exploitation of a buffer overflow vulnerability in Apple Computer, Inc.'s Mac OS X Server default install allows attackers to execute arbitrary code. NeST is the NetInfo Setup Tool for Mac OS X. The vulnerability specifically exists due to insufficient bounds checking on the argument passed to the '-target' command line parameter. Local attackers can supply an overly long value to overflow the buffer and execute arbitrary code.
0c4cd80a8e3d38cb59c61f0869356ce10010ac85f79bb0f97bfe1f1caf72ece0
ASP Inline Corporate Calendar is susceptible to a SQL injection vulnerability.
5ba799d0d46135bed045937cc3a0414d1df63c9d205b8878fcfc7a03a2042adc
e107 version 0.617 suffers from directory traversal and SQL injection vulnerabilities.
ef2b5c85153677f18bc3f8e720dd636c90ace7a8112dacdd3e4cfcb88ea2d29d
Sitepanel2 versions 2.6.1 and below suffer from cross site scripting, directory traversal, and various file manipulation flaws.
bf1bec8fd01bb8241debc401e8eb81f226ce350eea7f6f5ab751654f1137bcfb
ProxyCap enables users to tunnel Internet applications through HTTP, SOCKS v4, and SOCKS v5 Proxy Servers. It can be told which applications will connect to the Internet through a proxy and under what circumstances. This is done through a user friendly interface, without the need to reconfigure any clients. ProxyCap provides a flexible rule system and allows the end user to define their own tunneling rules.
226f75426a557c301c50ae65e8cdbce5a0209a71424836dfdd491d461f815e00
Secure Science Corporation Advisory CSA-056 - LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines. A vulnerability was found by the author within the signature scheme used with the Elliptic Curve Cryptosystem routines that will allow arbitrary signatures to be created by an attacker.
b8ad4e6b033d01b8ddf58a423ef32c097bcb846cc0417058b55c70ae4bb633ad
PHP-Nuke version 7.5 remote code execution exploit.
b07b52721366f8210a369cf5ea7fb60b1d2d1108f367ea9b3eb53b8641382132
Technical Cyber Security Alert TA05-193A - Microsoft has released updates that address critical vulnerabilities in Windows, Office, and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code on an affected system.
2303b682f52871a9477672e8a66f71e91112dbef891869a7006d70bee863bdb7
Pear XML-RPC Library 1.3.0 remote PHP code execution exploit. Written in Python.
5b00e2c1dec4d05c6fea96b4f2f0887c7238f88a3f83c7bdbce51ab86de341d8
PacSec/core05 call for papers for the convention that will take place on November 15 and 16 in Japan.
0e22b2a32dd1a0438ba57fee33f835e6665b5ab2c9deee4a031f1ce6e75f5469
Yawp/YaWiki versions 1.0.6 and below suffer from a remote URL include vulnerability.
a84f980bc610b65689b1c82b416b74a4353c6933a5905db5d83859b2d7ec3d28
Gentoo Linux Security Advisory GLSA 200507-11 - Daniel Wachdorf discovered that MIT Kerberos 5 could corrupt the heap by freeing unallocated memory when receiving a special TCP request (CVE-2005-1174). He also discovered that the same request could lead to a single-byte heap overflow (CVE-2005-1175). Magnus Hagander discovered that krb5_recvauth() function of MIT Kerberos 5 might try to double-free memory (CVE-2005-1689). Versions less than 1.4.1-r1 are affected.
a5893eec4017eab8013960f593431f9eb1f82c27e1b77c5ce9a885dc8c2262fb
MIT krb5 Security Advisory 2005-003 - The krb5_recvauth() function can free previously freed memory under some error conditions. This vulnerability may allow an unauthenticated remote attacker to execute arbitrary code.
c917c32c8bddc3aebae93248fef24b5a38190c1463b051a86386603d031bc95a
MIT krb5 Security Advisory 2005-002 - KDC is susceptible to a buffer overflow and to heap corruption.
8ff75e490e1fcbb8b37693e060305697d011a5db2eedf60375cc98a8368833ff
iDEFENSE Security Advisory 07.12.05 - Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Word could allow execution of arbitrary code. A specially crafted .doc file, containing long font information, can cause Word to overwrite stack space. No checks are made on the length of data being copied, allowing the return address on the stack to be overwritten.
5142a2e97ae7128ef825faf0417ecb073931c21b6dd08425920cbd4d5d166a99
SoftiaCom's wMailserver version 1.0 remote denial of service exploit.
7557765c5ef49c4ab55aadfbc153e91e9aff67989be5d12841a7ee97cfa367ca
Basic XMLRPC exploit written for Metasploit.
afd99ce56b043d9c761badf25d692314333c40bc7c231e8d363e0b0546cf891b
Nokia Affix Bluetooth btsrv/btobex makes poor use of system() allowing for remote command execution as root.
43a7a7e9ccef6513cee8d509624d337031032bd9abeef5a58831ab2c8a4e6ce6
Cisco Security Advisory - Cisco CallManager 3.3 and earlier, 4.0, and 4.1 are vulnerable to Denial of Service (DoS) attacks, memory leaks, and memory corruption which may result in services being interrupted, servers rebooting, or arbitrary code being executed.
6a1601a182d9fae7ba05c04f697dfd084c427b640b140e3fc1d59de74b1b25ad
Secunia Security Advisory - Eric Romang has reported a vulnerability in Elmo, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
d2398c45bc96356e72d41c8ab9f11869fe19bf4bb614014c2305ef5a8d8ee83a
Secunia Security Advisory - Lord Yup has reported a vulnerability in Microsoft Word, which can be exploited by malicious people to compromise a user's system.
e6b687d3307f74f0e1c964e9dbd563824cc8ddaaa0a61ec0e1253c12ffb51162
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
c7284448ebf34d023be5532b031cc33849e187ef888ace5c814d12f2bad91ab3
Secunia Security Advisory - SPI Labs has reported a vulnerability in ASP.NET, which can be exploited by malicious people to cause a DoS (Denial of Service).
a0b6148f3fdc3c9faf2eaaa05f8751547053dd4d5ffe4b7c27f18e34b64969ca
Secunia Security Advisory - A vulnerability has been reported in BIG-IP, which potentially can be exploited by malicious people to bypass certain security restrictions.
37bcd1a93580fba329e9375af6281461a91719945f3d88a3c8b79f91fded08e8
Secunia Security Advisory - Mandriva has issued an update for cpio. This fixes a vulnerability, which can be exploited by malicious people to cause files to be unpacked to arbitrary locations on a user's system.
bffa87152b5e87bc2414c15d79be5df22fb01528dfeadf66d762b5f298452a1d