rPath Security Advisory: 2006-0198-1: In previous versions of the screen package, the screen program had a bug which is known to make screen vulnerable to a minor denial of service attack in which the screen program would crash if presented with particular output. It is possible that this attack could also allow a user-complicit attacker to assume the privileges of the complicit user. The screen program is not setuid in rPath Linux, so any attack is limited to the complicit user.
9d6aa5849f0d951882c19d3c203f88b7b542c54aa21a1ef825a48ca850a0ca48
rPath Security Advisory: 2006-0195-2: Previous versions of the qt-x11-free package include Qt libraries contain an integer overflow flaw that causes them not to properly bound pixmap image data. This may enable a user-complicit denial of service attack (application crash), or possibly unauthorized access via arbitrary code execution, in applications which use vulnerable versions of the Qt libraries.
0bfa2913fc97e3bfc7630e182f6e6aceb9c1e399a7194c1829a5a615d64446fc
Trustix Secure Linux Security Advisory #2006-0059: multiple vulnerabilities in postgresql.
99d17aaa01752a5dfdc9b3630e376f955e2d374c7b81ff89b254c13476bba128
ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability.
eb5bfb0ae83feb926f3181599a8d113b5099355c3075f37ccc39f9e96f9dd7db
Gentoo Linux Security Advisory GLSA 200610-13 - Luigi Auriemma reported that the XM loader of Cheese Tracker contains a buffer overflow vulnerability in the loader_XM::load_intrument_internal() function from loaders/loader_xm.cpp. Versions less than 0.9.9-r1 are affected.
6836d8e6883b2d5667426d301fac2690e17ef78baea18bdf775a5cb8506f00f2
Mandriva Linux Security Advisory MDKSA-2006-187: An integer overflow was discovered in the way that Qt handled pixmap images. This flaw could be exploited by a remote attacker in a malicious website that, when viewed by an individual using an application that uses Qt (like Konqueror), would cause it to crash or possibly execute arbitrary code with the privileges of the user.
88cbe33bbc5f6a69752cb29e2e256cae7857261c5c3921cca8f4db01499eef28
Continuity is a free security convention running from 1st to the 3rd December 2006 in Manchester, United Kingdom, open to anyone with a interest in computer security, hacking, phone phreaking, telephony, cryptography, internet security/privacy, urban exploration, social engineering and related subjects.
798e584f0c13af1679e17bd401cb2c4d419d7f51886215acd04279d8385f287a
0xf_ftpxq.c - FTPXQ Denial of service exploit.
17cffd597c28ed6f74c92fc0b1f188134a9142a7841dde1b098fb31dddcd101f
InteliEditor suffers from a remote file inclusion vulnerability in sys_path.
8a0b2276403d545d1d676c5f336b15d1b0b574920602145cd45519ef926384f2
adobe php sdk suffers from a remote file inclusion vulnerability in CachedGateway.php.
6dd0ca24fd785b4c1838f18654274a650891d756a41779bd9c04fff0c949f149
Crafty Syntax Live Help (CSLH) 2.9.9 suffers from multiple remote file inclusion vulnerabilities.
b34b3fa80cea1b5a2e2858ec6acb712d1c823c8fe5c1f0c934b8be86e2fccd29
Solaris in.telnetd 8.0 and prior remote exploit. A boundary condition error exists in telnet daemons derived from the BSD telnet daemon. Under certain circumstances, the buffer overflow can occur when a combination of telnet protocol options are received by the daemon. The function responsible for processing the options prepares a response within a fixed sized buffer, without performing any bounds checking. This exploit has been tested against Solaris 7 & Solaris 8 (sparc).
8b1b9e7b12ccde64848ee3e68e52d71b897094c36e01d0c6aefb642d65d2014b
SGI IRIX 6.5 /usr/sysadm/bin/runpriv local root exploit.
87ee2433cea6d25492bbf29d76ac2dddfffb1036915de7f4e24d87a028286cbe
SCO Openserver 5.0.7 termsh exploit. 'termsh' is a program to view or modify an existing terminal entry on SCO Openserver. A stack based overflow exists in the handling of command line arguments, namely the [-o oadir] argument. It is installed setgid auth in a default SCO Openserver 5.0.7 install. An attacker may use this flaw to gain write access to /etc/passwd or /etc/shadow allowing for local root compromise.
80848a38a842001ba4c5cb1a4aa2616cfde210738c9f9ac3f9e0ec9ee9fa8266
SCO Unixware 7.1.3 ptrace local root exploit. SCO Unixware 7.1.3 kernel allows unprivileged users to debug binaries. The condition can be exploited by an attacker when he has execute permissions to a file which has the suid bit set.
5a1bb516b7d517521524776f7946fdb5d76fc8e72a5fbece7674002e32ad2a4e
SCO Openserver 5.0.7 Netware Printing utilities exploit. Multiple buffer overflows exist in the handling of command line arguments in SCO Openserver Netware printing utils. EIP is overwritten after 997 bytes are supplied on the command line. The following binaries are installed setgid 'lp' as default and are vulnerable to this attack.
83a9ce0000e4291a949433b76dd8e4502dbf1c5dbe40d16fb8f14962865b2148
SCO Openserver 5.0.7 enable exploit. A standard stack-overflow exists in the handling of command line arguments in the 'enable' binary. A user must be configured with the correct permissions to use the "enable" binary. SCO user documentation suggests "You can use the asroot(ADM) command. In order to grant a user the right to enable and disable tty devices". This exploit assumes you have those permissions.
817dbb560a816e2f79b66debcf45beb878184dc4c5bbaa5233467482a065771b
Exim versions 4.43-r2 and prior host_aton() local root exploit.
aebac98246454607fa35d16a81b2ca598ce612832413121e7c0d3f85eac98cf7
Adabas D 13.01 (GNU/Linux & Win32) Multiple Vulns in WebApps including directory traversal and SQL injection.
693290f05e0b0840b9b91832cbcf89d077f7c7515d33a03cc02acc2ec5bf1135
GNU/Linux adabas v1301 universal local root exploit. Standard stack overflow in the command line arguments of SUID root(default) clr_kernel & stop bins. The exploit calculates the value to use for return address.
ed833915fb367c22a24bae21eeb3b2964eb4dfac2a260b2bcaab81b34fb8697b
Cisco VPN Concentrator 3000 FTP remote exploit. A vulnerability exists in the Cisco VPN Concentrator 3000, an unauthenticated user may access the file system through manipulation of FTP service commands.
4a0105294cbe6f0ee0f0bf817086a0b2f875637c7acc2e15634b0a8695cb01d5
AEP/Smartgate arbitrary file download exploit. A vulnerability exists in the smartgate SSL server (listens on port 443 by default) which may allow a malicious user to download arbitrary files with the privileges of the smartgate server.
458fcf07885e8ffe5f837843edcf30c3a17eb5e839951995e800bb8570220cd0
HP-UX swmodify buffer overflow exploit. HP-UX 'swmodify' contains an exploitable stack overflow in the handling of command line arguements. Specifically the problem occurs due to insufficient bounds checking in the "-S" optional argument. 'swmodify' is installed setuid root by default in HP-UX and allows for local root compromise when exploiting this issue.
6b1717b21f6b056cf18126c41c392c3e1536cac16fd737bd04e4d45e08ff85de
HP-UX swask format string local root exploit. HP-UX 'swask' contains an exploitable format string vulnerability. The 'swask' utility is installed setuid root by default. Specifically the vulnerability is in the handling of the "-s" optional argument which is passed to a format function as verbatim.
3023aa994493e76bd2f6ffff2ce173e8623eb8396ee93dd2faebae1841d15ffe
HP-UX libc timezone environment overflow exploit. HP-UX libc contains an exploitable stack overflow in the handling of "TZ" environment variable. The problem occurs due to insufficient bounds checking in the localtime_r() and related functions. Any suid or sgid program which uses the timezone functions can be used as an attack vector. This exploit uses "su" to obtain root privileges.
34d846e3e0a8d4700592a69b16c25ca882966c58bb1de3a7e74d3cb507960e1a