Denial of service exploit for Mac OS X that demonstrates a failure to properly handle corrupted UDTO HFS+ image structures (ex. bad sectors). Memory corruption is present but is unlikely to allow for arbitrary code execution.
77c282215b05a90062a750e7665e4b67a076420028accebdd30a6844a364c287
XMPlay version 3.3.0.4 .PLS filename local/remote buffer overflow exploit that executes CALC.exe.
664a4d9eabb538139fee5820039e98298fdd81e7b0de9cc82fa0b27721b11935
XMPlay version 3.3.0.4 .ASX filename local buffer overflow exploit that executes CALC.exe.
13b97521a139cc19571c37602af2fe403fbb1a249cb3da57cb484f4eed48a42b
XMPlay version 3.3.0.4 .M3U filename local buffer overflow exploit that executes CALC.exe.
082bb5e1b00a07a7d2af2a365a3da3b5aa70c31d6de463b58cf200a19606e19f
Seditio versions 1.10 and below suffer from a remote SQL injection vulnerability.
b39f18b07be79d4077fc318a04f7c06befd5cd3366b0dc7830e9046caac56819
Mandriva Linux Security Advisory MDKSA-2006-208-1 - An unspecified vulnerability in OpenLDAP allows remote attackers to cause a denial of service (daemon crash) via a certain combination of SASL Bind requests that triggers an assertion failure in libldap.
7264455a882c69fc522fd0d199bb81e73d99e16e8b470d9e9cfe50c75c10629f
GNU tar suffers from a directory traversal condition. Exploit included.
9f117a005fa12ba3f2e915794a41b81dab5cc919959856eb45ec674d29544949
Patch for Nmap 4.20RC1 (and some 4.20ALPHA versions) that adds a runtime option to toggle the sending of packets with bad TCP/UDP checksums.
e180b38e4a7275e4114c2efec3e17fc8133b9b2f0046f82fac757451fd6323a6
ContentNow CMS version 1.39 'pageid' SQL injection exploit that discloses administrative credentials. Works regardless of magic quotes.
16c1430531ad118bf77a1a3a6ce8f1e6fb067b1faacd9f3e434d047d554c831e
ContentNow CMS version 1.39 is susceptible to SQL injection and path disclosure vulnerabilities.
66b8d3c6fb056d3f9c7d05c58697340c1940620e1d27116558ae69297bbb9685
Ubuntu Security Notice 382-1 - USN-352-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript.
716148f75d9c048908c1a6931eda882c0b85cb4cc4ac3ec88b2f50b830fe3a7c
Ubuntu Security Notice 381-1 - USN-351-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript.
b8121ede409ee2c6cbec1387ce70dd739175685b72d182572c33cce4789d5571
GoogleCall uses Google's Click-to-Call service to send a number with a forged Caller ID. It automates the process of sending multiple calls to someone with multiple forged Caller IDs.
4959d7dadc41924eb0e652cf13304235976fb8282f1f61c2e5fd80f616545617
PhotoCart version 3.9 suffers from a remote file inclusion vulnerability in adminprint.php.
9d54801dcb5ca69678e8840e8d08b0b65c432ebd21cc84d92c44a95dbad83d37
osCommerce contains a flaw in the admin section that allows a remote cross site scripting attack.
9dd57fe31faf9453447a5f66dddee562bd6b473276ce0b63430fd638f9e4f477
Debian Security Advisory 1218-1 - It was discovered that the proftpd FTP daemon performs insufficient validation of FTP command buffer size limits, which may lead to denial of service.
53c1c3fb027239e67fe8aaec759509b59c141ef9cbdf3bf3ae383afdc4b145c1
Secunia Research has discovered a vulnerability in My Firewall Plus, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the application windows running with SYSTEM privileges and the application not checking if explorer.exe is running before performing certain actions. This can be exploited to launch iexplore.exe with SYSTEM privileges by terminating explorer.exe and then use the "Test Your Firewall" functionality. Affected is My Firewall Plus version 5.0 Build 1119.
ee159e8046e5a86fbf500118e4328f30c3a6fe4b3df866772f1585f7ae99b181
Gentoo Linux Security Advisory GLSA 200611-16 - Miloslav Trmac from Red Hat discovered a buffer overflow in the readline() function of texindex.c. The readline() function is called by the texi2dvi and texindex commands. Versions less than 4.8-r5 are affected.
09cefa62c73fd86b5ddd651c4c5ebaa1c8be0dd07df40d2ae5a4f98a5ace0464
Gentoo Linux Security Advisory GLSA 200611-15 - qmailAdmin fails to properly handle the PATH_INFO variable in qmailadmin.c. The PATH_INFO is a standard CGI environment variable filled with user supplied data. Versions less than 1.2.10 are affected.
edbe1926aa508c32022694461cf5c8a0ae528e091bad39593fb595c0acf89d3c
Secunia Security Advisory - Gentoo has issued an update for avahi. This fixes a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions.
776ea81699259163636485e50d4aa9816b2f11fdb39c41b7138f97a81270a545
LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup version 11.5, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system.
2dcef1d88b90b8926cc40a7227cab7456d72102e182bcbd7fcb6e0346da13648
Whitepaper entitled "Which is more secure? Oracle vs. Microsoft". This article looks at the number of security flaws in Oracle and Microsoft database offerings.
76b1dff89265c886e4fb95a2da210b637f0ae4d28b78e4ee37976c44012de162
Secunia Security Advisory - Secunia Research has discovered a vulnerability in My Firewall Plus, which can be exploited by malicious, local users to gain escalated privileges.
babc1a8bc1c1c8c0dbe7e20a0605e109c90bc5d9555c191d4c154a213ca41f3b
Secunia Security Advisory - Tavis Ormandy has reported a security issue in FVWM, which can be exploited by malicious, local users to bypass certain security restrictions.
b29edab8318513df97c0c7ffb5598172ee8157e93881fe1f3be9627a3620c790
Secunia Security Advisory - Some vulnerabilities have been reported in Fuzzball MUCK, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
80ccb578b74500f23b83311318401647587a5f416ecba01cc00e65b64f55e75f