Calyptix Security Advisory CX-2007-04 - Multiple versions of Check Point's Safe@Office UTM device are vulnerable to cross-site request forgery. The test firmware was version 7.0.39x, the latest available for the Safe@Office model. Cursory testing shows that prior version 5.0.82x was also vulnerable. Other Check Point products were not tested.
5a7280c2e84db6499337852cb17b9d7dc4fa7639fe87c2d1243fd24daff9054a
MIT krb5 Security Advisory 2007-005 - The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a stack buffer overflow.
5915f86c61c9564dc34aa5cb655f913b024147f3860c66cbc95b45eba5a08091
nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing.
38f1deb68991c9367d3f5af63c37929863c468ed1f7958e5e54d93151471ef60
hpqxml.dll version 2.0.0.133 from the HP Photo Digital Imaging software package has a flaw that allows for arbitrary file overwrite on the underlying system.
d5ed8c3f7dc685ae2d44fdc333686f1a4233c2473a12d3a6228b16977266b09b
QuickTicket version 1.2 suffers from a local file inclusion vulnerability in qti_checkname.php.
71544a547a68d6a05fbf7e16cb9e1f8f5a8727924b0b7b3cc17fb1621087b31a
QuickTalk forum version 1.3 suffers from local file inclusion vulnerabilities.
5068c4cd8d68ec79194cf3bcbbf8697e40574eeb0fa6c4127c8a3b865ccc8a07
Sony Network Camera SNC-P5 version 1.0 ActiveX viewer heap overflow proof of concept denial of service exploit.
2848e6b5ecb0750e5005ec474e44c950ef5b91decc2778a0e20de5d37482ca14
RealNetworks RealPlayer/Helix Player SMIL wallclock stack overflow proof of concept denial of service exploit.
68e14478e4f096f8efadeb0d94891a14ff8995292a98f99547bb534907b4ee37
152 byte Win32 tiny download and exec shellcode.
d853d553fc7f574925a19fb5152e8bdc2901115fffcf6c04f6b041fa3fb266d1
It has been more than a year since Michael Lynn first demonstrated a reliable code execution exploit on Cisco IOS at Black Hat 2005. Although his presentation received a lot of media coverage in the security community, very little is known about the attack and the technical details surrounding the IOS check_heaps() vulnerability. This paper is a result of research carried out by IRM to analyze and understand the check_heaps() attack and its impact on similar embedded devices.
40dd024bc2d874958a21e126057bd31b7ed7d0c86e440e3d7f7f5635a1c9819c
ISR-sqlget is a blind SQL injection tool developed in Perl. It supports 20 databases, has various evasions features, SSL and proxy support, and more.
4ac98124e44160901dbd4f0fd6e7b92ffa530dcbfcbc73d2f2122fe5549a1093
Simple shellcode generator written in Perl.
03991e43ec5d4d5b8c519651b343e547584481d7614bcb0c1b8961c3ebb016be
Mandriva Linux Security Advisory - Multiple cross site scripting vulnerabilities were discovered in pam_login.cgi in webmin prior to version 1.350, which could allow a remote attacker to inject arbitrary web scripts or HTML.
1bbbe676ac186d3ae6bd66dd9d54848626a7c80788f138d68e26053c9496a365
Debian Security Advisory 1320-1 - Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. It was discovered that the OLE2 parser can be tricked into an infinite loop and memory exhaustion. It was discovered that the NsPack decompression code performed insufficient sanitizing on an internal length variable, resulting in a potential buffer overflow. It was discovered that temporary files were created with insecure permissions, resulting in information disclosure. It was discovered that the decompression code for RAR archives allows bypassing a scan of a RAR archive due to insufficient validity checks. It was discovered that the decompression code for RAR archives performs insufficient validation of header values, resulting in a buffer overflow.
62a4dcd169bebdf40e44a94dd161b10f047c7e6c91ce7107661336b7d9b5089d
Debian Security Advisory 1319-1 - Several remote vulnerabilities have been discovered in MaraDNS, a simple security-aware Domain Name Service server.
402998143f0f2092d26bcd32bc571ec697568c6b823e5fe4dee1f4a8ef9c0560
Debian Security Advisory 1318-1 - Several remote vulnerabilities have been discovered in ekg, a console Gadu Gadu client.
5c48b9b7359ae496f303d7bea1ef0aabd1f975e1ffc22adfcd9dd2c6442349fa
Debian Security Advisory 1317-1 - duskwave discovered that tinymux, a text-based multi-user virtual world server, performs insufficient boundary checks when working with user-supplied data, which might lead to the execution of arbitrary code.
3bf1bb01d6597bed9cfb800df13f7d338860554dbaed4e0091223f0bd87bb56c
BarCodeAx.dll version 4.9 ActiveX control is susceptible to a remote stack buffer overflow.
5b8f251469b6b6ff16e87adec7af89f0e53ad8ce7a91fe3df07f6af3b97ab875
Ubuntu Security Notice 476-1 - Fabio Massimo Di Nitto discovered that cman did not correctly validate the size of client messages. A local user could send a specially crafted message and execute arbitrary code with cluster manager privileges or crash the manager, leading to a denial of service.
e83c4673488457a524361a3367db932545cc68725676633da10de545d14b93c5
Orkut fails to expire or disable the session associated with the 'orkut_state' cookie when the user logs out or fails to authenticate himself during a session.
3a90b01bdb461209a1a19adeb541b056df60200c9788a2bc7f1b48172b8ad24c
eNdonesia version 8.4 suffers from a SQL injection vulnerability.
39adbd09c3de049026347d06dcda7c3dd848119e60eabdf6004f1b254c5c1ddd
Various CA products that embed Ingres products contain multiple vulnerabilities that can allow an attacker to potentially execute arbitrary code.
b9420a8daa8448c325330f47f53519fd6d8bf578d33c969e755fb2c28d048bb8
Avaxswf.dll, a library included in the Avax Vector ActiveX version 1.3 software package from the Company Civitech, has a flaw that allows for arbitrary file overwrite on the underlying system.
4ca55d3c8f70a52a5379bf51316724a294795bf8c806940932fe86568b7aca3a
NCTAudioEditor2 ActiveX DLL NCTWMAFile2.dll version 2.6.2.157 exploit.
28a728208a8f4004c82fff2c6ff50e58377091a3c0e399bc41dfb3662e338c47
NCTAudioStudio2 ActiveX DLL version 2.6.1.148 CreateFile() insecure method exploit.
641ca86b050b1f939e4516b7263fb460927024d0e291ff0eabbbbbf258573c45