Debian Security Advisory 1606-1 - It was discovered that poppler, a PDF rendering library, did not properly handle embedded fonts in PDF files, allowing attackers to execute arbitrary code via a crafted font object.
ab8a5372e6778b4db0da5898c993eeb5fd38998980796a0fe4f9d00e108686fd
Secunia Security Advisory - Debian has issued an update for poppler. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
936fb7f880ed3778e545986f94923c387701d9c01d269ca56f4d3ad525e3f436
The wireless client, WeFi version 3.3.3.0, is susceptible to a local information disclosure due to irresponsible coding. Earlier versions may also be affected.
a983f73343cc81f7449f0110faffc28a9c43c2c09399c35d356beb63aa55c053
Trixbox CE versions 2.6.1 and below suffer from a local file inclusion vulnerability. This issue is due to a failure of the application to properly sanitize POST data assigned to a parameter of the /user/index.php page.
3bddbd3a4c8db9cb42799748fddd83eef13da8720a4e32e0a872d9103db04d03
Apparently, the latest auto update patch KB951748 (for all versions of Windows) cuts connectivity for all users with ZoneAlarm set to 'high' security for the internet zone.
c5e1d556d6b676fa6d2618f463ebf0dc6c1316b030ec41ad61ba89b0006e7c63
Insomnia Security Vulnerability Advisory - Microsoft SQL Server contains a buffer overflow that can be reached by causing the server to attempt a database restore from a corrupt back file.
5a50603e65e5b46c0ff831ce59e84e01f0f7a9d8c6723e48eb9d86453a08b703
The libpoppler pdf rendering library can free uninitialized pointers leading to arbitrary code execution. This vulnerability results from memory management bugs in the Page class constructor/destructor. Proof of concept code included.
c1288b18cc7452b560c12a505d9330fb0bd9fbaa310774754459fd282a0736a0
Coffee Wars 9: Call For Beans - In addition to whatever other insanity flourishes at Defcon each year, the last eight years have been witness to the amazing and ridiculous contest known as CoffeeWars. This single ludicrous event is really two contests. The first, and most important, is the attempt to select the finest coffee from all of hacker culture. The second is the loopy part: to find the upper limit on how much coffee the staff can drink.
4124581b3ac7da50314a15413aaa9ae5a010b9fba646b85b01ef2bd5c7da0d25
Fusil the fuzzer is a Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files. Fusil has many probes to detect program crash: watch process exit code, watch process stdout and syslog for text patterns (eg. "segmentation fault"), watch session duration, watch cpu usage (process and system load), etc.
9f7c129e9742196110db2d38a69c5ab53da1ed4bd63f1ab85e877269ac4828fc
Mandriva Linux Security Advisory - Multiple vulnerabilities have been found in the Ruby interpreter and in Webrick, the webserver bundled with Ruby. Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1).%5c (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the REALLOC_N variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption, aka the beg + rlen issue. Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. The updated packages have been patched to fix these issues.
500c6f519dcb964d5d98c128c92916bb6af034cdc768324fc4d42801eff9a61b
Mandriva Linux Security Advisory - Multiple vulnerabilities have been found in the Ruby interpreter and in Webrick, the webserver bundled with Ruby. Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1).%5c (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. Directory traversal vulnerability in WEBrick in Ruby 1.9.0 and earlier, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3). (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option. Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption. Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors. The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca. Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the REALLOC_N variant. Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption, aka the beg + rlen issue. Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. The updated packages have been patched to fix these issues.
d00ebdbb975ee1e7b2deb15749862082698f10cac113ff1b9fb77c6add98114c
Mandriva Linux Security Advisory - Multiple vulnerabilities have been found in the Ruby interpreter and in Webrick, the webserver bundled with Ruby. Directory traversal vulnerability in WEBrick in Ruby 1.9.0 and earlier, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3). (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option. Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption. Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors. The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca. Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the REALLOC_N variant. Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption, aka the beg + rlen issue. Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. The updated packages have been patched to fix these issues.
a45de104c2cf46c98f8bf06ce63ea70dcc48916c7e9698d75ab39967a6fc8914
Mandriva Linux Security Advisory - A weakness was found in the DNS protocol by Dan Kaminsky. A remote attacker could exploit this weakness to spoof DNS entries and poison DNS caches. This could be used to misdirect users and services; i.e. for web and email traffic. This update provides the latest stable BIND releases for all platforms except Corporate Server/Desktop 3.0 and MNF2, which have been patched to correct the issue.
2cdc87130f47e8be9ff1ef0499b2b83fc6e199818ca3e8b90806293463541f25
Mandriva Linux Security Advisory - Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. The updated packages have been patched to fix the issue.
69a05877ce4c258e785661f38b80ef520fc3ed2e12a8ab6d59fbfaaf1add6306
Mandriva Linux Security Advisory - Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. Also, according to bug #38874 decimal numbers on Hebrew documents would appear as Arabic characters. Another issue (#39799) is with (Tools -> Options -> OpenOffice.org Writer -> General). Even setting to centimeters on (Indent & Spacing) option it shows as characters (ch) on (Indents & Spacing) configuration on the menu: (Format -> Paragraph -> Indents & Spacing). Moreover, a document holding Notes edited on Microsoft Office would not show when opened with OpenOffice. These and a number of other OpenOffice.org issues were fixed by the new version provided in this update.
2e84c6d73a917e36aa0188a5765a22864416f5aacac8012f5275526bd414ff8b
Mandriva Linux Security Advisory - Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.15.
e3167c53dbd84e39c000822cc7e80d75cc110eafa88040223b61ea95bfaa9e7a
iDefense Security Advisory 07.08.08 - Remote exploitation of an integer underflow vulnerability within Microsoft Corp.'s SQL Server could allow a remote attacker to execute arbitrary code with the privileges of the SQL Server. The vulnerability exists within the code responsible for parsing a stored backup file. A 32-bit integer value, representing the size of a record, is taken from the file and used to calculate the number of bytes to read into a heap buffer. This calculation can underflow, which leads to insufficient memory being allocated. The buffer is subsequently overfilled leading to an exploitable condition. iDefense confirmed the existence of this vulnerability in Microsoft SQL Server 2005 Service Pack 2 Hot Fix 4. Additional tests against SQL Server 2005 without any updates suggest it is also vulnerable. Previous versions are also suspected to be vulnerable.
fe9c3148cb2d757ad46ba64750e372614bfc507af907dfccd2670469cfd270b0
Ubuntu Security Notice 622-1 - Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Bind. A remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.
dfbccf28a82787180f4fc2a2549d83d4e906ffe875d46b3353e7db1b5ca111ef
OllyDBG version 1.10 and ImpREC version 1.7f proof of concept exploit that demonstrates a buffer overflow vulnerability.
e8af1d5c2602759f0e83ebd5bc01798806ce591531148f9fc0b42073f5ff6c1c
Technical Cyber Security Alert TA08-190B - DNS cache poisoning (sometimes referred to as cache pollution) is an attack technique that allows an attacker to introduce forged DNS information into the cache of a caching nameserver. The general concept has been known for some time, and a number of inherent deficiencies in the DNS protocol and defects in common DNS implementations that facilitate DNS cache poisoning have previously been identified and described in public literature. Examples of these vulnerabilities can be found in Vulnerability Note VU#800113. Recent research into these and other related vulnerabilities has produced extremely effective exploitation methods to achieve cache poisoning. Tools and techniques have been developed that can reliably poison a domain of the attacker's choosing on most current implementations. As a result, the consensus of DNS software implementers is to implement source port randomization in their resolvers as a mitigation.
10c537ddc2efba49c0fba600c2294c0a31948e3fc94cf0ccfe2f52a55cb128d3
Technical Cyber Security Alert TA08-190A - Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Windows Server, Microsoft SQL Server, and Microsoft Outlook Web Access as part of the Microsoft Security Bulletin Summary for July 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
61f052e70c5271ea32d090b24c077157b4b431f86d6b8a2f0e9667574e896b2d
Adobe RoboHelp Server versions 6 and 7 suffer from a SQL injection vulnerability.
c462062444b46a39b92d80572427bc65c90ddb30c87316117d80114eac8a8765
Download Accelerator Plus (DAP) version 8.x local buffer overflow exploit that creates a malicious .m3u file. Spawns calc.exe.
6f546dc00e082a471c7ae2f75f1191a548b07ff1fb9cb103ca056da71d1971e6
Malicious SVG file denial of service proof of concept exploit that affects multiple vendors.
ee89da8f9776050087de3fc3ee1f48a1493cfbde1d0d9d489fb79bc7d24d2f7a
Dreampics Builder suffers from a remote SQL injection vulnerability.
34f3a80eb6fe01f92306a7ff880940b8da3f1e649c042eed8f5f1bbf0bed15b4