Secunia Security Advisory - VMware has acknowledged some vulnerabilities in VMware ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
b28cba932affe4bd59eae95162d2becbdf93e20983be6c30a167038fdf3c7b76
Whitepaper discussing vulnerabilities discovered in the CharlieTicket/CharlieCard systems used on the train system in Boston and elsewhere around the country.
c1c32cf418a4d86b11b17dae36ca959d8be55e0462e7dbef8e037945264281b8
iDefense Security Advisory 08.12.08 - Remote exploitation of a heap-based buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows operating system allows an attacker to execute arbitrary code with the privileges of the current user. This vulnerability specifically exists in the InternalOpenColorProfile function in mscms.dll. When a malformed parameter is supplied, a heap-based buffer overflow can occur, resulting in an exploitable condition. iDefense has confirmed the existence of this vulnerability in the following Microsoft products: Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2.
2bab1a50684834c78470b73a0f99d6b62a5bf68c2b11d0ad24caf1a309eff6b6
iDefense Security Advisory 08.12.08 - Remote exploitation of an invalid array indexing vulnerability in Microsoft Corp.'s Excel could allows attackers to execute arbitrary code with the privileges of the current user. This issue exists in the handling of "FORMAT" records within an Excel spreadsheet (XLS). By crafting a spreadsheet with an out-of-bounds array index, attackers are able to cause Excel to write a byte to arbitrary locations in stack memory. iDefense has confirmed the existence of this vulnerability with Office 2000 SP-3 fully patched as of March 2008. Other versions may also be affected.
7fd2c609c0f7243586a09cc8c6edcea1802126c6f08df2dccdcbc0504032c1bc
iDefense Security Advisory 08.12.08 - Remote exploitation of an invalid array indexing vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This issue exists in the handling of "AxesSet" records within a chart embedded in a spreadsheet. This record is typically used for setting the location and size of a set of axes on a chart. This particular record type is not included in Microsoft's official documentation for the Excel file format. However, the freely available source code for OpenOffice implements this record type. When processing this record, Excel does not validate a value that is used as an index into the array of chart axes. By crafting an Excel spreadsheet (XLS) that contains an out-of-bounds array value, an attacker can cause memory corruption. This leads to a potentially exploitable condition. iDefense has confirmed the existence of this vulnerability with Office 2000 SP-3 fully patched as of March 2008. Other versions may also be affected.
b416d10bc128773cd656d2bd0d99254fc25631c8ebb771ae716ff16b3546229f
iDefense Security Advisory 08.12.08 - Remote exploitation of an integer overflow vulnerability in Microsoft Corp.'s PowerPoint Viewer 2003 could allow an attacker to execute arbitrary code in the context of the user running the application. This vulnerability specifically exists when handling CString objects embedded in a PowerPoint presentation file. An issue in this object results in a very small amount of buffer being allocated while a very large amount of data is copied into it. This leads to an exploitable heap-based buffer overflow. iDefense has confirmed that pptview.exe file version 11.0.5703.0 and file version 11.0.6566.0, as included in Microsoft Office 2003 SP2, are vulnerable. Other versions are also likely to be affected.
ab9458aeec88e0b4bfc7e9fb864d5c1741e1a1d79728cab3e7e18f9e302f5a5e
iDefense Security Advisory 08.12.08 - Remote exploitation of an out of boundary array index vulnerability in Microsoft Corp.'s PowerPoint Viewer 2003 could allow an attacker to execute arbitrary code in the context of the user running the application. This vulnerability specifically exists in PowerPoint Viewer 2003 when handling certain records in a PowerPoint presentation file. In some circumstances, an array index can be directly controlled by data from within the PowerPoint presentation file. Thus, a function pointer can be directly controlled by the attacker and leveraged for arbitrary code execution. iDefense has confirmed that pptview.exe file version 11.0.5703.0 is vulnerable. Previous versions are also likely to be affected.
fdbaba262f38504a718a7a20bdfe67eb45165704219047a0a47f08f9c4936860
iDefense Security Advisory 08.12.08 - Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Office filter for WordPerfect Graphics Files, could allow an attacker to execute arbitrary code with the privileges of the victim. This vulnerability specifically lies within the "WPGIMP32.FLT" module. A heap overflow can occur when processing a malformed Wordperfect Graphics (WPG) file. By corrupting heap memory, it is possible to execute arbitrary code. iDefense has confirmed this vulnerability in the following versions of Microsoft Office; Office XP SP3, Office 2003 SP2, Office 97. Other versions may also be affected.
741b9a8dfe66a386492a78748e537e58ca472a1b8d510f626a6e5ff078151ef0
iDefense Security Advisory 08.12.08 - Remote exploitation of a heap buffer overflow vulnerability in the "BMPIMP32.FLT" filter module, as distributed with Microsoft Office, allows attackers to execute arbitrary code. The vulnerability specifically exists in the handling of Windows Bitmap (BMP) image files with malformed headers. By specifying a very large number of colors in the header, it is possible to cause controllable heap corruption, which can be leveraged to execute arbitrary code. iDefense confirmed that the "BMPIMP32.FLT" module installed with Microsoft Office XP SP3, including all patches as of May 24, 2006, is vulnerable. Other versions may also be vulnerable.
c369d53fc3514c335589aaa73929390220ce4db88b492cebeba1b267acc42c1e
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects. When an object is appended in a specific order and particular functions are performed on these objects memory corruption occurs. Successful exploitation leads to remote compromise of the affected system under the credentials of the currently logged in user.
8326c1fc3ef77d2978877212f6e6eb60add46c7faded69a954c915053e8d800a
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects. When an object is appended in a specific order, memory corruption occurs. Successful exploitation leads to remote compromise of the affected system under the credentials of the currently logged in user.
ea35c3bea9256f849954229fe44ff2775d4c804fb8b8f1be7b41cb58bbb88f01
A potential vulnerability exists in the Microsoft Office Suite. The issue is a result of insufficient bounds checking on the content of PICT files embedded into documents. Successful exploitation of this issue enables an attacker to remotely execute arbitrary code on a target system. User interaction would be required, as an attacker would have to convince the target user to open a malformed file. One of the filter DLLs for processing image files in Microsoft Office suffers from a potentially-exploitable memory corruption condition when processing .PICT images. An invalid value in the bits_per_pixel field (offset 0x257) causes heap corruption. Different values of this field result in distinctly different types of corruption. Internally, the issue was only reproducible when the malformed image was directly inserted into an Office document by the target user.
974bb98ba30588b96b6efd403c5cc2af6d08b2085fb3458ddc726a0dd5907f16
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of a malformed Country (0x8c) record, user-supplied data may be used in a memory copy operation resulting in memory corruption. If successfully exploited remote control of the affected system can be obtained under the credentials of the currently logged in user.
31a5e8e0d24e93655c6fd5fe2f0bccc6180b35b68e635e5bb8ea9be0b82e7707
Cisco IOS FTP server exploit step-by-step instructions which includes information on connecting to a Cisco router using gdb.
ae635a76307aaf65d0cd771afdc2ccb4754e8f175174fd6311f79b519ae837af
Technical Cyber Security Alert TA08-225A - Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Office, Internet Explorer, and other related components as part of the Microsoft Security Bulletin Summary for August 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
dd5350024ae5483089c3928d95b00cc47c668f8b4003102c6ef508a41ac464bc
Vim versions 7.1.266 and 7.2 suffer from a ftp credential disclosure vulnerability.
9efd8fed7bb569b3b6816eb2bbea69d32d15c299b7ab14a6d6318af5c0d8ebed
Joomla version 1.5.x suffers from a remote administrator change password vulnerability.
536c9d409192e5620a21934692acc237b4a7cdbfa50ff9ebffdb665af6fcf34c
gelato CMS version 0.95 suffers from a remote file disclosure vulnerability.
e135ec4a5add93244b47eec91db991e89f9e7d24bfbfade064ea36d3603ea596
BBlog version 0.7.6 suffers from a remote SQL injection vulnerability.
7e545945167e20a503f6197c645977b1d9caa050286e94a826d377cb2b81be48
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited to allow remote privileged access.
5577a310f6f784dde276dedbbd838e7f16b6f618303c326fb5773acc5a5f4c2f
The kernel driver KmxFw.sys shipped with various CA products contains a vulnerability in the code that handles IOCTL requests. Exploitation of this vulnerability can result in local denial of service attacks and local execution of arbitrary code.
93703348034f1b4025f82f9365b813c7c87d326073fb65b2fddfd9ba7c13b52b
The Computer Associates Host-Based Intrusion Prevention System SDK contains two vulnerabilities that can allow an attacker to cause a denial of service or possibly execute arbitrary code. CA has issued updates to address the vulnerabilities. The first vulnerability occurs due to insufficient verification of IOCTL requests by the kmxfw.sys driver. A local attacker can send an IOCTL request that can cause a system crash or potentially result in arbitrary code execution. The second vulnerability occurs due to insufficient validation by the kmxfw.sys driver. An attacker can make a request that can cause a system crash.
985be0e793f4ac4d6d9e3779bf5ca6b54567e5ea355a83dec5b7ae1dbd4feee5
PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also "scrub" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.
78f9e8b9424d30f7bfbee06a10ca6e39c49bc5d9376b6de1b76986f26d2912b0
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
4c1026da1386c4ce859ab1fda53311292e7a9c6a576ec328e7ae9b683edbc5af
SIPVicious tools address the need for traditional security tools to be ported to SIP. This package consists of a SIP scanner, a SIP wardialer, and a SIP PBX cracker. Written in Python.
925c5e20334b59f8b4dfa8b74af93cca91bb177f7927dc064b5c0b0eea42524b