Secunia Security Advisory - Debian has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
85eefbbef65bff0b2cf5b52bff8e2e0ebdd1011e3618663679e77ba1d5ac8804
Secunia Security Advisory - A vulnerability has been reported in various JustSystems Ichitaro products, which can be exploited by malicious people to potentially compromise a user's system.
59dc1c71475b4c2d7d809451ea6b63d62b7a0d3434a3071f52b3f90843b32175
Secunia Security Advisory - A vulnerability has been reported in Novell Client, which can be exploited by malicious users to compromise a vulnerable system.
2235d4d573e8d3a4a573e8a9d6d7d0f9380caa7cdde3f58c73cbfb9da418b2db
Secunia Security Advisory - Secunia Research has discovered a vulnerability in IrfanView's Formats plug-in, which can be exploited by malicious people to compromise a user's system.
e26849bab2f5a50fcf902318a0826e62646d50720e544a3258ecc78be1fa3912
Secunia Security Advisory - Gentoo has acknowledged a security issue in xpdf, which can be exploited by malicious, local users to gain escalated privileges.
bf58aa72171cb22acc79babf9fb778d3a06e536fc2af3e94099be9adc8e91c3c
Secunia Security Advisory - Gentoo has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
4af155a49d88a12c489e2fe64491ab94c31dfdcd071c572bbdf07246fe642b64
Gentoo Linux Security Advisory GLSA 200904-06 - An untrusted search path vulnerability in the Eye of GNOME might result in the execution of arbitrary code. James Vega reported an untrusted search path vulnerability in the GObject Python interpreter wrapper in the Eye of GNOME, a vulnerability related to CVE-2008-5983. Versions less than 2.22.3-r3 are affected.
f361f11a9332c1aeffbeea882ecce779c48e9eefab14a74b77b88bcdabe26e14
Zero Day Initiative Advisory 09-016 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. A valid IPC$ connection must be established in order to exploit this vulnerability. The specific flaw exists within xtagent.exe during the handling of RPC messages over the XTIERRPCPIPE named pipe. Insufficient sanity checking allows remote attackers to dereference an arbitrary pointer which can be leveraged to execute code under the context of the system user.
32382292f4214f0e8c641b7bac69194ef2a7587c703d9da375e05ae3be60b12d
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple VMWare products. User interaction is required in that a user must visit a malicious web page or open a malicious video file. Upon installation VMWare Workstation, Server, Player, and ACE register vmnc.dll as a video codec driver to handle compression and decompression of the fourCC type 'VMnc'. This format is used primarily by Workstation to capture remote framebuffer recordings of sessions within a virtual machine. The resulting video is stored within an AVI container file. While playing back such files the function responsible for handling ICM_DECOMPRESS driver messages implicitly trusts a size value while decompressing a frame. Specifically, the dwSize element within an Open-DML standard index RIFF chunk is used as an argument to a memcpy into a static heap buffer. This can be leveraged to execute arbitrary code on the host system under the context of the current user.
5b96d01fdf360ef9dd8367de0fb2e2fef297fd2fdbe0550ee57ba151b88773e4
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple VMWare products. User interaction is required in that a user must visit a malicious web page or open a malicious video file. Upon installation VMWare Workstation, Server, Player, and ACE register vmnc.dll as a video codec driver to handle compression and decompression of the fourCC type 'VMnc'. This format is used primarily by Workstation to capture remote framebuffer recordings of sessions within a virtual machine. The resulting video is essentially a recorded session of VNC's RFB protocol. In VMWare's implementation the stream consists solely of FrameBufferUpdate messages (message type 0). However, if the message type of one of these blocks is changed to any value greater than 0x03 a size assumption is made which results in faulty math being applied to a pointer used later in a memcpy. This can be leveraged to execute arbitrary code on the host system under the context of the current user.
2283928ddf12b56cdf4fc05ebcfc0623e96e9ad910c43a1a18f92dd7f71ad86f
Baby FTP server version 1.x remote memory consumption exploit.
e091c7901d54299f85408260618e841a824fad8f1bc2c4e049cebf959cf47f4b
Positive Technologies Research Team has discovered denial of service vulnerabilities in VMware products. The IOCTL handler in hcmon.sys does not properly validate buffer data associated with the Irp object, which allows local users with administrative privileges to crash the system.
8dfa92c260d4fac7e9d8c687edbedf3df93ac8a4ae132c58baa7bd66e23e9527
Positive Technologies Research Team has discovered privilege escalation vulnerabilities in VMware products. Buffer overflow vulnerability exists in vmci.sys driver. Local user with administrative privileges can execute arbitrary code with SYSTEM privileges.
e8d8290d8dfef07338b1189deb335ea179d581425e273da9ba47e663b96875d1
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
af94dfcc8909152ca95b233d89bbea2d65c0563b10addf2e84893f8312e82303
Whitepaper discussing the Pirelli Discus DRG A226 wifi router WPA2PSK default algorithm vulnerability.
339cf90971b6f59fc1b1f8d15ffe572f55b0d908bed0446498d4c99badde656b
Whitepaper called Preventing the spread of USB malware.
7d4dcd1a95d428f281d7def49c550967bc2918626791f2c8f0c360678b700630
Unsniff Network Analyzer version 1.0 local heap overflow proof of concept exploit.
dd25612115197a334a40028d6f73ff0fceb6097b5b1f513979bf02ea0d85e6ae
Debian Security Advisory 1763-1 - It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate.
67833f7e6d6fa9214058e01bf4e7eb29a005fff8160d3ee5e1e99b4396c1e949
UltraISO versions 9.3.3.2685 and below off by one / buffer overflow proof of concept exploit.
591a66d46359b17842e0c7a8f08abfc68a72e240a0fc0ee543f1998fec937516
sqlsus is a MySQL injection and takeover tool, written in perl. Via a command line interface that mimics a mysql console, you can retrieve the database structure / contents, inject a SQL query, download files from the web server, upload and control a backdoor, and much more.
9f9cfa06e1801eb3e59dddda7388354b856f69c8267bd68453ece6e43888dcd4
Arcadwy Games CMS suffers from a remote SQL injection vulnerability that allows for an authentication bypass.
b48ba1562c34dd99ce653f2a7ebe282362308c592645d7b6cf1f55e2ef060d4b