Technical Cyber Security Alert TA09-187A - An unpatched vulnerability in the Microsoft Video ActiveX control is being used in attacks.
1a102bd7a40bbb8ca60abb765053806e63288e7f77f3bce55c8c5ebc9f6902f6
Photo DVD Maker Professional versions 8.02 and below suffer from a buffer overflow vulnerability.
8c36687687ab63088a901e8037aeeba720eccb666f36a7815c5c7c225ba1805b
Whitepaper called From 0 To 0 Day On Symbian - Finding Low Level Vulnerabilities On Symbian Smartphones.
9f84cc111e30835b5b7e8fbc5e38e756d4e282500b242481eca7fe284fc5a2df
Ubuntu Security Notice USN-797-1 - It was discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could cause an application linked against libtiff to crash, leading to a denial of service.
7a72370d5fd4910515c0a0d165701f1585e989a74655c1eb76451cd4ddb6b631
Ubuntu Security Notice USN-796-1 - Yuriy Kaminskiy discovered that Pidgin did not properly handle certain messages in the ICQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash.
e9d236e58486d787e4f1439f5a9222d5b450347d97a026eb8d4c6826b1ac3968
This shellcode disables shadowing on Linux sending all passwords to /etc/passwd.
efc0efd9feadbafc48fa0b35a0aa5538a00d019eb428a3387ae2c12b99c3f28b
27 bytes small Linux/x86 setuid(0) and execve("/bin/sh",0,0) shellcode.
bdc78449c1f635f062ade25df0e45d95aa1798aa892eac87fb644cc407eeb707
The Juice for Restaurants script suffers from a remote SQL injection vulnerability.
5853b23bf8d99c0214eb477e59019090226dd91111a256d4ae9304231cde2fac
CakePHP version 1.1.20 suffers from a local file inclusion vulnerability.
27ead6119246b29233ad633ebe43ea62de1a3b3bd2aacf040b1811027299d69e
The TekRADIUS radius server for Windows suffers from a SQL injection vulnerability that allows for privilege escalation. Details provided.
04e03394380b7c464a8bd6dabc94060b07b1420c44f813a363aca9d1aa17f13d
NullLogic Groupware suffers from account compromise, denial of service, and possibly remote code execution vulnerabilities.
c36c4bc118817c73caa7e27e4882f82a005ab7e206e99a27d5d2b690d6443b2a
xscreensaver version 5.01 suffers from a symlink attack vulnerability that allows for arbitrary file disclosure.
76a58717d14127259b1160fa8f313e1fbd413475bd10fae05ad4fd3f3270e9fb
Sun One webserver version 6.1 suffers from a remote JSP source code disclosure vulnerability.
00259bc166576fb6e6df32d2a3dd8d1fdd966e27f73e21fdb0b6899cdfa0ef50
Dillo, an open source graphical web browser, suffers from an integer overflow which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by HTML pages with embedded PNG images, the Png_datainfo_callback function does not properly validate the width and height of the image. Specific PNG images with large width and height can be crafted to trigger the vulnerability. Versions 2.1 and below are affected.
0a9bd01bbd35cd229feb029c2a84091f982b71b8dbf99cb85b892b57eae472c1
FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability. The input of several connector modules is not properly verified before being used, this leads to exposure of the contents of arbitrary directories on the server filesystem and allows file uploading to arbitrary locations. The affected code is remotely exposed before authentication. An attacker can exploit this vulnerability to install remote shells on the victim server among other things, it should be noted that this vulnerability is being actively exploited in the wild. Versions 2.6.4 and below are affected.
e8fb00e2c1d4004e9c9d5b6c8091560a3a8bc7b786b95c5a80061e93d79b8354
Whitepaper called One Click Ownage. It discusses getting a reverse shell through SQL injection. Related scripts are in the compressed archive.
d9d69e301c64bdfe485895f78c59131d790f2e51060dcbca3dd44e46bee6d71a
HPP (HTTP Parameter Pollution) protection patch for ModSecurity version 2.5.9.
694e79fd6246d584e4df0972c66d14e7afca6ec28b6e3eee0d217b41d58f5786
Gentoo Linux Security Advisory GLSA 200907-03 - Multiple vulnerabilities in the Apache Portable Runtime Utility Library might enable remote attackers to cause a Denial of Service or disclose sensitive information. Versions less than 1.3.7 are affected.
4263d47d1b70e312d108199ea0389b75e3ded16f3aec80a2d0b1d0b8cf07bff9
Avax Vector Active-X control version 1.3 proof of concept denial of service exploit that takes advantage of avPreview.ocx.
c69169d02a1890b915d3de37f255e288faeb7f272b5aa090a2d7ac024a7d5ebd
Remote blind SQL injection exploit for ShopCartDx version 4.30 that leverages products.php.
1da8905f08d5b1d04b6a116f7320fea2a361ff4df354e352026f26c9b771c0b1
Debian Security Advisory 1827-1 - It was discovered that ipplan, a web-based IP address manager and tracker, does not sufficiently escape certain input parameters, which allows remote attackers to conduct cross-site scripting attacks.
00635cca24bc92600de8f93c3721c5247f197717d7229303c32358b985872512
Debian Security Advisory 1826-1 - Several vulnerabilities have been discovered in eggdrop, an advanced IRC robot.
a8b2c212aff1ffb3827b0c945e8b7f60cc18b1a588ac272831cca100696988e7
Debian Security Advisory 1825-1 - It was discovered that the statuswml.cgi script of nagios, a monitoring and management system for hosts, services and networks, is prone to a command injection vulnerability. Input to the ping and traceroute parameters of the script is not properly validated which allows an attacker to execute arbitrary shell commands by passing a crafted value to these parameters.
0b0c8bcd8fd8d0b6301b324a8896ae8ce2c6068e6e1a207cae7ec3151af6db50
Secunia Security Advisory - A vulnerability has been reported in KVM, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
bc7a0d5ab679be36909fc429e991b2150fb857afdf8874a6aa79cd5f6745921d
Secunia Security Advisory - Debian has issued an update for nagios2 and nagios3. This fixes a vulnerability, which can be exploited by malicious users to potentially compromise a vulnerable system.
b86288e59c357dff208de0efd4aaf02d97d0464d740a19945e18e0e5c244b961