Mandriva Linux Security Advisory 2009-290 - Security issues were identified and fixed in Firefox 3.0.x. This update provides the latest Mozilla Firefox 3.0.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates.
81cd4ae6c0e4a6fbd63e6be6811775c38ed6270fdf26efb68f1373d24354eb81
uwss is a web security scanner and used for testing security holes in web applications. It can act as a fuzzer whose objective is to probe the application with various crafted attack strings. uwss is built upon a modular concept.
f5889f915e9116c5d6e219bc6ac51f19112545db98937dc7898dbe14386f4937
FULG SSH cracking utility.
43ec4b963e9750762aa06b6d1903f3f72afdf9ed91044a51a0e5b7f95760a744
Zero Day Initiative Advisory 09-074 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC Documentum eRoom, OpenText Hummingbird and OpenText Search Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Hummingbird STR service (STRsvc.exe) which listens by default on TCP port 10500. The STRlib.dll module receives network packet data into a static stack buffer. By providing a large enough packet, this buffer can overflow. Exploitation allows remote attackers to execute arbitrary code under the context of the SYSTEM user.
fc40271419bd722e4119d10ab2f0371b516cbb56bf7f8a77328f21cecab80b3d
Secunia Security Advisory - Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service).
8f0be70af004c87e4501def9c3576c06c68ab005d514afbe61cdff162e1111b6
Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, manipulate certain data, or compromise a user's system.
b6b6792baa6dabe58eb7a25f3bbf951a023362b2d4e8b94b203585e3408357a4
Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to manipulate certain data or compromise a user's system.
d03ea9bbabe16f7c220cea2e68ab962d48451256a700569fc60b0f2de6e768bd
Secunia Security Advisory - Two vulnerabilities have been reported in AOL AIM, which can be exploited by malicious people to compromise a user's system.
021e88da437be6ab3b967bfb82a32d702bf8c51c6072f170a01f2e3460a9d244
This Metasploit module exploits a flaw in the Clam AntiVirus suite 'clamav-milter' (Sendmail mail filter). Versions prior to 0.92.2 are vulnerable. When implemented with black hole mode enabled, it is possible to execute commands remotely due to an insecure popen call.
043b522739cdc7453582b55c2d84f10b6d62ae02178d5c618b7212a148347eb0
This Metasploit module exploits a flaw in the SpamAssassin spamd service by specifying a malicious vpopmail User header, when running with vpopmail and paranoid modes enabled (non-default). Versions prior to 3.1.3 are vulnerable.
eab32845da0d59fc9f4ab3c4fe32f5ea16cbdf7d908c0e6e672c02b104b4425c
This Metasploit module uses a documented security weakness to execute arbitrary commands on any system running distccd.
0a769db2554d6e63eed260b8856d24d30fee9b9bc7f06f56160f29c66e421927
This Metasploit module exploits the ContentKeeper Web Appliance. Versions prior to 125.10 are affected. This module exploits a combination of weaknesses to enable remote command execution as the Apache user. Following exploitation it is possible to abuse an insecure PATH call to 'ps' etc in setuid 'benetool' to escalate to root.
629ee439ef17eb790dc0b4ecfd87cba6375f929234dd537ad09b296c1e24dcec
This Metasploit module uses a buffer overflow in the Solaris 'login' application to bypass authentication in the telnet daemon.
1922fca1702919a985e0d03cd6e813a1ab64a1125cad7362097ca409173defa5
This Metasploit module exploits the argument injection vulnerability in the telnet daemon (in.telnetd) of Solaris 10 and 11.
179d8ac56af2b7e7a41f6d04b7d0d59e4a7e59ad60dfdcae4e994920a57db02a
This exploit targets a weakness in the way the ypupdated RPC application uses the command shell when handling a MAP UPDATE request.
7c27019bedb0e26575dc7a9ad1810a98487a76f946e66dee2a85a79237351e19
This exploit targets a weakness in the default security settings of the sadmind RPC application. This server is installed and enabled by default on most versions of the Solaris operating system. Vulnerable systems include solaris 2.7, 8, and 9.
14557b273499a2ea3ee86d39d208d2b582a750cf286e96ff62c3dd367eac0d64
This Metasploit module exploits a buffer overflow vulnerability in adm_build_path() function of sadmind daemon.
18dec71a8c83fcf83504b2fddb72739d0a61a63af0287624b6f0d47b893416c4
Debian Linux Security Advisory 1922-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser.
a220a510e52acdc35e63b91c7fafa29b451ce1d41d75745b324d947eec52a426
Cherokee versions 0.5.4 and below suffer from a directory traversal vulnerability.
e98d286121b0854950d5c8ad20255bbe19675d7c7fec7efd3126c5b4d9d701fe
This Metasploit module exploits an arbitrary command execution flaw in the in.lpd service shipped with all versions of Sun Solaris up to and including 8.0. This module uses a technique discovered by Dino Dai Zovi to exploit the flaw without needing to know the resolved name of the attacking system.
01345783ba4c62397f1139311948fa659b914f7f6b890eea025ca4a22a9c86f9
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
5515ba01277773a2f9c97599d4d28d0898d8b1d7afd5c8942cab087306c28703
Remote exploitation of a buffer overflow in the Mozilla Foundation's libpr0n image processing library allows attackers to execute arbitrary code. The libpr0n GIF parser was designed using a state machine which is represented as a series of switch/case statements. One particularly interesting state, 'gif_image_header', is responsible for interpreting a single image/frame description record. A single GIF file may contain many images, each with a different color map associated. The problem lies in the handling of changes to the color map of subsequent images in a multiple-image GIF file. Memory reallocation is not managed correctly and can result in an exploitable heap overflow condition. iDefense confirmed the existence of this vulnerability using Mozilla Firefox versions 3.0.13 and 3.5.2 on 32-bit Windows XP SP3. Other versions, and potentially other applications using libpr0n, are suspected to be vulnerable.
2586d2a113c390f692bd4a3a7b5d2efa7e97552fe0c5a23297e4dd9eebfa000a
Oscailt CMS version 3.3 suffers from a local file inclusion vulnerability.
62cc89dcaa822c8aacccf2326a30726ab50fc22820b678b1198ee5566f5b10b6
Mozilla Firefox version 3.5.3 local download manager exploit that demonstrates a temporary file creation vulnerability.
c57f747c188be90e736885f8d76cc1b16b4e1cbbc6eee9473f672dc486c86f84
Small write up called Hijacking Opera's Native Page Using Malicious RSS Payloads.
c291ffa51806c7d5f361262a1cb308612da9ac85545f1e4435e49c40c2a46aa1