Asp VevoCart Control System version 3.0.4 suffers from a database disclosure vulnerability.
6976cde132834283c3dc30393ebb2b91b84d3b0ea4919ebf35e01b483d3fe32c
Mandriva Linux Security Advisory 2010-005 - The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic. The updated packages have been patched to correct these issues.
223f0994d0723ca2175893ca70bd32bd5f955a4de328b10243b97f36ad8d9037
Nemesis Player versions 1.1 Beta and 2.2 local denial of service proof of concept exploit that creates a malicious .nsp file.
07deac516fa7221bb6813bd771b9a395740361d6f1611c8daf7f929cbc501694
Gentoo Linux Security Advisory 201001-8 - Multiple vulnerabilities were found in SquirrelMail of which the worst results in remote code execution. Versions less than 1.4.19 are affected.
79b67914b106df3b61ec634b24ec4b26b65f59c9160a95eb40b09212c2f69ae2
Gentoo Linux Security Advisory 201001-7 - An untrusted search path vulnerability in Blender might result in the execution of arbitrary code. Steffen Joeris reported that Blender's BPY_interface calls PySys_SetArgv() in such a way that Python prepends sys.path with an empty string. Versions less than 2.48a-r3 are affected.
d3757185463cd9fc168c7f705922658f8d6ef78452b0a83331a107ab332746d7
Espace De Reflexion suffers from a cross site scripting vulnerability.
3d1a505658aa7b39049df8fc2de6a5ac4d359b0c95db2a212a578d88f68514c9
The Joomla Tienda component suffers from a cross site scripting vulnerability.
d1a783e70556e3ade23b7a99cee18874dace85f7addafb84cb0a3bc9a0e88352
Gentoo Linux Security Advisory 201001-6 - A buffer overflow and a format string vulnerability in aria2 allow remote attackers to execute arbitrary code. Tatsuhiro Tsujikawa reported a buffer overflow in DHTRoutingTableDeserializer.cc (CVE-2009-3575) and a format string vulnerability in the AbstractCommand::onAbort() function in src/AbstractCommand.cc (CVE-2009-3617). Versions less than 1.6.3 are affected.
a822c30e2007d9b78c0ec1cdfdf55abc50eba637e11d4a6e5018cd45a55e7e84
StivaSoft version 1.0 suffers from a cross site scripting vulnerability.
66ee111d7c57f5073ca6a6dc9f6b6326001ccc19b82e8a9682666c91edf3f4dc
TribisurCMS suffers from a cross site scripting vulnerability.
e8ac7484e385afbcd82e407b99c25c5013156d9f9687052673f997db03e77f94
Yoono Firefox extension versions prior to 6.1.1 suffer from a code injection vulnerability.
bfd84bf3aba12e7c69cc818f02ce6095d73f9701b829ecb83f65ad5699232b91
iDefense Security Advisory 01.12.10 - Remote exploitation of a memory corruption vulnerability in multiple versions of Adobe Systems Inc.'s Reader and Acrobat PDF reader and processor could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when processing the Jp2c stream of a JpxDecode encoded data stream within a PDF file. During the processing of a JPC_MS_RGN marker, an integer sign extension may cause a bounds check to be bypassed. This results in an exploitable memory corruption vulnerability. iDefense has confirmed the existence of this vulnerability in latest version of Adobe Reader, at the time of testing, version 9.1.0. Previous versions may also be affected. Adobe has stated that all 9.2 and below versions, as well as all 8.1.7 and below versions are vulnerable.
139823d91661e5fccdd9d31846177997f1dc0fdf3d4259d9e33d6b309d80589c
Technical Cyber Security Alert 2010-13A - Adobe has released Security bulletin APSB10-02, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.
f4bf53ec228a26f9f042e920f4fee3fc57a22155c7ff1bed635761ece4adbf70
Debian Linux Security Advisory 1970-1 - It was discovered that a significant memory leak could occur in openssl, related to the reinitialization of zlib. This could result in a remotely exploitable denial of service vulnerability when using the Apache httpd server in a configuration where mod_ssl, mod_php5, and the php5-curl extension are loaded.
9749f4b5342fe7276702d2012abb05c19cc70639bcbead7ea8ba625ddd558a15
The Joomla Article Manager component suffers from a remote SQL injection vulnerability that allows for authentication bypass.
efab829103423956ef726413bbab774b1d91c7ee9fad2e446f377258f19ee484
Power By Traidnt UP version 1.0 suffers from an insecure cookie handling vulnerability.
926e95c2249f73e7d86c2bebce22168a8e5aa965dd549664522178c3ee03afc0
Dodo Upload version 1.3 suffers from a shell upload vulnerability.
96b41507587b2c38fc116ec546ff1d78be442ccb668311a5a00599c5cca4ed97
Gentoo Linux Security Advisory 201001-5 - A remote attacker can bypass the tcp-wrappers client authorization in net-snmp. The netsnmp_udp_fmtaddr() function (snmplib/snmpUDPDomain.c), when using TCP wrappers for client authorization, does not properly parse hosts.allow rules. Versions less than 5.4.2.1-r1 are affected.
2bc5ca3efe008eecf59b335175b33247f291233c3a8ffef898d219066709f07b
Gentoo Linux Security Advisory 201001-4 - Multiple vulnerabilities in VirtualBox were found, the worst of which allowing for privilege escalation. Versions less than 3.0.12 are affected.
3606c9f3bb210a3c7c931fc18ff5f61ea8e172627b138ac29e2bb607f42a5d39
Hesk Help Desk suffers from a cross site request forgery vulnerability.
9874c8de3232fac3291047fe238475fb386cb0475c6c001211f36969978ef5b4
Ubuntu Security Notice 883-1 - It was discovered that NetworkManager did not ensure that the Certification Authority (CA) certificate file remained present when using WPA Enterprise or 802.1x networks. A remote attacker could use this flaw to spoof the identity of a wireless network and view sensitive information. It was discovered that the connection editor GUI would incorrectly export objects over D-Bus. A local user could read D-Bus signals to view other users' network connection passwords and pre-shared keys.
ab33674fe5c889754644b55791e3cbfe63a0cd1b80bcb8efbe5b53f312faf956
Ubuntu Security Notice 882-1 - Maksymilian Arciemowicz discovered that PHP did not properly handle the ini_restore function. An attacker could exploit this issue to obtain random memory contents or to cause the PHP server to crash, resulting in a denial of service. It was discovered that the htmlspecialchars function did not properly handle certain character sequences, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. Stefan Esser discovered that PHP did not properly handle session data. An attacker could exploit this issue to bypass safe_mode or open_basedir restrictions.
cd84529d17d2626ad3cfc09945cde3a151f1ded241b92b2d05de3bbf06264243
Ofilter Player crash proof of concept exploit that creates a malicious .ini file.
703ad65b4f8426288ebddbaf3f51605f1e944c689c59eab2a902e9f221a186d1
NPlayer local heap overflow proof of concept exploit that creates a malicious .dat file.
5e6ecda17bd4819269900bfdd4cd651c585c36475d09f93d8167deaccb69c93c
Debian Linux Security Advisory 1969-1 - It was discovered that krb5, a system for authenticating users and services on a network, is prone to integer underflow in the AES and RC4 decryption operations of the crypto library. A remote attacker can cause crashes, heap corruption, or, under extraordinarily unlikely conditions, arbitrary code execution.
c4c0487c3ec908e26276616469e2ceb5a694e1905319464efe1257fe6f2cb47e