Secunia Security Advisory - Fedora has issued an update for wireshark. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system.
2680f99870aabf0cbf4853b9c945c1162be5c47957827eb394e9b3ebc62147af
OpenNHRP implements the NBMA Next Hop Resolution Protocol (as defined in RFC 2332). It makes it possible to create a dynamic multipoint VPN Linux router using NHRP, GRE, and IPsec. It aims to be Cisco DMVPN compatible.
e34380ae4624f52e48d3463955f9221884aa98a74af03ec8165619765d8c9c91
CA's support is alerting customers to a security risk with CA SiteMinder. Multiple cross site scripting (XSS) vulnerabilities exist that can allow a remote attacker to potentially gain sensitive information. CA has provided guidance to remediate the vulnerability.
0086b7aee2a4c6e1f497434c6dd1033fc49b8c4e5dabfa495c73ef3dad9e9fb8
Mandriva Linux Security Advisory 2010-054 - Pam_krb5 2.2.14 through 2.3.4 generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. This update provides the version 2.3.5 of pam_krb5, which is not vulnerable to this issue.
fb4f85115c0fdd37d78fb0e3282ca9687dff623ce59648c2678b94d9aec7f90c
Sagem routers remote reset exploit. It affects F@ST router models 1200/1240/1400/1400W/1500/1500-WG/2404.
6dd66d98a8ff326462c7d87ec26495683bd9141e9255e109ffa9173cb5e41ef6
This Metasploit module allows attackers to execute code via the 'WriteFile' unsafe method of Chilkat Software Inc's Crypt ActiveX control. This exploit is based on shinnai's exploit that uses an hcp:// protocol URI to execute our payload immediately. However, this method requires that the victim user be browsing with Administrator. Additionally, this method will not work on newer versions of Windows. NOTE: This vulnerability is still unpatched. The latest version of Chilkat Crypt at the time of this writing includes ChilkatCrypt2.DLL version 4.4.4.0.
f5fc358c931e5cad863d48c12b7b5bd2f2586f9cca6246339d327cfef13918bd
This Metasploit module exploits a stack-based buffer overflow in Ultra Shareware's Office Control. When processing the 'HttpUpload' method, the arguments are concatenated together to form a command line to run a bundled version of cURL. If the command fails to run, a stack-based buffer overflow occurs when building the error message. This is due to the use of sprintf() without proper bounds checking. NOTE: Due to input restrictions, this exploit uses a heap-spray to get the payload into memory unmodified.
8a257918eee93537e405cc218701960973136185e85d5e2b8f61efc33ae7b6b3
VMware Security Advisory - Updates have been issues for ESX Service Console newt, nfs-utils, and glib2 packages. vMA updates for newt, nfs-util, glib2, kpartx, libvolume-id, device-mapper-multipath, fipscheck, dbus, dbus-libs, ed, openssl, bind, expat, openssh, ntp and kernel packages have also been issued.
0ae5770077c762418cfd24f3ee041e3030eda4c4cf779c13c8b5a0c5d3c879ca
Debian Linux Security Advisory 2007-1 - Ronald Volgers discovered that the lppasswd component of the cups suite, the Common UNIX Printing System, is vulnerable to format string attacks due to insecure use of the LOCALEDIR environment variable. An attacker can abuse this behaviour to execute arbitrary code via crafted localization files and triggering calls to _cupsLangprintf(). This works as the lppasswd binary happens to be installed with setuid 0 permissions.
a35a24df791b66debd2d29b4aab39f8a82030daf160f0b4952edd924f7715ef0