Secunia Security Advisory - Ubuntu has issued an update for irssi. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and bypass certain security restrictions.
9a1be618f94390cbb1100658e21095f5dc665c52d14ddcdaf9cd96c030010db6
Secunia Security Advisory - Lincoln has discovered a vulnerability in Archive Searcher, which can be exploited by malicious people to compromise a user's system.
4a64aaf9144f6d36cb196fd54f3567c4f31668ffaabac44ee720088b236a22b5
Secunia Security Advisory - A security issue has been reported in IBM Lotus Notes, which can be exploited by malicious, local users to gain escalated privileges.
1cb6bf6b831aa040f4a4f30dbab0aa9fd39cbb08bad73098fb7bfa86b020bf04
Mandriva Linux Security Advisory 2010-075 - OpenOffice's xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled.
23ab26a558f6ee10fc5753b67472cba4b55f9540928eebeb46b588ba97cdd500
Debian Linux Security Advisory 2033-1 - It was discovered that in ejabberd, a distributed XMPP/Jabber server written in Erlang, a problem in ejabberd_c2s.erl allows remote authenticated users to cause a denial of service by sending a large number of c2s (client2server) messages; that triggers an overload of the queue, which in turn causes a crash of the ejabberd daemon.
e7edd775ac43feec7d97a50aeb98d39cfcf4474425ecb6a5d37f562bdd25cfeb
Siestta version 2.0 suffers from cross site scripting and local file inclusion vulnerabilities.
bee016f0371e25202211f563de552870728eab883435d92420c3efa45517088b
Ubuntu Security Notice 929-1 - It was discovered that irssi did not perform certificate host validation when using SSL connections. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Aurelien Delaitre discovered that irssi could be made to dereference a NULL pointer when a user left the channel. A remote attacker could cause a denial of service via application crash. This update also adds SSLv3 and TLSv1 support, while disabling the old, insecure SSLv2 protocol.
591dd365d779ce5c360c93bf7c0aa20059dc2ce95cebcad97cb333b90ee94e22
Ubuntu Security Notice 890-6 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for CMake. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
1f32136aec10fe43a90bf2ba1b04fc4cb7a66b529d203b5c07c70c2fef09e488
Ubuntu Security Notice 928-1 - Valerio Costamagna discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command when the PATH contained only a dot ('.'). If secure_path and ignore_dot were disabled, a local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. By default, secure_path is used and the sudoedit pseudo-command is not used in Ubuntu. This is a different but related issue to CVE-2010-0426.
df59af3d86e31c22e26814b4aa1ab11c9bd89f40477850b2aff9f197b5257410
The Joomla Manager component version 1.5.3 suffers from a remote SQL injection vulnerability.
9115add5895fa978a7381a4fc5415566555a6464d23efc8212d58b9f5c67f1c7
22 bytes small execve("/bin/sh", 0, 0) shellcode.
895dc725c45e22d2e8b7b7b86fc38834256bd514eec1dd87f75bf0b468892a88
Oracle Financials R12 suffers from a remote SQL injection vulnerability.
bc6073b73bb7d906eb7b8c0c493c1fba57d3478f2f57be2d7035684045cce015
Mandriva Linux Security Advisory 2010-074 - A vulnerability has been found and corrected in kdm. KDM contains a race condition that allows local attackers to make arbitrary files on the system world-writeable. This can happen while KDM tries to create its control socket during user login. This vulnerability has been discovered by Sebastian Krahmer from the SUSE Security Team. It is advised to reboot the computer after applying the updated packages in order to the security fix to take full effect. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
6e44ca1184ea3d7240884fb255869f8532643ab9fbb175bc2751a3c59775512e
This is the Next Generation Web Scanning Presentation. It includes a methodology to scan the webspace of an entire nation using some new tools and techniques. WhatWeb, bing-ip2hosts, gggooglescan and basedomainname are open source security tools developed by MorningStar Security that were published during the first presentation of this at the KIWICON III conference in December, 2009.
5ba140b88894b5c3a0203028fb94ebcd13b23d6d1cb59e76c0371405ab41ddfc
The Softbiz B2B Trading Marketplace script suffers from a remote SQL injection vulnerability.
f49bf09a5ac9756e14ab3a04629d45aab0c9164ebddf3cd251087ce538aad748
The Joomla iProperty component version 1.5.3 suffers from a remote SQL injection vulnerability.
1bd782b2c41f21f57474c9eb77515cc9b2737b387e86aa1280aedc825b283de4
Magneto Software Net Resource Active-X control version 4.0.0.5 NetFileClose universal SEH exploit.
dafefbd5a052860e28f1d8e9700565ab0968b540cdced6a2cbaa906f1feb6536
Magneto Software Net Resource Active-X control version 4.0.0.5 NetConnectionEnum universal SEH exploit.
b9d10fbbbac55c6ecb0fb0eba1ffc33a39c1f7370d0dd65dc9d8ebf8764a0ca6
sydbox is a ptrace-based sandbox implementation. It intercepts system calls, checks for allowed filesystem prefixes, and denies them when checks fail. It has basic support for disallowing network connections. It has basic support to sandbox execve calls. It is based in part on catbox and strace.
5004fd112d61aad54f9760fd1e280ac74d0173b401438d498c6c8a02be52ae59
The IBM BladeCenter Management module suffers from a denial of service vulnerability.
2fdefac0d8be7e6b47669981826466ac5d6de34aad57eb161e0f1651ff4e02b5
RPM Select/Elite version 5.0 .xml configuration parsing unicode buffer overflow proof of concept exploit.
9034335ebbaa40be41e9489ec6f3ae07375784a6405bd4596cb75dead04ed4aa
MagnetoSoft NetworkResources Active-X control version 4.0.0.5 universal NetShareEnum exploit.
e5e9dd457a5d47a4167714edcf50f29f18d400bc390885e0b371d105f6e66821
Camiro-CMS version beta-0.1 suffers from a shell upload vulnerability.
f4fbcf2c7f7e9d9f60cd7f053d758f8cdf3727328c2933d739eed989fcb5183f
A vulnerability has been discovered in WinAsm Studio, which can be exploited by malicious, anonymous individuals to compromise a vulnerable system. The vulnerability is caused as a result of improper bounds checking when reading *.RC files. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a maliciously constructed WinAsm project. Successful exploitation of this vulnerability enables execution of arbitrary code.
cac61971a806256c82d88639df3941d774e2d8d97822a4753e3252dbfc46d176
A vulnerability has been discovered in Crimson Editor, which can be exploited by malicious, anonymous individuals to compromise a vulnerable system. The vulnerability is caused as a result of improper bounds checking when reading words from dictionary files. This can be exploited to cause a stack-based buffer overflow by tricking a user into using a maliciously constructed dictionary file.
77d71adfa6feb8523e2123fc6e21a10f3bc85e3124fc21eadbf2165dad3e156a