Ubuntu Security Notice 940-1 - It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC or kadmind services to crash, leading to a denial of service.
3a1b15d7feb5baa1e9ef51b23ea5560f739645a55f3ec4b92a3235d5043a3820
CommuniCrypt Mail version 1.16 (ANSMTP.dll/AOSMTP.dll) Active-X buffer overflow exploit.
52df9cbdb8622bd771beb386d5a6fbca357bda60f58016ef745a1f5afdae5714
Joomla ActiveHelper LiveHelp component version 2.0.3 suffers from a cross site scripting vulnerability.
04e7ef36c839faaf206f96b48b0cf37cd4f0aad0a8baa4f219778ee65ff2a38a
DBCart suffers from a remote SQL injection vulnerability.
37b2258cb27131087e6189926ec3aa5725e8d32f55b5925f5efa350bd558368b
27 bytes small Solaris/x86 execve("/bin/sh","/bin/sh",NULL) shellcode.
6fbd240b11e7e8c184ffc762b3948733357250ef2f698105716ad6e7c52e0e08
SyncBack Freeware version 3.2.20.0 local buffer overflow exploit that creates a malicious .sps file.
87370c4f68dc789390ad72b4b9ca2c5ee5992dd1ea78373e0fdb715c43946353
Mandriva Linux Security Advisory 2010-101 - It was possible for DROP TABLE of one MyISAM table to remove the data and index files of a different MyISAM table. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have been patched to correct this issue.
438f71a4c2502763e58078d70a573dfbd7495cd314e7adaf308c2a817f3a5ca3
Secunia Research has discovered a vulnerability in Orbit Downloader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitizing the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. The vulnerability is confirmed in version 3.0.0.4 and 3.0.0.5. Other versions may also be affected.
5825ac39d755020d1305d07d57da443f669935047166133b4fe048ba2ff493bd
Mandriva Linux Security Advisory 2010-100 - Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have been patched to correct this issue.
0f940ffa82adab2d23257ec3d063e5627e8a6ec0a43531f062da07e8bd98ce77
CYBSEC Security Advisory - The McAfee Email Gateway suffers from a web administration broken access control.
63ec88451263b5d26ff0faf2d7cdb4dee405a6b42a14401f0f1265af7d5c574d
Google Chrome version 4.1.249.1059 suffers from a cross origin bypass vulnerability in Google URL (GURL).
b457b91104bdef4b23f16cd761c6026a6933655fd768dc81f457ea384be25ccf
Battle Scrypt suffers from a shell upload vulnerability.
aa795e8f7468906441f6edee4e41182f38dacca60a0faed15e07e599b028ec85
SelfComposer CMS suffers from remote SQL injection vulnerabilities.
8e4b88bb897eebb2b9143146ca7f61dcbffff9dca7e54a247511534143e9a1f7
Lokomedia CMS version 2.0 suffers from a cross site scripting vulnerability.
0f8adf2a64a92a722b964594b44d81220711c86d5bcd401afff104dafe4e625e
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
da734592a7192747fd66c05459d27daeb3e49aea92dd5dadc3305a6b8ee081e8
The D-Link DI-724P+ router suffers from a cross site scripting vulnerability.
5f9063506f2a28e50140ddd27f69d0b1652854d80f9ad864d303265cae695f0d
PSec QtWeb Browser version 3.3 denial of service exploit that is based in cross site scripting.
78ba27a00c8e10f3730a3b85eb7e87200ffd424a90735e91642c220a715bc5b4
HP Security Bulletin - A potential security vulnerability has been identified with NFS/ONCplus running on HP-UX. The vulnerability could result in a remote Denial of Service (DoS) and increase in privilege.
0bdbac923be2be09d92f6837998ceba6674b81f9aea62f3cf0b0d97cea039cff