Zero Day Initiative Advisory 11-110 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lotus Domino Server Controller. Authentication is not required to exploit this vulnerability. The flaw exists within the remote console functionality which listens by default on TCP port 2050. When handling A user authentication the server uses a user supplied COOKIEFILE path to retrieve stored credentials. The application then compares this data against the user provided username and cookie. The path to the COOKIEFILE can be a UNC path allowing the attacker to control both the known good credentials and the challenge credentials. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
c60ce5be38ddd1364df0e59214769dec234a68a8836d951b19333cf79651efbd
VSR identified a vulnerability in HFS+, a filesystem implemented in the OS X XNU kernel. HFS+ is the default filesystem in use on many installations of the Mac OS X operating system. By exploiting this vulnerability, an unprivileged user with local access to a machine using HFS+ may be able to read raw filesystem data, bypassing file permissions and resulting in information disclosure.
4c4a96b0699e3dfee3ea36679e925786c985788771d9efba8b469276fa52bc3f
Immunity Debugger version 1.73 contains a buffer overflow vulnerability in its HTTP update mechanism.
eb3222763fbd249397289a12e1bfee1c09d0425cad699d675e1553a2e8d4d505
The Cisco IPSec VPN implementation suffers from a group name enumeration vulnerability. Systems affected include the ASA 5500 Series Adaptive Security Appliances, Cisco PIX 500 Series Security Appliances, Cisco VPN 3000 Series Concentrators.
e273f712e7c79d45e648db42f3dadd108d184c00a953ab5b8689f1e87ed31a6d
Paul Harrington of NGS Secure has discovered a high risk vulnerability in Mac OS X Image RAW. Multiple buffer overflow issues existed in Image RAW's handling of Canon RAW images. Viewing a maliciously crafted Canon RAW image may result in an unexpected application termination or arbitrary code execution. Versions affected include Mac OS X 10.6 through 10.6.6, Mac OS X Server 10.6 through 10.6.6 with RawCamera.bundle versions prior to 3.6.
fc0b316cf82ddc0ac592117f4d7ddb4c7b690bf50443ed7dbdc636202f42012d
Symantec LiveUpdate Administrator suffers from a cross site request forgery vulnerability. Proof of concept is included.
1590de5e204cab69e3bed8c07807a00abee7648f9f8940d58e1c494577fc7b52
Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. An integer overflow issue exists in ImageIO's handling of JPEG-encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. Versions affected include Mac OS X 10.6 through 10.6.6, Mac OS X Server 10.6 through 10.6.6.
8a7f56c6bf5db4c24979da8deb5a498165e211b83b1662e863496e40d68182ac
iDefense Security Advisory 03.21.11 -Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a certain maliciously constructed record. This record is used to describe a formula that is shared between multiple cells. In this record, the 'formula' field is used to specify the formula used. By corrupting certain opcodes within this formula it is possible to trigger a memory corruption vulnerability. This can lead to the execution of arbitrary code. Apple has reported Mac OS X and OS X Server 10.6 through 10.6.6 vulnerable.
63116851ec25226dbd4100de9d28241e487287adbf0d2b37b83b6a4707c90918
HP Security Bulletin HPSBMA02647 SSRT100383 - A potential security vulnerability has been identified with HP Discovery & Dependency Mapping Inventory (DDMI) running on Windows. The vulnerability could be exploited remotely to allow unauthorized read-only access to the data available via the SNMP protocol. Revision 1 of this advisory.
ee2626cfba5637e8bb8b7ada37ec4287b573ef5446851ff7ac057d88fd616159
Zero Day Initiative Advisory 11-109 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on the iPhone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for parsing Office files. When handling the OfficeArtMetafileHeader the process trusts the cbSize field and performs arithmetic on it before making an allocation. As the result is not checked for overflow, the subsequent allocation can be undersized. Later when copying into this buffer, memory can be corrupted leading to arbitrary code execution under the context of the mobile user on the iPhone.
0581a4c68f5e63d36a00736efee38f3d2bb3ee49ea8fb2e43d4cdad83da323dc
Zero Day Initiative Advisory 11-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mac OS X's CFF Decoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the Type1Scaler library processes a specially formatted compact font file. When processing this file, the application will corrupt memory outside the bounds of an allocated buffer. This can lead to code execution under the context of the application that utilizes the library.
f700b77cf7933fcaef38950830e10f9f85a9a55a48cc13affb62f267d9923b03
Secunia Security Advisory - SUSE has acknowledged a vulnerability in aaa_base, which can be exploited by malicious, local users to gain escalated privileges.
40d43cbed42dab5d716806474c7937c55af13547af3aca8a27becc4b3fb8033f
Secunia Security Advisory - IBM has acknowledged a vulnerability in CATIA V5, which can be exploited by malicious people to potentially compromise a user's system.
740a1e22e633f3094d140cc16b0288aff458443fad321ac95e0216ab39fa27b5
Secunia Security Advisory - A vulnerability has been reported in Pango, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
55b22958956b0287eb70624e8d2de77d6541d9a42c720744571e971ae639f618
Secunia Security Advisory - A weakness has been reported in the Secure Pages module for Drupal, which can be exploited by malicious people to conduct spoofing attacks.
56d4769e5637000d3db06980998f45bf5e107b2a0cdd63135185720751ff9471
Secunia Security Advisory - Secunia Research has discovered a vulnerability in Honeywell ScanServer ActiveX Control, which can be exploited by malicious people to compromise a user's system.
491d12a386f21de84d9a103729e26268183f5e411a25fdde3caa61eee887b663
Secunia Security Advisory - Fedora has issued an update for policycoreutils. This fixes a weakness, which can be exploited by malicious, local users to bypass certain security features.
09bc78e13a1d2ae734f53c4563bd55693560445d86e5efb6c2a8afa82c10c027
Secunia Security Advisory - A vulnerability has been reported in Douran Portal, which can be exploited by malicious people to disclose sensitive information.
b752fbcaa30051e2eb84897f3c136f3302d6d9ec31831920beecc547160c7865
Secunia Security Advisory - Fedora has issued an update for pidgin. This fixes some security issues, which can be exploited by malicious, local users to disclose potentially sensitive information.
d829f40c847d5c7ea7a6c9a40aef6c85c3bb77a9a394fc584e0d5f3e3278ae7f
Secunia Security Advisory - A vulnerability has been reported in Novell NetWare, which can be exploited by malicious users to compromise a vulnerable system.
0cd0e2e5cfe5c8a2d4d0459e80a98ffde827f53ec03e4a047224547e188df578
Secunia Security Advisory - Debian has issued an update for maradns. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
098dd24b5b59b691e1199540f25d097050170f7682e761dce0ea6cd765d73ba1
Secunia Security Advisory - Some weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose system information.
190f00cfbf459a94e8c9c7aecb829d70a3840c8d046dc79a5df6282306088246
Secunia Security Advisory - Ubuntu has issued an update for linux and linux-ec2. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, cause a DoS (Denial of Service), and potentially gain escalated privileges.
ba2b9362a8f5ca4a2d11cc0e12b06755bf27f38f44708b1d1075137edd7242b9
Secunia Security Advisory - Ubuntu has issued an update for linux. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information and to cause a DoS (Denial of Service).
0f86070dc8d6111af121eb85db14644d63bdb9c5e5d4f99743105c59f78620b6
Secunia Security Advisory - Debian has issued an update for php5. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
2870509598f2e6bf6e684765835f8963913e6b13c0e3ef1ee4d2a0a8dbc2117c