Zero Day Initiative Advisory 11-127 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the management.asmx module of the Management Web Service. This process responds to SOAP 1.2 requests on port 34444 for HTTP and port 34443 for HTTPS. Due to a flaw in the implementation of the getDBConfigSettings method, it is possible for an unauthenticated user to obtain the server's database credentials, which are transmitted via plaintext. Given the database credentials, it is trivial for a remote user to authenticate to the server and execute arbitrary code under the context of the database administrator.
9fa33067aa130781fbca691ab154e2e2a3db26473c6f6b321ca13b718821e3c0
Zero Day Initiative Advisory 11-126 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Endpoint. Authentication is not required to exploit this vulnerability. The specific flaw exists within CA.Itm.Server.ManagementWS.dll. Due to a failure to properly sanitize user-controlled input, it is possible for a remote unauthenticated attacker to upload and subsequently execute arbitrary code under the context of the CA Total Defense Heartbeat Web service. Requests delivered to FileUploadHandler.ashx are subject to arbitrary file writes, including directory traversal attacks, in the GUID parameter. The Heartbeat Web service listens for HTTP requests on port 8008 and 44344 for HTTPS.
dad5be5eb24d551c6fb279d2bc92a6b4dd9214d0faf839139e13b499c4cdcdcc
The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer overflow error in the GDI+ library when parsing certain values within a EMF image file, which could be exploited by attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.
e9d976818013ca305eba57812572521d3237061c36f4c3f3f638dc81c1690983
The Joomla Phocadownload component suffers from a remote file inclusion vulnerability.
75126f705c6eccf0edffa88f87a6f97f73ff444248c393a5f278865b36a740cb
Winamp version 5.6.1 remote command execution exploit that creates a malicious .pls file which downloads http://127.0.0.1:8888/ked/k.exe and executes it.
951cfcd795431f472714b27715c7498a8c271c5442fc74020bf46e76bcfd93c4
Winamp versions 5.6.1 and below denial of service exploit that creates a malicious .au file.
1093736eb6916886f123f020cd47b6de1b3bc2e092a5d7c3d45937d0657f9882
Media Player Classic version 6.4.9.1 proof of concept exploit that creates a malicious .au file.
134154b172315b3f457db473e7221cb578b4f12b409c0d41fe7e3231e831a63e
Xilisoft Video Converter Ultimate proof of concept exploit that creates a malicious .au file.
de29b039e5dfabc8258ae8aecefa1698b9b9d901d5d73c4bacc6cff4eb59d873
This Metasploit module exploits a stack buffer overflow in Winamp versions 5.6. and below.
fabf211b3b506c551c2e8279623e0cc08abb01c2f42086093e1fc4ca1b63808a
The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office. The vulnerability is caused by an integer overflow error in the MSO component when parsing certain values within an Office document, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a malformed Office file (e.g. Word). Microsoft Office XP Service Pack 3 is affected.
2d2ef1ad1bdc1ee43e992f908da55b1ea19d51d2bcabcf4e211f64a913e1e003
iDefense Security Advisory 04.12.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when Excel parses a specially crafted Excel file. Specific values within this file can trigger a memory corruption vulnerability and may allow arbitrary code execution. The following Microsoft products are vulnerable: Excel 2002 SP3, Excel 2002 SP3, Excel 2003 SP3, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac.
230c8ce9bbb3feb7d012305ab9e3d158088e64a47a65651244ca80553d4b4f3f
HP Security Bulletin HPSBUX02653 SSRT100310 - A potential security vulnerability has been identified with NFS/ONCplus running on HP-UX. The vulnerability could result in a remote Denial of Service (DoS). Revision 1 of this advisory.
62ad5fbdba555b4929d654800aa842565df16d24e0b2f7a95afe9dea6093a43e
Secunia Security Advisory - Multiple vulnerabilities have been reported in Sonexis ConferenceManager, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct SQL injection attacks.
a876f8c587dc34ea2402a2823709609435e3279f0eab4bd909625a1d81ab6896
Secunia Security Advisory - A vulnerability has been discovered in Kerberos, which can be exploited by malicious people to cause a DoS (Denial of Service).
76526dfbd065f5c59628aade6290decbe32236188eb28814b2440adb270a415b
Secunia Security Advisory - Some vulnerabilities have been reported in OTRS, which can be exploited by malicious people to conduct cross-site scripting attacks.
0fe7fef4ded2f399ceed87f4268fd9b90470dde0c258715abe177017495d59da
Secunia Security Advisory - SUSE has issued an update for libvirt. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
23cd03460ab71061d8c3a25548525472ab4b131d1a9d69f153d0eed2236434a0
Secunia Security Advisory - Tim Brown has reported a vulnerability in KDE Konqueror, which can be exploited by malicious people to conduct cross-site scripting attacks.
f92d4dd11e17d137cc8218a1dd58b4e8767d63c8c087e595d79f291faa815609
Secunia Security Advisory - A vulnerability has been reported in McAfee Firewall Reporter, which can be exploited by malicious people to bypass certain security restrictions.
b94ff76238953cba6dc8356fd6ab70c32484d8e85b11a68d478c235d35c34f99
Secunia Security Advisory - HP has issued an update for BIND in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
b0c48c9c900da34c4dc834f62d2c9368d2f102ea6b3eaf6b0bda624f8db777fe
Secunia Security Advisory - Fedora has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
557094c1b03dee2d3facb60dfe221d08179d9ca923438275f2750d1835c7620c
Secunia Security Advisory - A security issue has been reported in Xataface, which can be exploited by malicious people to hijack another user's session.
a14c9091ba5b3c836324a5d37a5acaa48bc8a982f33e379090b05a40ec441102
Secunia Security Advisory - Two vulnerabilities have been discovered in Wordtrainer, which can be exploited by malicious people to compromise a user's system.
9a114569e77df045996dfcb44ad22729ee46b52d8304fd0b172a831fe7dfd180
Secunia Security Advisory - A vulnerability has been reported in SPIP, which can be exploited by malicious users to cause a DoS (Denial of Service).
5ba1c98279a509bf368963560e8d171d0abf0c802435c9c5c14d60082dce6022
Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in WebJaxe, which can be exploited by malicious people to conduct cross-site request forgery attacks.
a59a8d6e3c7422bd12aff12f2fe123949681bc002b884799d8d346f32a0ee414
Secunia Security Advisory - Research In Motion has acknowledged multiple vulnerabilities in BlackBerry Enterprise Server, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
09094cd960b9f47d0cd1d6e26692ba6190fab68f5a570a29eaed32afeda91bb9