Modification of Apache Scoreboard data, shared by root (uid=0) and www-data process, allows triggering of invalid free in root process during apache shutdown, exploitation seems impossible except for really broken chroot configs.
c4fca211361fbba0c2cbccb0c6f798909ec36dbe33e746db01cba353100298ff
Zero Day Initiative Advisory 12-013 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLCacheMgr class ActiveX control (CLSID 6F255F99-6961-48DC-B17E-6E1BCCBC0EE3). The CacheDocumentXMLWithId() method is vulnerable to directory traversal and arbitrary write, which allows an attacker to write malicious content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser.
fb8b831fc3f8ef0caabf7245c41d9901f42f711cc94d051774a0ba7e986d52a1
WordPress Count-Per-Day plugin versions prior to 3.1.1 suffer from cross site scripting and arbitrary file download vulnerabilities.
8dd2986880566874ff8c8bc2d9c51ad28065c7666916931af730b032d4f7bf33
The AthCon 2012 Call For Papers has been announced. It will take place in Athens, Greece on May 3rd through the 4th, 2012.
1a960546cd1d7de746e92fa35ed6430f329adeddc5baf55315890ea2282c4f75
A logic flaw has been found in the way .NET grants permissions to ClickOnce applications. Combined with relaxed security warnings when handling OLE Packages in Office 2007 allows for attackers to run arbitrary .NET assemblies with Full Trust permissions.
00e1066c2923521d1053ae01947493005e91c3b5cd22f3ffe201033ada37e948
The WordPress wp-autoyoutube plugin suffers from a remote blind SQL injection vulnerability.
67a45fdd0bdbc847f76b89772c39087ded9abbfc838c45f79eff0eddb9d09aba
WorldMail imapd version 3.0 SEH buffer overflow exploit that binds a shell to port 4444.
4a169652bf1465e46a423683035c0a8a8a764fad5c34b41e268995a272c60a21
Zero Day Initiative Advisory 12-012 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Security-as-a-Service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within myCIOScn.dll. MyCioScan.Scan.ShowReport() will accept commands that are passed to a function that simply executes them without authentication. This can be leveraged by a malicious attacker to execute arbitrary code within the context of the browser.
fa83ba3ec153c2ff1c1cd62b2e99cbd60848c207d2f1408e77af54aaa5c616c2
GreenBrowser suffers from a double free vulnerability in an iframe object that can lead to arbitrary code execution. Versions 6.0.1002 and below are affected.
a5167043e35f5383386a312b6cac27d75147f7effe146076b23b44609085cb13
FineArtPost suffers from a cross site scripting vulnerability.
99868fa03684b7957f38f4998b7dd0fa5d9f3a046484e69595f2690f7bd7ec49
Lead Capture Page System suffers from an account creation / authentication bypass vulnerability.
e91264eb3ec7199a5ea157bda4439c1a09faddfad6adb7ee10bce2850bd58932
HP Security Bulletin HPSBPI02698 SSRT100404 2 - A potential security vulnerability has been identified with HP Easy Printer Care Software Running on Windows. The vulnerability can be remotely exploited to write arbitrary files to the system and execute them via the browser. Revision 2 of this advisory.
3e7e46abd157b19f362100e4a90c5d2893d0ee1f5da89555ccd9e332d9e247f6
This bug is triggered when the browser handles a JavaScript 'onLoad' handler in conjunction with an improperly initialized 'window()' JavaScript function. This exploit results in a call to an address lower than the heap. The javascript prompt() places the shellcode near where the call operand points to. The module calls prompt() multiple times in separate iframes to place our return address. The module hides the prompts in a popup window behind the main window and then it will spray the heap a second time with the shellcode and point the return address to the heap. It then uses a fairly high address to make this exploit more reliable. IE will crash when the exploit completes. Also, please note that Internet Explorer must allow popups in order to continue exploitation.
dfbe6b34adf9a6a1783c641f7329756e98c1bb69d235bba9e36f55dd9ec0f6b0
Claroline CMS suffers from a stored cross site scripting vulnerability.
184a813ebf6effe0e7b33cf5cf885898222b33d2e8eca7e1cdb5e00201ce0b9c