CHM files contain various tables and objects stored in "pages." When parsing a page of objects, CHMlib passes an unsanitized value from the file to the alloca() function. This allows an attacker to shift the stack pointer to point to arbitrary locations in memory. Consequently it is possible to write arbitrary data from the file to arbitrary memory locations. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code with the permissions of the user viewing the file. An attacker would have to first convince the user to view the CHM file through some type of social engineering. iDefense has confirmed the existence of this vulnerability in CHMlib version 0.38.
74680a0ac82f6ab9112f2baf2c1524efe089c3ad40b596afccd34cfe22c19e28
The Cisco Catalyst switch suffers from a denial of service vulnerability related to VTP.
0f9bb8c8c7b5e234ea5320969317bf70ea0f63174091b38c82e5721e6cb32d88
PHP Membership Manager version 1.5 suffers from a cross site scripting condition.
fac36d1f2ed29e1cdedc82f2e2a09a13bbe2a121df4ec98f45f4dbe93d27caf6
Yahoo! Messenger versions 8.1.0.29 and below suffer from a javascript injection flaw.
4b364470e048ac46853af776177c87a93533e952fea81b7179eb21d20ccdf21b
Month of Apple Bugs - Ruby exploit that demonstrates how CFNetwork fails to handle certain HTTP responses properly, causing the _CFNetConnectionWillEnqueueRequests() function to dereference a NULL pointer, leading to a denial of service condition.
f7406daaadebb8a416333b8bedaa7f1ba60dc4e0d60fe455f34deb18ee74e296
Month of Apple Bugs - C exploit that demonstrates how CFNetwork fails to handle certain HTTP responses properly, causing the _CFNetConnectionWillEnqueueRequests() function to dereference a NULL pointer, leading to a denial of service condition.
3199da9edd031aaa3b4b089d6910159ef30dde29e74ba47226c79241f26f3d3f
Mandriva Linux Security Advisory - Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.
d77cb1e58db4017a23d5119f570e069e15b83bbf49749d066985883c4d7796bb
Gentoo Linux Security Advisory GLSA 200701-24 - Kevin Finisterre has discovered that when handling media locations, various functions throughout VLC media player make improper use of format strings. Versions less than 0.8.6-r1 are affected.
4db9d6a033b851b61a909b7dca5d8db1695ff1b8a8f8bff12098cc358018bb1a
The Intel wireless mini-pci driver provided with Intel 2200BG cards is vulnerable to a remote memory corruption flaw. Malformed disassociation packets can be used to corrupt internal kernel structures, causing a denial of service (BSOD). Proof of concept exploit included.
96c1c5bf7fd32a53f660b0d112ab257bb65b17df4bb6322e76691519e7c61735
Gentoo Linux Security Advisory GLSA 200701-23 - rgod discovered that the Cacti cmd.php and copy_cacti_user.php scripts do not properly control access to the command shell, and are remotely accessible by unauthenticated users. This allows SQL injection via cmd.php and copy_cacti_user.php URLs. Further, the results from the injected SQL query are not properly sanitized before being passed to a command shell. The vulnerabilities require that the register_argc_argv option is enabled, which is the Gentoo default. Also, a number of similar problems in other scripts were reported. Versions less than 0.8.6i-r1 are affected.
d7c555a36f1c81a20d475dec900dd864703e67805460f47bbdafa3430ea716ff
Ubuntu Security Notice 410-2 - USN-410-1 fixed vulnerabilities in the poppler PDF loader library. This update provides the corresponding updates for a copy of this code in tetex-bin in Ubuntu 5.10. Versions of tetex-bin after Ubuntu 5.10 use poppler directly and do not need a separate update. The poppler PDF loader library did not limit the recursion depth of the page model tree. By tricking a user into opening a specially crafter PDF file, this could be exploited to trigger an infinite loop and eventually crash an application that uses this library.
08ee482c20f46c68cd6cf2d08234745c81378dc1bc923d29ae15446df5fa4630
bluebugger is an implementation of the bluebug technique which was discovered by Martin Herfurt from the Trifinite Group. It was tested with the Nokia 6310i, Nokia N72 and Sony Ericsson T68i.
6879a83826bef64ce9e446f98f0308b7d0cc69f9126d6391a9636f797967e936
NGSSoftware has discovered a medium risk vulnerability in PGP Desktop versions prior to 9.5.1 which can allow a remote authenticated attacker to execute arbitrary code on a system on which PGP Desktop is installed.
5061c9fe73a58597f1bf1e699331bbcdc95539889e7c38b2915728e608977c3c
A local buffer overflow vulnerability in the VSAPI library in Trend Micro VirusWall version 3.81 on Linux allows arbitrary code execution and leads to privilege escalation.
2c17540c6c33d93e818379d4381bc07d96560541c42d1a823b05b1f8a97aec8a
Local root exploit for vscan/VSAPI in Trend Micro VirusWall version 3.81 on Linux.
9d755b5bafb1a729d747106a19b5bdf4cf329021970131996e1098b977f41310
Gentoo Linux Security Advisory GLSA 200701-22 - Squid fails to correctly handle ftp:// URI's. There is also an error in the external_acl queue which can cause an infinite looping condition. Versions less than 2.6.7 are affected.
b31d0c08a6602e121b269b53458495f45390f11a89b52e6792d5e2cad12ac663
In PHP 5.2.0 it is possible to bypass safe_mode using writing mode.
146c4e06b2914516d79cb83afd2fb7356244433c4db5e34e399e6cdc488eaca4
Netragard, L.L.C Advisory - It is possible to take control of an @Mail webmail email account by exploiting a Cross Site Request Forgery (XRSF) vulnerability in the @Mail webmail product. An attacker can send a specially crafted email to any @Mail webmail user with a forged "img" tag. This forged tag, if crafted properly, will inject new settings into the @Mail webmail users account. Version 4.51 is susceptible.
b627e59c9804ad47e3a14c93ce12874b3658b67c476646c57f75d4949ef620ce
Siteman version 1.1.11 suffers from a remote password disclosure flaw.
9c34460266ceba58da69e99b79c232f3c39a1cc84eb51b847fc0de7f563f296a
Earthlink TotalAccess suffers from an unsafe method call that allows remote attackers to add entire individual e-mail addresses or entire domains to the spam whitelist.
0405f9239c0763a98ed9173ab89281faae30dfcb72a6ba684a122482250dc4f4
Aztek Forum version 4.1 exploit that demonstrates multiple vulnerabilities including SQL injection and filter bypas flaws.
981c779961031b5c76898596d2e11fac06d836924f262d6e6ce915897ad516eb
Siteman version 2.0.x2 suffers from a remote password disclosure flaw.
a0d7d79440348673ae6422980fe047110b731c64082359ca4df99be982eddc89
uniForum versions 4 and below suffer from a remote SQL injection vulnerability in wbsearch.aspx.
23c084a4125a16749509ba6ca1d0cf5d4ea29a32d0580a2a8cf6a9088e60e593
makit news/blog poster versions 3 and below suffer from a remote SQL injection vulnerability in news_page.asp.
9d971d37dd0a2964f7b78dd6b427200905345294e381a3aca416fadf91ad83d3
ASP EDGE versions 1.2b and below suffer from a remote SQL injection vulnerability in user.asp.
1e33aa05c09debb585604e20f242e058dee9e37283a03b9b377537c31d839418