Gentoo Linux Security Advisory GLSA 200706-03 - Arnaud Giersch discovered that the add_filename_to_string() function in file intl/gettext/loadmsgcat.c uses an untrusted relative path, allowing for a format string attack with a malicious .po file. Versions less than 0.11.2-r1 are affected.
8d7e63c6ab6f0de085de5c4192022d277d750df211de20f98ce2f25dfddd2f7e
Gentoo Linux Security Advisory GLSA 200706-02 - Ulf Harnhammar from Secunia Research has discovered a format string error in the write_html() function in the file calendar/gui/e-cal-component-memo-preview.c. Versions less than 2.8.3-r2 are affected.
71360f7d5a83f20506cb31ba8e95914f7f36eb539553e2c72ca0778680ff566f
DenyHosts, Fail2ban, and BlockHosts are vulnerable to remote log injection attacks that can lead to arbitrary injection of IP addresses in /etc/hosts.deny.
8bda772b2de34916e706de270c5be22d04dc763b90b83e944118ee2f55ecc07e
Light Blog version 4.1 suffers from a cross site scripting vulnerability.
0f4ad51426b878029cf3cf08020f11932c9fe929c32258b7b1c0f83bfcbaf735
RFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r).
4b499055c970530937adabe851561a4416f87e34b7dce2603d9a670081022ec6
iDefense Security Advisory 06.05.07 - Remote exploitation of multiple denial of service vulnerabilities in Symantec Corp.'s Ghost could allow remote attackers to crash the Ghost service. These vulnerabilities affect both the client and server daemons due to what looks like a shared communications library. The daemons listen on UDP ports 1346, and 1347 respectively. By sending a malformed UDP-based request to either service, an attacker can cause the service to crash due to an invalid memory reference. This condition can be caused by any of several unique requests. In each case, the particular cause for the access violation varies. iDefense confirmed the existence of these vulnerabilities using Symantec Ghost version 8.0.992 (as supplied with Ghost Solution Suite). Other versions may be vulnerable as well.
b66143fb85b4ecc4a638b1b0c2312cb75c9821753c09e18d841ae956fee69f82
This whitepaper is a presentation of methods used to penetrate web servers with various examples and some ideas on how to fix the vulnerabilities.
ef69300e90e6306ca50fb24a0a83ab5e9f9ba12ac5c9957dbcffae9e0f7575bc
The CSIS Security Group has discovered an "Integer division by zero" flaw in the GDI+ component of Windows XP. Exploitation of this flaw can result in a denial of service condition.
7980b62bbb2093953a906e97875be655482e9335939734e9bd72a508ae4ef66e
Ubuntu Security Notice 469-1 - A weakness in APOP authentication has been discovered in Mozilla Thunderbird. Additionally, various flaws were discovered in the layout and JavaScript engines.
6a5b07673c9e18ef70ac98fb87c93a90eab38f92f0d5ba20debaed79ea4449ca
Cacti suffers from a denial of service vulnerability when an authenticated user manipulates some parameters.
440e27ea43b2248169ef4a5a77bf56e93b2cb09dfb579ee25aa362b1faf3c7cf
Mandriva Linux Security Advisory - lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.
8233710d362155b2373263e89415fc48a34feb82e6aa5230f4f058d91e7f3699
Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
9b8196a0f22153c7a1013cdf750477fa3763792e4d21045d0f68564dabf789cf
Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
47efe5d658ac943387fc635d10ed36b5d34a9d35abda43806256b427ca4bdaa1
HP Tru64 remote secure shell user enumeration exploit.
08abc2bc8e46245c8a000cd064c55c818fc2dd3ec65867d82d5156554ce8a7d2
IBM Tivoli Provisioning Manager PRE AUTH remote exploit that binds a shell to TCP port 4444.
274b58c71804e51a1b53bb25dfe6e426f2dad792e863c34a4944ce547967aa3a
Internet Explorer 6 / provideo Camimage class (ISSCamControl.dll version 1.0.1.5) remote buffer overflow exploit.
3aab16ecb5367ff36e1d1932841b62652beb912e7e48c1e65e46180075fbf37d
Zenturi ProgramChecker ActiveX sasatl.dll remote buffer overflow exploit.
97a5b5c12e08ca387c7dd60f60fa00fd6d9b6f46289d6bc720ef1ef70cd7ef63
Screen versions 4.0.3 and below suffer from an authentication bypass vulnerability when it is locked.
b967318756ba3a99cd10614a3f1df67c080af7881ed47503fbff5decaf6edf5a
DVD X Player version 4.1 Professional .PLF file buffer overflow exploit.
78eb0dd0da83d8445be445af9b4b383c5c9621fc8177717c9ea0863ad505a8ae
Kartli Alisveris Sistemi version 1.0 suffers from a remote SQL injection vulnerability.
b187b77e1f0354623d283147f19244b2ffffdb3e270d322c7fbf299268944a99
Wordpress version 2.2 remote SQL injection exploit that makes use of xmlrpc.php.
3e6963c3b5b7d011738fd48340c04cfcb6dac32b59ece096d209e950b7e598e8
Comicsense version 0.2 remote SQL injection exploit that makes use of index.php.
1000c185bd868962ceeb0527ca535dd206f0f2f937059c498102bac6c17d3390
PBLang versions 4.67.16.a and below remote code execution exploit.
ddea26ba775c98a928c93d671becbd34a279d12fb8fa4f8c9f3bf1cdda74fe0a
Mandriva Linux Security Advisory - A flaw how libpng handled malformed images was discovered. An attacker able to create a carefully crafted PNG image could cause an application linked with libpng to crash when the file was manipulated.
017e9fa350056fb86d18ca033b7d565a504ce7aadef5c8c7be4eb2fa8f4139dc
Mandriva Linux Security Advisory - The update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer overflow in the file_printf() function, introduced a new integer overflow as reported by Colin Percival. This flaw, if an attacker could trick a user into running file on a specially crafted file, could possibly lead to the execution of arbitrary code with the privileges of the user running file. As well, in file 4.20, flawed regular expressions to identify OS/2 REXX files could lead to a denial of service via CPU consumption.
cae4022bb7ea6910fc77cadf0b9d709a67740bfc9477488f415d84f5f6312cdd