Mandriva Linux Security Advisory 2009-217-2 - A number of security vulnerabilities have been discovered in Mozilla Thunderbird. The previous mozilla-thunderbird-moztraybiff packages had the wrong release which prevented it to be upgraded. The new packages addresses this problem.
5d153e895d2c4dc83174535c48a54a3e25b1eb3bc4bd5b2021de6a9d2f438c6e
FreeBSD version 7.2 VFS/devfs race condition local root exploit.
0962dc609b578253e7a0077ff12df2f5ca748f4130b4878e9ea7f88748d745d0
FreeBSD version 6.4 pipeclose()/knlist_cleardel() race condition exploit that results in a NULL pointer dereference and runs code in kernel mode giving a root shell and escaping from jail.
ff5a5f20c66ed5ad7afaa75d4c20c068bb2ea0c34ba9b00106c522b3827ab739
Mandriva Linux Security Advisory 2009-217 - A number of security vulnerabilities have been discovered in Mozilla Thunderbird.
23af80c1b7971740b54732c05fcee9a0e68f26cda0ac036694fe85e3e7b41042
Ubuntu Security Notice 845-1 - Pavel Polischouk discovered that Pan incorrectly handled certain data structures. If a user were tricked into viewing malicious nntp data, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
8a07b43623964554ee4d60030d33abaa73cee06f563bc7b18311e5fb89cf9196
Ubuntu Security Notice 844-1 - Chris Evans discovered that mimeTeX incorrectly handled certain long tags. An attacker could exploit this with a crafted mimeTeX expression and cause a denial of service or possibly execute arbitrary code. Chris Evans discovered that mimeTeX contained certain directives that may be unsuitable for handling untrusted user input. This update fixed the issue by disabling the \\input and \\counter tags.
6ebcdd3ec522f75d7b824d647265faab643b4fafb8577e9bbd25a36e4e4fad79
The BMW inventory.php script suffers from a remote SQL injection vulnerability.
3c9bcfb16697ae94c4cde39bfc91d31405bae08f03e6a05ae71d30407236a042
httpdx web server version 1.4 if vulnerable to a remote buffer overflow vulnerable when supplied a long GET request. Exploit is written for httpdx 1.4 on Windows XP SP3 and binds a shell to port 58821.
5d96dbe8f5911c612a8f12706970eff41b42e26d83533dd643d8743bbe48c779
DreamPoll version 3.1 suffers from remote SQL injection and cross site scripting vulnerabilities.
96540251c99a71b9548802ebedafaafcfd836b4aa7264156b4aae4a60ffc0e2b
Free WMA MP3 Converter version 1.1 local buffer overflow exploit that creates a malicious .wav file and executes a reverse shell.
91a500175b9cf71b97054fc07b9ac5c5a2c5625d18c5b8c212a166f6e30ed90d
Mandriva Linux Security Advisory 2009-259 - preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. The updated packages have been patched to prevent this.
28c2075c1e4286319cc937a5d2585bf98b1ac3991c45cf7ef0e9bb1a1fa81964
Riorey DDoS mitigation appliances suffer from a very poor design vulnerability where they have a hardcoded root login and password for automation. Fail!
29c26502b9e544b424841c7d7e3ccd28614e8629e9e6f9e8c76dac87a75fd345
The VSFLEXGrid component of the SAP GUI is susceptible to a buffer overflow vulnerability.
04d60f014b9f2a3d08a47e1adb8e4bb8844b3ade41a517d5445b1dd291408bc4
Multiple security vulnerabilities have been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders. The vulnerabilities could be exploited remotely by Cross Site Scripting (XSS).
032340f6ad00d3fd6574a58ec760211cc4ca9e551c56263295c9d5478714ff05
iDefense Security Advisory 10.07.09 - Remote exploitation of a stack based buffer overflow vulnerability in IBM Corp.'s AIX could allow an attacker to execute arbitrary code with the privileges of the affected service. rpc.cmsd, more commonly known as the Calendar Manager Service Daemon, is an RPC application used to manage schedules and calendars. It operates over SUN RPC. The vulnerability is triggered when handling a request for remote procedure 21. This function takes two arguments, both of which are XDR strings. When copying the first argument into a stack based buffer, the code does not properly verify its length. This results in a stack based buffer overflow vulnerability. iDefense has confirmed the existence of this vulnerability in AIX versions 5.3 and 5.2.
e622abe9b0845daaab5cfe3b95d2641f11a23e3387e454d48596ac147be98ab7
Debian Linux Security Advisory 1903-1 - Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS.
6d5179b5aeb249da4cccef2f2c75a9a35492f1a8e89f9bbfd1ebd39b5ba9fb5f
Ada Image Server version 0.6.6 SEH overwrite exploit. Written in python. Binds a shell to port 4444.
d87bfb3e20915566a05ab76213e11a737937addc368ddc45c29a3fc9b3288009
Mandriva Linux Security Advisory 2009-258 - A regression was found with the self signed certificate signatures checking after applying the fix for CVE-2009-2409. An upstream patch has been applied to address this issue.
ae264392410c356f15e323a1579630a82677a08a2427e39a21de50cb2e69fd12
Aiocp version 1.4.001 suffers from additional remote file inclusion vulnerabilities.
d5f3c3ea2de07e6a0210370e40412708d788a12a573295f2e9b02d40a734c2fd
HP Security Bulletin - Potential security vulnerabilities have been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders. The vulnerabilities could be exploited remotely by Cross Site Scripting (XSS).
dee6572b2f13d5c018e94984cef0ef071e52601d32d372abf35ff88651969613
BulletProof FTP Client version 2.63 build 56 buffer overflow exploit that creates a malicious .bps file.
54feb16effffb6293466f4c1bec363d91cd5eb8e7dc5e168d2470fdcaa911483
The Joomla Recerca component suffers from a remote SQL injection vulnerability.
918fd128c5b2063a82b782b1023a1fc630b16609a39c38665e043e91dd4b2b13
origami is a Ruby framework designed to parse, analyze, edit, manipulate, forge, exploit PDF files. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and/or analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.
03d625dd6742e83e1cf1e7aada8ac8204c837386922d724032600a741c8dd32d