Zero Day Initiative Advisory 10-294 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of multiple products from multiple vendors that utilize the Uni RPC protocol. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Uni RPC service (unirpcd.exe) which listens by default on TCP port 31438. The unirpc32.dll module implements an RPC protocol and is used by the Uni RPC service. While parsing a size value from an RPC packet header, an integer can overflow and consequently bypass a signed comparison. This controlled value is then used as the number of bytes to receive into a static heap buffer. By providing a specially crafted request, this heap buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.
0208958c1064611e6f5ae2711eeae42691474fea4bbf89a18187ab50583f03d9
228 bytes small Microsoft Windows XP SP3 EN null-free connect-back shellcode.
f479655dd1a787f16319c2aa2c1b0ea89bee260f63461bb68610d3657e69e28b
Babil CMS suffers from an insecure cookie handling vulnerability.
9007baac590ba95a829db7eed5cff3b1ba08f53617f9a67c7785737b5af6d32c
Mandriva Linux Security Advisory 2010-251 - Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are vulnerable to XSS attacks due to some characters being converted to angle brackets when displayed by the rendering engine. Google security researcher Michal Zalewski reported that when a window was opened to a site resulting in a network or certificate error page, the opening site could access the document inside the opened window and inject arbitrary content. Various other security issues were identified and fixed in Firefox.
05972126f4f852ff5694fe497d3eae332b473cd1e4ac318afd6d7c055df3c73b
Zero Day Initiative Advisory 10-293 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP StorageWorks Storage Mirroring. Authentication is not required to exploit this vulnerability. The flaw exists within the DoubleTake.exe component which listens by default on TCP port 6320. When handling an incoming packet the process blindly trusts a user supplied length for a copy of arbitrary data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
7e0ed22957a6eb5652eb36fdd82ab9d9c7e25b6087da4ce3ea0486aceb35678e
Mandriva Linux Security Advisory 2010-259 - A null pointer dereference due to receiving a short packet for a direct connection in the MSN code could potentially cause a denial of service.
09bc6f1483deb8a84257c1e9af6d1dba1cdfed7d771b2bc3506329808b33480a
Embedthis Appweb Web Server version 3.2.2-1 suffers from a cross site scripting vulnerability.
3bf0eb7266128b20d987e0ca5fdc2ac3b08bde1c94aa4b5000b8e3bb3f0ca62a
Django suffers from an admin list filter data extraction vulnerability.
0df42c652e8f3a5dd96c219a186deee3bc86b62a4050d27531933efc4d5db86e
Social Engine version 4.x suffers from a shell upload vulnerability.
2b51eb97564b90f34b241b7f3f718a48ae6e818122ad2237c0e4eacb7282e44a
LoveCMS version 1.6.2 suffers from a local file inclusion vulnerability.
00559a355fe23c2a74f454674ea65b1317e7a370d18f6da6945d680761bbe381
Secunia Security Advisory - A vulnerability has been reported in PCSC-Lite, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
cdc9b4d71e531ce61cb556abba407e75d9fc4966d5a54da3bc97e51e0f56d7e1
Secunia Security Advisory - Some vulnerabilities have been reported in OpenSC, which can be exploited by malicious people to compromise an application using the library.
bb1f7a781118479d3a5ad037e7c57988f5db37b02879c108439befee88d5f786
Secunia Security Advisory - A vulnerability has been discovered in BEdita, which can be exploited by malicious people to conduct cross-site request forgery attacks.
c6231e49a4a33577179445151d92e79449a75f3ca12deef1fbf9302d76676fbc
Secunia Security Advisory - Mark Stanislav has discovered a vulnerability in Pointter PHP Content Management System, which can be exploited by malicious people to bypass certain security restrictions.
07dbf84954a167e49bbf9d01e42ed4463e5d53b22c9fa167ddc230e39e5397df
Secunia Security Advisory - Slackware has issued an update for bind. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions or cause a DoS (Denial of Service).
29b3b54e7ff2a76c43621f708c2d69ea3f16573d2b148e6399d632f59704a6b8
Secunia Security Advisory - A weakness has been reported in BlackBerry Desktop Software, which can be exploited by malicious people to conduct brute-force attacks.
55e3a2d767c40f10bccbc43e369c1d7be4ea4c252a40f04eed4b3423b9c4df5f
Secunia Security Advisory - A weakness has been reported in BlackBerry Desktop Software, which can be exploited by malicious people to conduct brute force attacks.
9d4765023a556f6a233592d4de4fdcb0c34af52c5e701398d85643d077df3ff1
Secunia Security Advisory - SUSE has issued an update for java-1_4_2-ibm and IBMJava2-JRE. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, and compromise a vulnerable system.
c3142d1904c62ee9acaae54bf44372c2c48ed89c155d79e822392c577a6022f6
Secunia Security Advisory - Multiple vulnerabilities have been reported in the Views module for Drupal, which can be exploited by malicious people to conduct cross-site scripting attacks.
36fcc19ab95f94edc816126dc127ba3aaacb80492ebb0064a90c4067569ee64f
Secunia Security Advisory - A security issue has been reported in HP StorageWorks Modular Smart Array P2000, which can be exploited by malicious people to bypass certain security restrictions.
8f9692c551eebbda1eaaa8ccf8b2d662b5b87a582a3b8032807ebf017b303390
Secunia Security Advisory - A weakness has been reported in HP Insight Management Agents, which can be exploited by malicious people to disclose potentially system information.
fc4c014633bc02dcc36ea4ce038cde7f44f2e60c5816b331f504bcaf2c87e0de
Secunia Security Advisory - Red Hat has issued an update for java-1.6.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, and compromise a vulnerable system.
f0633cbc839f663231cb2c351016ee72d3e69d58f7de81beddcffe46f26377f6
Secunia Security Advisory - Fedora has issued an update for the kernel. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose system information, cause a DoS (Denial of Service), and gain escalated privileges, and by malicious people to cause a DoS.
9545595fad3df621da4c8f4798487ebb056d002bdd30f82925a4289de8c20df4
Secunia Security Advisory - Fedora has issued an update for ImageMagick. This fixes a weakness, which can be exploited by malicious, local users to gain escalated privileges.
a117c7ecd0c94467bb3e91389502de133772b0f63b3caa1b6050bfa5e4ea3bd7
Secunia Security Advisory - Two security issues have been reported in Django, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to cause a DoS (Denial of Service).
0d4579f7a78a9e39e831bb594b9f88c7b830e4a6bcd68c7a9670237fb0319679