Gentoo Linux Security Advisory GLSA 200510-08 - Ulf Harnhammar discovered a format string bug in the routines handling CDDB server response contents. Versions less than 1.1.0-r5 are affected.
ce94a8fc639d56ec96af2321cef16e9a8cb629d6d971413c73b76c58935f612c
PHP Counter is susceptible to cross site scripting and SQL injection vulnerabilities. Exploitation details provided.
fe6f83fddf807501ff863ae0df830e71a2e3dffac6cbb41176b5e850d230df7e
Proof of concept exploit for the remote format string vulnerability discovered in the xine/gxine CD player. The vulnerable code is found in the xine-lib library that both xine and gxine use. The vulnerable versions are at least xine-lib-0.9.13, 1.0, 1.0.1, 1.0.2 and 1.1.0. Patch available here.
ae1c511af9c5fd4967684e6f3287c7f4fca6594afee4b7ff717ad17350d3071f
Patch for the xine/gxine CD player that was found susceptible to a remote format string bug. The vulnerable code is found in the xine-lib library that both xine and gxine use. The vulnerable versions are at least xine-lib-0.9.13, 1.0, 1.0.1, 1.0.2 and 1.1.0.
6e77aa5381a31e060d00c8af9e23be5266d5a7c218794981c37b49ec78e5e54b
The xine/gxine CD player is susceptible to a remote format string bug. The vulnerable code is found in the xine-lib library that both xine and gxine use. The vulnerable versions are at least xine-lib-0.9.13, 1.0, 1.0.1, 1.0.2 and 1.1.0. Patch available here.
1aea14a58fd32bca633044be383cec8a50c14ce68e2981888d358c4b5a246842
Debian Security Advisory DSA 849-1 - Supernaut noticed that shorewall, the Shoreline Firewall, could generate an iptables configuration which is significantly more permissive than the rule set given in the shorewall configuration, if MAC verification are used in a non-default manner.
bf2c2f0c78b7eb0bfed1de6754eba45504ef7b8ada97d9b04f53aba1cb0ec2e3
Debian Security Advisory DSA 848-1 - Jens Steube discovered two vulnerabilities in masqmail, a mailer for hosts without permanent internet connection. When sending failed mail messages, the address is not sanitized, which allows a local attacker to execute arbitrary commands as the mail user. When opening the log file, masqmail does not relinquish privileges, which allows a local attacker to overwrite arbitrary files via a symlink attack.
f7f59ad84fbb01fe499aa54d77b5c6413626d30e33b3ee7d24987261d3132c5b
Debian Security Advisory DSA 847-1 - Joxean Koret discovered that the Python SVG import plugin in dia, a vector-oriented diagram editor, does not properly sanitise data read from an SVG file and is hence vulnerable to execute arbitrary Python code.
6c65844793ba31d943e00a8ab86d202a56b4e5e33bcd39c77358b0873169965e
Cyphor version 0.19 suffers from SQL injection and cross site scripting flaws. Full proof of concept exploit provided.
e2024c715e0493e8c0fc2ac8ef88c0b249a80be26526a4ab811731ab42839272
Mandriva Linux Security Update Advisory - faxcron, recvstats, and xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. In addition, HylaFax has some provisional support for Unix domain sockets, which is disabled in the default compile configuration. It is suspected that a local user could create a fake /tmp/hyla.unix socket and intercept fax traffic via this socket. In testing for this vulnerability, with CONFIG_UNIXTRANSPORT disabled, it has been found that client programs correctly exit before sending any data.
62d8e72fae9a4a68d6e24a2850d05bb819ea9695193453de5c40931f5182a02e
Mandriva Linux Security Update Advisory - Miniserv.pl in Webmin 1.220, when full PAM conversations is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
a2567dded228c5c8e1ec16208f680d5d1cc3614ecdb6712bdc01b2a5284525a6
An Anti-Virus bypass flaw has been discovered that slightly varies from CVE-2004-0932 and CVE-2004-0937. It makes use of a specially crafted archive. Full exploitation details provided. Appears to possibly affect all anti-virus products.
f92e703b893d5f4977d69da5d703d39b71d420ebaa92636377f76293e213638c
Whitepaper as well as presentation slides entitled 'Anti-Virus in the Wild' that were presented at the Virus Bulletin 2005 conference in Dublin, Ireland.
edc0b15a49a168b1ba8e246aa35f5afb2f575f8a05bab99c33acb9a984c4d3b8
This whitepaper discusses five creative methods used to overcome various stack protection patches. It focuses on the VA (Virtual Address) space randomization patch that has been integrated into the Linux 2.6 kernel. These methods are not limited to this patch, but rather provide a different approach to the buffer overflow exploiting scheme.
e9f9fca0cde5490a18a26b4d4fb35eaa3fbf6d5db5c35bb6958afad8ec2a7705
Debian Security Advisory DSA 846-1 - Two vulnerabilities have been discovered in cpio, a program to manage archives of files.
c665205959ec8f3619720b2de74392a8140fdb744d012e6f45e8a52f82aa1760
HP Security Bulletin - A potential security vulnerability has been identified with Apache running on HP-UX where the vulnerability could be exploited remotely to bypass client-based certificate authentication and gain unauthorized access to certain web pages.
236ac9f717d5af9a85f8bb1175d7955ec053fed46743ec7fd8f31ab7e23f6953
The Oracle Forms servlet can be used to cause a denial of service against the TNS Listener.
72d657c9d34a08163e0ac91b91a9aecbea265ce6791086334997b32c828e111f
The web interface for iSQLPlus in Oracle Database 9.0.2.4 can be used to cause a denial of service against the TNS Listener.
ab783831ce9a6285a953756ea16236eef2b4d64b31bed4e8bbd16eb3b6fcc156
The XMLDB in Oracle Database 9i Release 2 is susceptible to cross site scripting attacks.
f60d5590bc2279e0eb2f276fa15e511bb23e3ee2dfdb2f652d24eead062a25fd
Oracle Database 9.0.2.4 with iSQLPlus is susceptible to a cross site scripting flaw.
4e46dcca1545f3b988b96e9d9519b788e4170a780349fceb576370c8407df3be
During the manual installation process of Oracle HTMLDB, the SYS password is logged in plaintext into the file install.lst.
8aade996b0fb6512d99be5ac7c4565565139723d4135a6aaeb91226a61a3af85
The Oracle HTMLDB contains some cross site scripting vulnerabilities.
d2f371949cb27d269d5b9249b1197ca0e6160b0e34383d38e2056e71438de8db
Aenovo is susceptible to multiple SQL injection and cross site scripting vulnerabilities. Details provided.
43a29a44230d7d18568c832c99fa41dce36ae895792641634b5197bb81828619
Gentoo Linux Security Advisory GLSA 200510-07 - c0ntex reported that RealPlayer and Helix Player suffer from a heap overflow. Versions less than 10.0.6 are affected.
127d14301c6ba98adde54ef43406dd14da2c07c3ce731e1532bbed96614ae764
MailEnable proof of concept exploit for the W3C logging vulnerability. The shellcode used actually renames the vulnerable binary to disable the system from being vulnerable.
c9cdae7c9b4feeea86406fb868c994266fb649ece1b3e7eccb2bbcc0360a1efa