Ubuntu Security Notice 1286-1 - Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. Various other issues were also addressed.
6043a3fbf2080a512662c349ee447bed0a78df45f28b48e5909b135726bd239e
Whitepaper called Indexed Blind SQL Injection. Time based blind SQL attacks suffer from low bit/request ratios. Each request produces only one valuable bit of information. This paper describes a tweak that produces higher yield at the expense of a longer runtime. Along the way, some issues and notes of applicability are also discussed.
84e74daa46ea6185f1c1f4ee9764bc2315f2a4cf39e46f8dfcea99039a5ecb21
AlldataSheet suffers from a cross site scripting vulnerability in view.jsp.
d0be3decf4ecc68139c1346f821272547344f5eaba34924b922e0eb54fcbf721
This Metasploit module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659), which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a different port; if you start it standalone it will run on port 4660.
e325ea7c310110db0d0e34758f28771015fc9185c9f35054df350536e370ced2
This Metasploit module exploits a stack based buffer overflow in CCMPlayer 1.5. Opening a m3u playlist with a long track name, a SEH exception record can be overwritten with parts of the controllable buffer. SEH execution is triggered after an invalid read of an injectable address, thus allowing arbitrary code execution. This Metasploit module works on multiple Windows platforms including: Windows XP SP3, Windows Vista, and Windows 7.
b1838839c525c11d9b53cae384041c70a3a02194b24bf115638e1db8ac88a5f5
52 bytes small Linux/x86-64 execve(/bin/sh) shellcode.
b085392d44827f904a32929b6caeac38668907ff2075dc9550154ce0ab29c36f
NJStar Communicator version 3.0 MiniSmtp buffer overflow exploit with ASLR bypass.
0b7da0b7c7134272e31478cea7b4b013563a075161c8cc011b32e019d9b3d3de
Secunia Security Advisory - Gjoko Krstic has reported a vulnerability in Hero Framework, which can be exploited by malicious people to conduct cross-site scripting attacks.
5b0e412342c8782357b48faac887d0be90519bf791fc1cd4c1a774e2eb1ac41e
Secunia Security Advisory - HP has issued an update for BIND in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
2bc382dd3c689e925b9988b105504a5fec60ca95d2962b9322420c00b8ce671e
Secunia Security Advisory - Red Hat has issued an update for cyrus-imapd. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
5615e5c67e2cd4a947b4f1822d03c2a42699973015b585edaca75b8708ad14f9
Secunia Security Advisory - SUSE has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).
651d4d2e23efb2efa8a5e736c92b46f96cc5212706d59c3faf493f8125968981
Secunia Security Advisory - A security issue has been reported in the PAR-Packer module for Perl, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
58c6ca20753a25849db339ac22e2ae944747be2205bdbc0a4dafb8a394b7af3c
Secunia Security Advisory - A security issue has been reported in the PAR module for Perl, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
157e1a4c44fd0b3be7d612004b08d965d9aab3dda90bfebaf990325237997514
Secunia Security Advisory - Debian has issued an update for openjdk-6. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, and compromise a vulnerable system.
ffec8379e285615dc2a2aa64f9134e0c26f97f8312def5cff955563ab0199aae
Secunia Security Advisory - Stefan Schurtz has discovered a vulnerability in Ariadne, which can be exploited by malicious people to conduct cross-site scripting attacks.
aa3749e7b98a5b911f47c4991c8d8829ec6fb476915d007aee972963c0b646b8
Secunia Security Advisory - High-Tech Bridge SA has reported a vulnerability in HP Device Access Manager for HP ProtectTools, which can be exploited by malicious people to compromise a user's system.
96f5d16f2c555fa2aaa8922f0ad421a720f673c576f9020ae54c09a299518ab4
Secunia Security Advisory - High-Tech Bridge SA has discovered two vulnerabilities in SugarCRM, which can be exploited by malicious users to conduct SQL injection attacks.
24d31ab9817d1fa934d817d645c04f4bff8788a9329798e6a8627d0d27fba178
This code is a proof of concept that demonstrates history extraction in Firefox through non-destructive cache timing.
cbb18dbf852eed470c1735fe94fe71da7a9d688fa9c6f2a7c8668720d84a7c08
Nixory is an innovative, fast, and powerful anti-spyware program, with a user-friendly graphical interface. It protects Mozilla Firefox from dangerous spyware and harmful cookies. Platform independent source tarball.
7868fe33902327ce3a552f50dc3b73cf3b3a2f80765f6d972c0d8cbedad17fc6
HP Device Access Manager for Protect Tools Information Store versions prior to 6.1.0.1 suffer from a heap memory corruption vulnerability.
8c5130001eada0160e3dd77d56ccf4b9801e81f2792039461e1bebc3eb0b5821
WSN Classifieds versions 6.2.12 and 6.2.18 suffer from cross site scripting and remote SQL injection vulnerabilities.
ec80bf8c704d3c2fbc67354cdd3cb78d2fa65092e98866d3233b3ed135e38b06
A MAC changing utility that uses both ifconfig and GNU-Macchanger (checks if mac changer exists, if not, uses ifconfig) to spoof ones MAC with a totally random value. Written in Python.
be6130bf64c1b4bd8dff08738fd95e00e2600a3558797364ad485593266a1157
Kayako Fusion suffers from an authenticated database information disclosure vulnerability.
cc1dab82ec0f475319794b7ce744899d7353c572499294e47c04bbaeb46a0e73
HP Security Bulletin HPSBHF02723 SSRT100536 - A potential security vulnerability has been identified with HP Protect Tools Device Access Manager for Windows. The vulnerability can be remotely exploited to cause execution of arbitrary code or Denial of Service(DoS). Revision 1 of this advisory.
1c3e885e054278ea06a9eb7a42554c3dffc46b649801638b333a7dffdedb41d8