Sec-1 has identified an exploitable Buffer Overflow within Collaboration Data Objects (Cdosys.dll and Cdoex.dll). The vulnerability exists when event sinks are used within Microsoft Exchange 2000 or Microsoft Mail services to parse e-mail content. Several Content Security packages were identified to be vulnerable/exploitable.
26ed9986f1acd0482d2a4dccf8225ecf63c139f2483c559189427de3f59962e6
Secunia Security Advisory - Secunia research has discovered a vulnerability in Novell NetMail, which can be exploited by malicious people to compromise a vulnerable system.
f8e1c8982ddd568bdaa04cbbaa188d76d77584766b5a3e63ef0f913a740f596e
Secunia Security Advisory - Gary O'leary-Steele has reported a vulnerability in GFI MailSecurity, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerability system.
0c2b4d80787040a9db90caa6ccb0855579b34329590783f31fabd611f55d8e9d
Secunia Security Advisory - Red Hat has issued an update for openssl. This fixes a vulnerability, which potentially can be exploited by malicious people to bypass certain security restrictions.
11f969fd18f1c5567c1c008aff7b49a15926fed0cec1a01d5af55203f929cc2e
Secunia Security Advisory - Red Hat has issued updates for util-linux and mount. These fix a security issue, which potentially can be exploited by malicious, local users to gain escalated privileges.
796abeb5c1160d0e80ce304a079761f63bf7ba0f65ec061b16fd511a3eae1715
Secunia Security Advisory - Ubuntu has issued an update for sqwebmail. This fixes some vulnerabilities, which can be exploited by malicious people to conduct script insertion attacks.
20ec29921b017448e2747317efb12bd39c3c2f7a8bb169913161bfa635530a24
Secunia Security Advisory - A vulnerability has been reported in WebGUI, which can be exploited by malicious people to compromise a vulnerable system.
90eb93af937a6880a6058e3ebc56857bcbb5577e7ce2c954f7d6674213619795
Secunia Security Advisory - rjonesx has discovered a vulnerability in Xeobook, which can be exploited by malicious people to conduct script insertion attacks.
ed97ed152a1cc3bc4484c8f3e191f171d83549ed5a808ebb774e4d9f7e80f19a
Secunia Security Advisory - Ubuntu has issued an update for koffice-libs/kword. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
80c2f04f2495e9a6e0cab35d78ee80002a6146695bf3e7f653387dece7298c32
Secunia Security Advisory - rgod has discovered some vulnerabilities and a security issue in versatileBulletinBoard, which can be exploited by malicious people to disclose system information, and conduct cross-site scripting and SQL injection attacks.
c63d22952d4e4083794c0ff2e91df25c0882335d9071f5c5ae710b7e9df0e03f
Secunia Security Advisory - trueend5 has discovered a vulnerability in ZeroBlog, which can be exploited by malicious people to conduct cross-site scripting attacks.
9f7bcf6bfa08f0d887a67e354e84582a269efb5f66ca517b52eded4e13079991
Secunia Security Advisory - Mandriva has issued an update for squid. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
8f998196c604b7908598e2298999cce80114e6574978331bf39fb4e8a5fab1f9
Secunia Security Advisory - Mandriva has issued an update for openssl. This fixes a vulnerability, which potentially can be exploited by malicious people to bypass certain security restrictions.
28d222e05eed179cb10f86ff9f1b7e68e05741627fcb336b6aaeb5886abf59c5
Secunia Security Advisory - Mandriva has issued an update for xine-lib. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
ff846d8ee57f5df086eeda8e933a6b2ae95d7dd5794db39d5d3c9e14854fa943
authfail is a tool for adding IP addresses to an ACL when entities from those addresses attempt to log into a system, but cause authentication failures in auth.log. It reads data from auth.log in real time and adds the IP into netfilter with a DROP/REJECT policy.
04e48386360e57b79d2b505156aeb0ffde4c2dff3b0ec8ec374a1c797baa5c1c
arpalert uses ARP address monitoring to help prevent unauthorized connections on the local network. If an illegal connection is detected, a program or script is launched, which could be used to send an alert message, for example.
a8a3511b4e96672440462995513f0b3217988917cd4e47999dc3c2b6ea24253a
Computer Associates iGateway debug mode remote buffer overflow exploit.
eb2f060cb021814eceb8d676c581c3305e770af0f0a090582fa6e48d9e8636f1
Remote phpBB 2.0.13 command execution exploit that makes use of admin_styles.php.
5d4140ceeaab7a8f504dc6a59c12242e4984f6aa36436892fa64cef8d7583eaf
IE Security - Past, Present and Future. Tony Chor outlines the threats to secure browsing, discuss Microsoft's response with Internet Explorer for Windows XP SP2, and details the implementation of safety features in the upcoming Internet Explorer 7.0, such as the Phishing Filter and Protected Mode (the feature formerly known as Low Rights IE).
5d6c688b8b387dfa57b467d005c434337fed685c161d1c618d8d6c06008a90c8
Assessing Server Security - State of the Art. The talk takes into consideration the progress that has been made in web server security over the last few years, and the progress that has been made in attacking web servers over the same time. The paper visits the new vulnerabilities introduced by web applications and discuss the thinking applied to discover such vulnerabilities. It finally describes the state of the art of web server scanning technology.
100459d29fc8945bc761d6a2ccc7ce82103b8f31e835d98cf9a6ae54e18497c5
Hacking Windows CE - This paper shows a buffer overflow exploitation example in Windows CE. It covers knowledge about the ARM architecture, memory management and the features of processes and threads of Windows CE. It also shows how to write a shellcode in Windows CE including knowledge about decoding shellcode of Windows CE.
0059aabe36954e204cefd4c2178f8ecdb73547bbf11e9a1e9d1a7ac84f2f8d78
iDEFENSE Security Advisory 10.11.05-2 - Remote exploitation of a denial of service vulnerability within various versions of Microsoft Corp.'s Windows operating system allows attackers to cause the msdtc.exe process to crash. The vulnerability specifically exists because of a flaw in processing responses from foreign servers. iDEFENSE has confirmed the existence and exploitability of this vulnerability in Microsoft Windows 2000 SP4. All versions of Microsoft Windows with the vulnerable service running are suspected vulnerable.
a63cf4967cd5a40e9e24e06f576538ffe355dbf264513d5777e8fab6283093e8
iDEFENSE Security Advisory 10.11.05-1 - Remote exploitation of a denial of service vulnerability within various versions of Microsoft Corp.'s Windows operating system allows attackers to flood systems with connection attempts from legitimate MSDTC servers. The vulnerability specifically exists because of the functionality in the TIP protocol that allows a remote IP address and port number to be specified for a connection. iDEFENSE has confirmed the existence and exploitability of this vulnerability in Microsoft Windows 2000 SP4. All versions of Microsoft Windows with the vulnerable service running are suspected vulnerable.
9bc8c739e48f0dd0498ba340fd864efa38fbdb082cc9bf7d5dc286e724398805
ZeroBlog versions 1.2a and 1.1f are susceptible to cross site scripting attacks.
bea71f694efcc79089a11410c0f538c2188a915129447a7392dd2f94f253781a
PhpShop is susceptible to SQL injection attacks. Details provided.
288a5ea99da83c0773c6144310da7061e893ff7feeed0f69d24e6195255b41af