Mandriva Linux Security Advisory 2009-059 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current X-Chat working directory. This update provides fix for that vulnerability.
55eb7ee2984a0261f4e1d3e3a07fbf4f4009ab5f3c9d743c92ba52b69507a769
Standalone MS vulnerabilities network scanner to help identify systems vulnerable to the MS08-067, MS08-065 and MS09-001 (Microsoft Bulletins) flaws. The utility operates in PenTest mode. This requires no special rights to detect network nodes without updates. System administrators and security professionals can use this utility for fast and easy discovery of vulnerable systems and install appropriate patches according to the scanning results.
2bdf2716256a2217e4805774bd00ee7462ab93d456eb875a7c5abd1985f9bbaf
This is the IETF Internet-Draft entitled "On the implementation of TCP urgent data". This document describes current issues relevant to the implementation and use of TCP urgent data, aims to change the IETF specifications so that they accommodate what virtually all implementations have been doing with urgent data.
384e21ff4feb6dfa943d320a646ab513ba681507acc08360bf5b6874ae7476f9
Proof of concept denial of service exploit for the HTC Touch vCard over IP that sends vCards to port UDP/9204.
c765fa0e718759e83c56f58ce3ea7a9a7b76a3590eecefea18f32a537ef6cbe7
The Drupal Protected Node module version 5.x-1.3 suffers from a cross site scripting vulnerability.
dcd44c3b5242e68b940cdd1302aa3dbd16f87c2e5b6c95fd3fca6549fc1e4e3a
POP Peeper version 3.4.0.0 UIDL command remote buffer overflow SEH overwrite exploit that spawns a win32 bindshell on port 55555.
5e1096ecb0bce0b064f117ba74b2a5a09ddcb5529a2b555bff5980f790a314d9
POP Peeper version 3.4.0.0 suffers from an UIDL command related remote buffer overflow vulnerability in the client.
1e2bca809abe96062727e81100e29a2caa524e9c2a45aa5c22fef4d479395bb4
Whitepaper called Perl Writing Exploits. Written in Arabic.
8b6ebd0bae043cda7951d31659e23e0a59f730f5f0df37b0be58a868eb73a141
Whitepaper called Playing With Cookies (ST1). Written in Morocco darija.
541fa78c66c0da566d9639891ff8d89f721449423e844711b1a2cc4a9b923263
Drupal suffers from a local file inclusion when used on Windows.
9cd8ddc53a2fc1d8ef6a9b1fa8eaf39c6f24a1d28ccd8585ce811951ee8eda6f
SHOUTcast version 1.9.8 suffers from a user-agent related cross site scripting vulnerability.
78ef0155f1f5cd68e8fc39a592bcf28c4b6f8891eeab746f720dd6ee8148e0ec
VMware Security Advisory - A heap-based buffer overflow was discovered in the way ed, the GNU line editor, processed long file names. An attacker could create a file with a specially-crafted name that could possibly execute an arbitrary code when opened in the ed editor.
e543e4b89812eead2fd7b1d444b7c2ef8891ecc6969a7a5e7ee04258d84bc0f0
Whitepaper discussing clustering. Written in Spanish.
a5b88fe70b00f0bf9be9f34f7ba605b8bec0c3a01d27597bd53d8c9c1d80d0a6
65 bytes small linux/x86 file reader shellcode.
fd10b2fd7fbb22a457485319a83d04f6f9f26116a56e86dcef0e4f4c6aa4fb0f
111 bytes small win32 telnetbind shellcode. Written for XP SP2 FR.
2e9b2d353a417870ea61f15d06c81e4efd2a3f2ece8a551ed3b68fee7d8fdd4a
Ubuntu Security Notice USN-725-1 - It was discovered that Kmail did not adequately prevent execution of arbitrary code when a user clicked on a URL to an executable within an HTML mail. If a user clicked on a malicious URL and chose to execute the file, a remote attacker could execute arbitrary code with user privileges. This update changes KMail's behavior to instead launch a helper program to view the file if the user chooses to execute such a link.
0720b51cfb167d8912eefe611fa89ddc0715d03dc3005b9646d1dd9b7741d7ee
Debian Security Advisory 1728-1 - It was discovered that dkim-milter, an implementation of the DomainKeys Identified Mail protocol, may crash during DKIM verification if it encounters a specially-crafted or revoked public key record in DNS.
d3a85852dfce03b4feddf0d2e3616c6cbb96a88d3f5d2e4938afa023778ebead
SkyPortal Downloads Manager version 1.1 suffers from a contents change vulnerability.
2a03e81da18dbc7cba3445084e2fdc48056791f934b463f0b52121af312e1b17
Irokez Blog version 0.7.3.2 suffers from remote blind SQL injection, remote file inclusion, and cross site scripting vulnerabilities.
1ea8ca215106691168dea202db81f3f56afaa1e2eab04ad773942883417344db
Hex Workshop versions 6 and below .hex file local code execution exploit.
3c7173ddd241e394771edeb7a79afaf725f7dfc676e84e70b541e915bbaa6834
Orbit versions 2.4 and below long hostname remote buffer overflow exploit.
19a23b7fac23f4df28d99579e4770093121a516e730191f0f07c93a2b07b394a
Mandriva Linux Security Advisory 2009-058 - Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. This update provides Wireshark 1.0.6, which is not vulnerable to these issues.
ddb4006c7015936435473f87e6d8c0499a415d098158e2dbeffb532892a0eb42
Demium CMS version 0.2.1 Beta suffers from local file inclusion, remote SQL injection, and file disclosure vulnerabilities. Full exploits included that perform local file inclusion and remote command execution leveraging both local file inclusion and SQL injection.
b101c63b28fd04922859e97761abeb7fbf14793b22ee253afcde294a8f958e80
Secunia Security Advisory - Some vulnerabilities have been reported in PHP, where some have an unknown impact an others can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service).
1c7df4c023ffdd277b986027a04ca901fa798ce414a4997a5df184f6a720ac0b
Secunia Security Advisory - Debian has issued an update for python-crypto. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
ab9ab455d2633d543a9f1edfb0effdcc1f34b8ad6e0a8716999a85d43a25bdf7