SkyPortal WebLinks version 0.12 suffers from a contents change vulnerability.
7aafa1da61786fb87d31bac8d19d6a7dd5136f8a146ddb6992543af25db888e7
SkyPortal Picture Manager version 0.11 suffers from a contents change vulnerability.
daa3082a33f397255d1a05615bc0033abd58f185c852100f563b9153e9e2bff2
SkyPortal Classifieds System version 0.12 suffers from a contents change vulnerability.
b25fdfd2ccbd25222985fc7fc6f708edb1fb59202cbb317a9067228e0e579af0
Secunia Research has discovered some buffer overflows ksquirrel-libs, which can be exploited by malicious people to compromise an application using the library. The vulnerabilities are caused due to boundary errors within the "mt_codec::getHdrHead()" function in kernel/kls_hdr/fmt_codec_hdr.cpp, which can be exploited to cause stack-based buffer overflows by e.g. tricking a user into opening a specially crafted Radiance RGBE (*.hdr) file. Version 0.8.0 is affected.
eb1d8112400b196dea2591dccfd81df121f28ffaee5ad333a604b160533fee4e
Secunia Research has discovered a vulnerability in SHOUTcast DNAS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when receiving data from a relay master server. This can be exploited to overflow a static buffer by tricking a SHOUTcast admin into setting up a server to act as relay for a malicious server. Successful exploitation allows to e.g. overwrite the password of the web administration interface. Version 1.9.8 is affected.
2d7b85e2f2f5d2dc651c63804b70e4fb20f7e54604685f128142095eef9b9acd
Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco Application Networking Manager (ANM) and Cisco Application Control Engine (ACE) Device Manager applications. These vulnerabilities are independent of each other. Successful exploitation of these vulnerabilities may result in unauthorized system or host operating system access.
0f16dc8eb3c4018632232f216a4fff3a707aaf6894267ca2b15a1c4bb1f339cd
Cisco Security Advisory - The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine Cisco ACE Module and Cisco ACE 4710 Application Control Engine contain multiple vulnerabilities that, if exploited, can could result in administrative access, privilege escalation, and denial of service conditions.
21613419103799fc852a5f672fc0e98ebc60990ec3ec131cb87cc6938cc64d76
Cisco Security Advisory - Cisco Unified MeetingPlace Web Conferencing servers may contain an authentication bypass vulnerability that could allow an unauthenticated user to gain administrative access to the MeetingPlace application. Cisco has released free software updates that address this vulnerability.
2f4ac0a59461989a540256dd74f76a1c81666efbe5df31943db981eda2c53f55
Debian Security Advisory 1726-1 - Mike Wiacek discovered that a buffer overflow in the ARC2 implementation of Python Crypto, a collection of cryptographic algorithms and protocols for Python allows denial of service and potentially the execution of arbitrary code.
ba165e0a0e50093403abd4d48c8645ca1d66ff27f61ea2a6a3e92f78fb2caa4d
Apple Safari 4 Beta suffers from a NULL pointer dereference denial of service vulnerability in relation to the feeds handler.
2a2602ebbdda5234530d8b159eb8732d4ae55700178e1a03437137bc29fb4961
Mandriva Linux Security Advisory 2009-055 - Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a.gro file containing a long string. The updated packages have been patched to prevent this.
ae1f1654d4936b7ec0e959946a7bb87bac1fc867b7d2764838172b46977fcb54
LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc. This version of the rootkit is specifically ported to work on Ubuntu 8.04 with the 2.6.24 kernel. No backwards compatibility is provided. The modified rootkit was simply meant as a proof of concept for a book. The documentation was not updated to reflect the changes and this was submitted to the site anonymously. Use are your own risk.
4328023a68a04ed6b7e159bb91a29b0c38de5eb14dda0d149ea8a62073244c4d
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
e80b5d0eb3331fc5a2b7bc3a0206cbfc52e68b0ae09ad7d5789d5655275a662c
libaosc is a library for converting x86 shellcode into randomized ASCII-only shellcode.
7936ef2befe0286195d1550bf335ecf775a0fea75bdcab763e2f4930de121a89
JOnAS version 4.10.3 suffers from multiple linked cross site scripting vulnerabilities.
afaea5fdb0d376744371773e337421514069179b0a7143706b6fb2a2558a6b31
HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to gain unauthorized access or to create a Denial of Service (DoS).
d37b09bcab75b8427f588b5b4b8642558b4a16897f76f295aef185f0b48fd683
The call for papers for SEC-T 2009 has been announced. It will be held in Stockholm, Sweden.
08e3bd9dd1314c77ac1df1221a2d87bac1b9b0d9c0c1009ad3197e85e1a4c2c3
PenPal version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
c8e1b1bf9c7f037e4e6dabb7b7ead53cf3ee460ed1dcc4ad90c3997245b0831c
Secunia Research has discovered a vulnerability in Orbit Downloader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when generating the "Connecting" log message for HTTP downloads. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into downloading from a malicious HTTP server or opening a specially crafted HTTP URL containing an overly long host name. Successful exploitation allows execution of arbitrary code. Orbit Downloader versions 2.8.2 and 2.8.3 are vulnerable.
c0fec1b2b959aed07156096d8dc79baf656806760da36812f1bc48b1d551b693
Apple Mac OSX xnu versions 1228.x and below local kernel memory disclosure exploit.
bf24b33b436c0d960a5473f70ddae9cd44c63c4bed675b467c03b9f89013530c
fzem is a MUA (mail user agent) fuzzer that fuzzes MAIL/MIME email headers as well as how clients handle SMTP, POP and IMAP responses.
599f60cea508535311603dca6768627d03bd9bcd767d3a2b1e4e869a9ece418a
OpenSite CMS version 2.1 suffers from multiple remote SQL injection vulnerabilities.
c722fda3e8d9046bc13f4a29deb7de00b07b0eb7f9f064bf5b3d32603fe3a893
The CodeGate 2009 hacking and defense contest has been announced. It will be held in Seoul, South Korea and has 40 million Korea Won in prizes (about $26,500 USD).
89a7f70973776f5f4cbc49b18077e92efbb3ee7965f3de8f66733f9f223258ce
Secunia Security Advisory - Nam Nguyen has discovered some vulnerabilities in OpenSite, which can be exploited by malicious users to conduct SQL injection attacks.
b0071ceed9a7aecc653d3af2d2decea06035ebe3c29ba9266cb508619b48caad
Secunia Security Advisory - Fedora has issued an update for gstreamer-plugins-good. This fixes some vulnerabilities, which can potentially be exploited by malicious people to compromise a vulnerable system.
1fec7015b9b709d9a0063c23d81b2f53986f7bf8820887538ffeddee40524c7f