Kurdish Security Advisory #10: MF Piadas 1.0 Remote File Include Vulnerability and cross site scripting.
f6193cc9e4bf8890ce152e0b0626ed3c3b64b17dde10719899fb2b5518b5812f
SUSE Security Announcement SUSE-SA:2006:037: The freetype2 library renders TrueType fonts for open source projects. More than 900 packages on SUSE Linux use this library. Therefore the integer overflows in this code found by Josh Bressers and Chris Evans might have a high impact on the security of a desktop system.
a65f089c3a17784822afe0eba17743d2a60be152567b2595210185499bd06b3c
Ubuntu Security Notice 307-1: TAKAHASHI Tamotsu discovered that mutt's IMAP backend did not sufficiently check the validity of namespace strings. If an user connects to a malicious IMAP server, that server could exploit this to crash mutt or even execute arbitrary code with the privileges of the mutt user.
a433e0a7e41a1c1f2bb2a661881ce12bf916ac086a08d13a910b2126a449808f
Ubuntu Security Notice 306-1: MySQL did not correctly handle NULL as the second argument to the str_to_date() function. An authenticated user could exploit this to crash the server.
fc3713a621ae408e057633edcdacf72464b08a67999cdf049e4aa0250817e127
Ubuntu Security Notice 305-1: When processing overly long host names in OpenLDAP's slurpd replication server, a buffer overflow caused slurpd to crash. If an attacker manages to inject a specially crafted host name into slurpd, this might also be exploited to execute arbitrary code with slurpd's privileges; however, since slurpd is usually set up to replicate only trusted machines, this should not be exploitable in normal cases.
050535df00cc3c879a950767337feb6a98901d471efb4a320dc49b7296e16738
Symantec Vulnerability Research Security Advisory SYMSA-2006-006 - Lotus Domino SMTP Based Denial of Service: There exists a Denial-of-Service condition within NROUTER when parsing meeting requests. The result of which is that no external or internal mail will be delivered during the processing of the malformed message.
a07db676c737cf141f460ae87b3a7e88945979eb5d19aa822edba5e87bd0bc01
The Universal Hooker is a tool to intercept execution of programs. It enables the user to intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory. The Universal Hooker tries to create very simple abstractions that allow a user of the tool to write hooks for different API and non-API functions using an interpreted language (python), without the need to compile anything, and with the possibility of changing the code that gets executed when the hooked function is called in run-time.
30d173c3ac0c5fdffc35b8ba8b0f94d4420dc0d38002684c850ab21c7af36253
Jaws versions less than or equal to 0.6.2 Search gadget SQL injection and admin credentials disclosure exploit
6501b3a82ca0af55b95509761aa1f0c82b0bd821c53b1843b1f9d39c1816673d
It is possible to use the error_log function to bypass safe mode in PHP 5.1.4 and 4.4.2
69dcde6236188d1a1843507726eaab7b5d146ea0cda8bb889b32fc10c645b338
Windows Live Messenger 8.0 Contact List heap overflow exploit.
746c6eebe4b80e97b9ca984db02bc07486dbd521c90c7a129a7bfa63a36deeb8
exploit for all versions of yabbse that retrieves any users password hash.
cfdfdf127220b379e824bae8db741a18c7b8280f69303c3c2a9034e52bf3565c
POC code that crashes the Flock web browser using the marquee tag bug. Tested on Flock beta 1 (v0.7) and XP service pack 1.
ec0068f9fd53ef86b96bf84cca7bc571344b8efd2839c9cbca385eaa74b81aae
Z4CK is a cyber thriller which includes a gripping story line with an insight into realistic hacker tools and techniques. The main story is about a hacker who creates the ultimate security tool capable of breaching any network security. Other tools such as Nmap, Nessus, Hydra, and Netcat are also put to good use in this novel. The PDF is completely free to download.
4d20b44b8248610c702df19f32236850bb03226e31e5f24f5e70b4b65fce5512
Digital Force is the follow-up to Z4CK. Again realistic hacker techniques and tools in this cyber-thiller which has several twists. Duncan Steele must work for the UK Government elite hacker unit 'cyber-secure'.
3ff27d3ac0705597ec128e42ea1694d4ad7e083f5b05a81ee1978b9e15f6de33
Secunia Security Advisory - Secunia Research has discovered a weakness in Opera, which can be exploited to display the SSL certificate from a trusted site on an untrusted site.
8cc82aa44ecfc7312c40cf1105428d6bd481042beeedb7afc3c089be4541e82d
Secunia Security Advisory - SUSE has issued an update for freetype2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise applications using the library.
94a71fca61d0da5e09bc0aff1013a24aa3bba4a500cc9f4967e6fb0be9d232ba
Secunia Security Advisory - Two vulnerabilities have been reported in IBM WebSphere Application Server, where one has an unknown impact and the other can be exploited by malicious people to gain knowledge of sensitive information.
907f26ae4bbbb68122af319b11a8e7358a9d55cfefbda329deb48437db46b8b5
Secunia Security Advisory - Darren Bounds has discovered a vulnerability in Trend Micro Control Manager, which can be exploited by malicious people to conduct script insertion attacks.
d5b85b9371dc275902a7b772cc8961ad90de171fd38155dcb8d3ef9920d7463d
Secunia Security Advisory - Moroccan Security Team has discovered two vulnerabilities in Open Guestbook, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
9622c104f9705198ccc5d9ab8476bcfc570d83578f10bf20d1231d4e88693baa
Secunia Security Advisory - r0t has reported some vulnerabilities in H-Sphere, which can be exploited by malicious people to conduct cross-site scripting attacks.
9b5a802bf7726ba03baf390630655c8639db11051f1d7f9bf40c6e8bd02d3ac3
Secunia Security Advisory - A vulnerability has been reported in Hashcash, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.
6c20ad9c67ca1cc7aa8c74127e7cda7c40f35f2601bba363e6db52ae60bc9cca
Secunia Security Advisory - Ubuntu has issued an update for gnupg. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
4db01ba2c467a7a906bab10ac5f422af05fa672bd3eecbecbd1ef9366df26448
Secunia Security Advisory - A vulnerability has been reported in EnergyMech, which can be exploited by malicious people to cause a DoS (Denial of Service).
6309b17c8c6eecf74788a59a41dd552c6689e6980749bab1781e225fefaf1360
Secunia Security Advisory - A vulnerability has been reported in HP-UX, which can be exploited by malicious people to cause a DoS (Denial of Service).
3f6921f7a3d742d1c24f27f64b9b88316e3b5e5ad27fd13aecd652e7c9f7d956
Secunia Security Advisory - Slackware has issued an update for gnupg. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
664ac682d2f0052b7ec9d622116c72a58a2ee6522ee7c0cee5fb21f2b88dfc1b