Mandriva Linux Security Advisory 2010-149 - Multiple stack overflow flaws have been reported in the way FreeType font rendering engine processed certain CFF opcodes. An attacker could use these flaws to create a specially-crafted font file that, when opened, would cause an application linked against libfreetype to crash, or, possibly execute arbitrary code.
518eb7bc7249ad25eb6d7bc3621939600acc7d6993a1e8df6ecbb549a4c20422
Mandriva Linux Security Advisory 2010-148 - The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a title element.
73a7687798f1b3157fd274c9233b6be9be55b40d328958b872821cf557c661b4
Kleeja Upload suffers from a cross site request forgery vulnerability.
fd61cf219adc0ef603546ae4d6599c46d3e9905cf472f8059c220103bcca4f2f
XM Easy Personal FTP server version 5.8.0 LIST denial of service exploit.
c83660d7bfa16835f8fc510c19e204667bb86cc9276b7a289c86d307af49f792
Zero Day Initiative Advisory 10-154 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. Authentication is not required to exploit this vulnerability. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Webkit's support of the 'first-letter' css style. If a particular container has the first-letter style applied to it, the library will create a dual reference of text associated with the style for rendering. Later upon repainting or style recalculation, the application will access the freed memory which can lead to code execution under the context of the application.
3951684f1716662b2cac29b6c91dc732a02ca2ec783ab311c518fb0f9371c01c
Secunia Research has discovered two vulnerabilities in glpng, which can be exploited by malicious people to compromise an application using the library. Version 1.45 is affected.
62dffe4cc0c16f226e1002bd5370546eea705a941e53ae15e5e4e6afe93e9ac5
Knowledge Tree version 3.5.2 Community Edition suffers from a cross site scripting vulnerability.
65b5ab4307f29b1908dcd9471f717446315c695b85f7a9d86eb2fee0279fd694
Zero Day Initiative Advisory 10-153 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's process for handling floating elements within an SVG document. During layout of the element, the application will mismanage references to the floating element. Later the application will attempt to destroy this reference triggering corruption. Successful exploitation can lead to code execution under the context of the application.
78008edd511b51fe7b3b0d9b75ba9c15c19ece2e512aaa6e1d7c220bcf9f6622
SaurusCMS version 4.7.0 suffers from a remote file inclusion vulnerability.
f36142a9228cf0b85a45e651ee04d6e05f6b99ee3c43441fd5372de0eb476a42
Cisco Security Advisory - The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine contain denial of service vulnerabilities during RTSP, HTTP, RTSP, and Session Initiation Protocol (SIP) inspection and SSL.
7298347b56f8e1e5b7879f304cdd126959fccbef77415baf7441185da3b4d5d5
Ubuntu Security Notice 970-1 - It was discovered that GPGSM in GnuPG2 did not correctly handle certificates with a large number of Subject Alternate Names. If a user or automated system were tricked into processing a specially crafted certificate, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
d7bcec645912901061545ca9bcf57c0e030208a29b948c2923a6ce3ec1c00633
The Joomla Slideshow component suffers from a remote SQL injection vulnerability.
2d4defc814900863d15083adcf414001e5283a8971ea6543296868eb1ca01e1c
Whitepaper that discusses remote blind SQL injection attacks in detail. Written in German.
42dfb7664f17cc3f790cbd242aaaac8493154a617b2595c33c22727656a90308
Whitepaper called XSS - Anwendungsbeispiele (applications). Written in German.
5e19318e968c0d45973a5dd8dfb350e46e449352defda944ca511f32ee71f39a
Apache JackRabbit version 2.0.0 suffers from a XPath injection vulnerability.
7b8b167d2f5d54b7350164f5d4b901a3ff35dfb56a0dbf1fdb02beaff079e1c5
CMS WebManager-Pro version 7.4.3 suffers from a remote SQL injection vulnerability.
06b7ba04a9d397ea882b0d50d342ee572399ea50d2547cf221300119bf5cdfa0
Zero Day Initiative Advisory 10-152 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the method by which the Webkit library renders right-to-left text. If a linebox has a width greater than it's container, Webkit frees an object that upon page destruction is freed again. An attacker can exploit this to code execute remote code under the context of the application.
0d821921961855aa077a525f40ea582a0a9f3e301018df738f67d59eec7e6308
Zero Day Initiative Advisory 10-151 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing the plcffldMom structure within .doc files. By crafting malicious values within this structure an attacker can force the program to make faulty heap memory allocations. This can be leveraged to execute remote code under the context of the user running the application.
af7a71de10340bf992abdf02ff97ff8f45dd9188ce7c32dc693b704f69e5deba
Cisco Security Advisory - Cisco Wireless Control System (WCS) contains a SQL injection vulnerability that could allow an authenticated attacker full access to the vulnerable device, including modification of system configuration; create, modify and delete users; or modify the configuration of wireless devices managed by WCS.
ddd44cc2036dbd2ae479fbceb7f6c9b2989611eb48a85d72e6c95b42fdaf0c4a
Whitepaper that discusses collisions in PDF signatures in-depth.
deab72db5e62904f79476190f3a232216350201d701f5a141e047aa2b847da81
CombiWave Lite version 4.0.1.4 suffers from a denial of service vulnerability.
382da8d214160fd591ac3d139898fb1afd66752bd0e5ebe6ef8aad071e60ecfc
RightMark Audio Analyzer version 6.2.3 suffers from a denial of service vulnerability.
c53ad9485ab59209a4d88646bd039ab28962b1a3043b63d809e45d3c6025e8ca
Windows Live Messenger versions 14.0.8117 and below animation remote denial of service exploit.
1d770dd0722af1d8019849ae542297ee7bff2c18a550ef57a95bbb6144101a65
Zero Day Initiative Advisory 10-151 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ebus-3-3-2-6.dll module responsible for parsing GIOP requests for multiple processes. While parsing the first packet the function OBGIOPServerWorker::extractHeader trusts the provided size of the next packet and attempts to re-allocate a buffer. By providing a large enough value an integer overflow can occur and the buffer can become undersized. A later memory copy using the original value specified in the packet can copy controlled data to the heap buffer. The affected services spawn multiple threads frequently enough that an attacker can theoretically win a race condition by sending multiple requests thus forcing the process to access the corrupted memory while the overflow is occurring. Successful exploitation would lead to remote code execution in the context of the SYSTEM user.
b13eee543090b3697b177b3afa8dbc1a6d864d1b74b79a7299f6ee407dbd114b
The Adobe Coldfusion administration console suffers from a traversal vulnerability that allows for unauthenticated file retrieval.
59cbe441b1cfdd493b736961317513e747a4567e06054074f35b525e6cd63aed