The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It is a complete and free replacement of PGP and can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440.
55d457b55029c60eec571c2e739f3c0e639d411863b58a12178cdc63834036d7
On October 13th, VSR identified a vulnerability in the RDS protocol, as implemented in the Linux kernel. Because kernel functions responsible for copying data between kernel and user space failed to verify that a user-provided address actually resided in the user segment, a local attacker could issue specially crafted socket function calls to write arbitrary values into kernel memory. By leveraging this capability, it is possible for unprivileged users to escalate privileges to root.
bb09d9a3c04ad643125f43810191104a9e73f9ab75e3f77d497d3f284186f60b
Debian Linux Security Advisory 2121-1 - Several remote vulnerabilities have been discovered in TYPO3.
9f31d86f0c9890972a141396443bf16c6f0211872ce29a88ba8d4f731d4bcd8d
Mass Player version 2.1 denial of service exploit that creates a malicious MP3.
a54c9c66995f3323b59bad42dea46559d147a6ad10049eb593451e41537bea96
Linux kernel versions 2.6.36-rc8 and below RDS privilege escalation exploit.
0262577e3e756fba60e9c378405ae208ebb9563222e21ca4a4b81be04b89e9d5
The Joomla Pinboard component suffers from a remote file inclusion vulnerability.
c6de98b9e55b5cce96ce82066ab3e168a38d9c805d589bd3ac74a99672590d5c
Ubuntu Security Notice 1006-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Please consult the bug listed at the top of this advisory to get the exact list of CVE numbers fixed for each release.
850231d22e4e039031fdbe3b0919990135c6a5d8f5d28660a17d5f59d45c328d
Ubuntu Security Notice 1005-1 - It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
aa17a3eeb716db23502d1975ca7e931f955fb299819a5f2e41cd2eefe2cc7f1e
Alpha 2 Player suffers from a denial of service vulnerability.
7194fc4056da407f18ef6473af5c70ae287e026950fbd6437db36c1d650d72d9
Hanso Converter proof of concept buffer overflow exploit.
d359843f86c25828af9016008bd1ab26733f78b0249c6825028d9205e16cc43e
Comet Bird version 3.6.10 suffers from a denial of service vulnerability.
d557327adb6a9786bc4eb21e687ad3661309c0567c57ddb4e9adc94c4fea1206
phpCheckZ version 1.1.0 suffers from a remote blind SQL injection vulnerability.
0b1bb1585ec44d7b1fdc20394fa4379b5c6f385e14d6d0a61e66142fb42efc7d
The Joomla Flash Fun component suffers from a local file inclusion vulnerability.
1442726647e4a4cd481f96a32e1ef5c22ee12890959f9c5744085de8eccdea9f
The Joomla Eventcal component suffers from a remote file inclusion vulnerability.
ed1d9687601061731518a3666674e827f0ba5078065db7befe7c1a9df6f34b57
Fully modded phpBB 2 suffers from a remote file inclusion vulnerability.
a02be4dff38fc6878b4edc482e78296b60211be5098b8306f0bf9bf08abdc9bc
The Oracle JRE - java.net.URLConnection class - suffers from a same-of-origin (SOP) policy bypass vulnerability. Malicious java applet proof of concept code included.
684e4a423891f26208272a79e0c2ad2eaf32f462ca567e478c4c7e944d297158
Acer OrbiCam version 9.4.4.1084 DLL hijacking exploit for mfc71ptb.dll and mfc71loc.dll.
337313351bd3abde1e919a1d92b488a19efd19709047ccbe1e27dff641da53d0
Zero Day Initiative Advisory 10-217 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Informix Database Server. SQL query execution privileges are required to exploit this vulnerability. The specific flaw exists when processing the arguments to the DBINFO keyword in a SQL query. User-supplied data is copied into a stack-based buffer without proper bounds checking resulting in an exploitable overflow. Exploitation can result in arbitrary code execution under the context of the database server.
990caf2230cdcb212415de0117be5a3d713a2971be732bed1943d8a82cdd0872
Zero Day Initiative Advisory 10-216 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Informix Dynamic Server. Authentication is required in that an attacker must have valid credentials to connect to the database. The specific flaw exists within the oninit.exe process bound by default to TCP port 9088 or 1526. A lack of sanity checking within a logging function can result in a stack based buffer overflow leading to arbitrary code execution under the context of the SYSTEM user.
6f7aff4418ac8a8fe3e9607ec654c2e0784a08420f6cdaf37bf0d0d9b7e2b6d6
Zero Day Initiative Advisory 10-215 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Informix Dynamic Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RPC protocol parsing library, librpc.dll, utilized by the ISM Portmapper service (portmap.exe) bound by default to TCP port 36890. A lack of sanity checking on supplied parameter sizes can result in an integer overflow and subsequent heap buffer under allocation which can finally lead to an exploitable memory corruption.
e4f0185721fdcc0b952f3e54b4429d682a0fcbfb275e45b71a810cec8a80ff8b
Secunia Security Advisory - A vulnerability has been discovered in Phoenix Project Manager, which can be exploited by malicious people to compromise a user's system.
c21719440607a07e7d363271e95fcf388757249ed928c33ac66930d2d101d98b
Secunia Security Advisory - Fedora has issued an update for java-1.6.0-openjdk. This fixed multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, and compromise a vulnerable system.
0fca41b90cac9444b55cbfae9e165a0ce9875e8b5ca2af788729c9526495c727
Secunia Security Advisory - Fedora has issued an update for freetype. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.
285bccc3251256466e280bec5261638f8da860ef3e93bc8244f6745176503712
Secunia Security Advisory - A vulnerability has been discovered in Cool iPhone Ringtone Maker, which can be exploited by malicious people to compromise a user's system.
b3f1b900b97fc1aab8d44099bf8859dd80e76fd565125e55845948fa1dbfac35
Secunia Security Advisory - A vulnerability has been discovered in Free 3GP Video Converter, which can be exploited by malicious people to compromise a user's system.
24d4a955cb84f3b0d031baddf758c47551288297d674346e9544864d5fcce0e1