eSignal and eSignal Pro versions 10.6.2425.1208 and below suffer from a file parsing buffer overflow in QUO. Successful exploitation of this vulnerability may take up to several seconds due to the use of egghunter. Also, DEP bypass is unlikely due to the limited space for payload.
45cd9b3a8b486aca462800fbb23d651421a08959c7bf6605daf83dde4828f239
Typo3 suffers from a remote file disclosure vulnerability.
73568e35077aa7c47aea2129594d8400d321d756b754c5f88202e7d0f9df9d7a
Debian Linux Security Advisory 2313-1 - Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox.
0e66a3f9f409834c4e46d8404804c078686458d479cf01ba08a626f27dcd9d48
Ubuntu Security Notice 1220-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Various other issues were also addressed.
381cb500bd82528a730aee301d5df2fea4835c168a78a002069bcb53da18ca72
Debian Linux Security Advisory 2312-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
a6902286da44592ff48572355b8fee8eb0b4d4760d83235fc8062977b61f3d9d
Whitepaper called "Embedding the Payload" or "How to avoid AV-Detection". The main goal of this paper focuses on how to undermine system integrity by circumventing anti-virus detection.
14edf4f453f8794728b0ac49c1d1ae57bab9b38e68a39ab9849188b3c9dd702d
Ubuntu Security Notice 1219-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Various other issues were also addressed.
5bbf959fff7d5604adafb12f55e81da2ac28c246748613faaed45b3156c8add2
NCSS versions 07.1.21 and below suffer from an array overflow with write2.
c6619e3f31945a8a7b5e376281cae03af5f42af0a358b23c58813c1c6078ad33
Ubuntu Security Notice 1218-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
7ce613f6fb82e60467fe2db0120524df0114dd4f622231bc1bba67151a5b6582
AmpJuke version 0.8.5 with Apache mod_negotiation suffers from a directory listing vulnerability.
66a33ea5e3bae7835afaeffc341e89465322c61b1372aa317bfcf3868a659ccf
Ubuntu Security Notice 1217-1 - Kristian Erik Hermansen discovered a directory traversal vulnerability in the SSLFile indirection base class. A remote attacker could exploit this to overwrite files with the privileges of the Puppet Master.
cb0df75e0ea4625a8f572eb50a779b751932821421ee7b8d18861e0a3ad2212f
Red Hat Security Advisory 2011-1344-01 - SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. An integer underflow flaw was found in the way SeaMonkey handled large JavaScript regular expressions. A web page containing malicious JavaScript could cause SeaMonkey to access already freed memory, causing SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
9da687a381ca20d046b5c50589b968fee6f0f6760fa5b50b72ae19d0c9de5863
Star Develop Live Help version 2.0 suffers from multiple bypass and disclosure vulnerabilities.
24452ccbb155921370872876d7c4fc4f09d76be839d05ddc5fe90d61b014a0e6
Game Servers Client version 2.00 Build 3017 suffers from a denial of service vulnerability.
8bafaef1b58fae03b23b8a5bd380a03af81a384af4e2638199592f25f97a9cd8
Game Servers Client version 2.00 Build 3017 uses IRC as the backend but failed to validate changes to a nickname.
80445d16ffe02cb047a1e223a26a3ad71167fd01c9524171970119db25b999c4
Bitweaver version 2.8.1 suffers from multiple cross site scripting vulnerabilities.
623d0f908e24c7fa3674d8b07b164861549917e2c3e65221055f5e9d41339062
Joomla! versions 1.7.0 and below suffer from multiple cross site scripting vulnerabilities.
b098c60142c11a23d57d189e2242583e2e4e51bc1fbd79e30d21c32650317397
Red Hat Security Advisory 2011-1343-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. An integer underflow flaw was found in the way Thunderbird handled large JavaScript regular expressions. An HTML mail message containing malicious JavaScript could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
3687f8be51c9a85fd3c79f10c8bab76b7b4dafaaac4db14db59c0c0b77e3d708
Ubuntu Security Notice 1213-1 - Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious E-Mail could possibly use this to access the local file system. Various other issues were also addressed.
e2949a7050ea58c1e4b98c809fd3a351a236e932e99e60259fbe202ed0e4a651
Red Hat Security Advisory 2011-1342-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird processed the "Enter" keypress event. A malicious HTML mail message could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the mail client to open malicious web content.
a8625a9160b247b90199ce4274aa8f6096c8d45553eb33684ffa4642f14866c3
Red Hat Security Advisory 2011-1341-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox processed the "Enter" keypress event. A malicious web page could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the browser to open malicious web content.
0c6ac8865b32e82e11c3f328b55e69c05b18020b7e3bc65cf024f724f351bdd1
Tajan System suffers from an arbitrary file download vulnerability.
e2df46920e2605d7c30d2221e22d7a9ff4df2e1b0b109c229e37d4fccc7cfee2
SabadKharid suffers from a remote shell upload vulnerability.
5282da357dd581ae32fbc77b153c871c6cbfe0ba268b2686d22ea2c2400903ae
A2CMS suffers from source code and local file disclosure vulnerabilities.
8fcc5c4d75232fc2e9f5081cc1bc7d530d34a2527670932c3fbaeb6afdd32248
HP Security Bulletin HPSBUX02707 SSRT100626 - A potential security vulnerability has been identified with HP-UX Apache Web Server. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
8c8491ffbdea51197735b916bafae7e01bedf7e73d74f78a14d32b3f74aa0016