MOAB-20-01-2007.tgz
Month of Apple Bugs - Apple iChat AIM URI scheme (referred as the 'url handler') handling is affected by a classic format string vulnerability, allowing remote users to cause a denial of service...
View ArticleMOAB-21-01-2007.rb.txt
Month of Apple Bugs - The preference panes setuid helper, writeconfig, makes use of a shell script which lacks of PATH sanitization, allowing users to execute arbitrary binaries under root privileges....
View ArticleMOAB-22-01-2007.rb.txt
Month of Apple Bugs - InputManager provided by the user. Code within the input manager will run under wheel privileges. In combination with diskutil and a wheel-writable setuid binary, this allows...
View ArticleMOAB-23-01-2007.pct
Month of Apple Bugs - A vulnerability exists in the handling of ARGB records (Alpha RGB) within PICT images, that leads to an exploitable memory corruption condition. This is the proof of concept...
View Articlemssploit.txt
Microsoft Visual C++ 6.0 is prone to a stack based memory corruption vulnerability during the processing of .RC resource files. Exploit included.
View Articlebitweaver-xss.txt
Bitweaver version 1.3.1 is susceptible to cross site scripting attacks.
View ArticleTechnical Cyber Security Alert 2007-23A
Technical Cyber Security Alert TA07-022A - The Sun Java Runtime Environment contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable...
View ArticleGentoo Linux Security Advisory 200701-14
Gentoo Linux Security Advisory GLSA 200701-14 - Mod_auth_kerb improperly handles component byte encoding in the der_get_oid() function, allowing for a buffer overflow to occur if there are no...
View ArticleGentoo Linux Security Advisory 200701-15
Gentoo Linux Security Advisory GLSA 200701-15 - Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin has...
View ArticleGentoo Linux Security Advisory 200701-16
Gentoo Linux Security Advisory GLSA 200701-16 - Adobe Acrobat Reader in stand-alone mode is vulnerable to remote code execution via heap corruption when loading a specially crafted PDF file. Versions...
View ArticleMandriva Linux Security Advisory 2007.024
Mandriva Linux Security Advisory - The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown...
View ArticleSyScan07-CFP.txt
SyScan 07 Call For Papers - The Symposium on Security for Asia Network (SyScan) aims to be a very different security conference from the rest of the security conferences that the information security...
View ArticleGentoo Linux Security Advisory 200701-17
Gentoo Linux Security Advisory GLSA 200701-17 - Liu Qishuai discovered that glibtop_get_proc_map_s() in sysdeps/linux/procmap.c does not properly allocate memory for storing a filename, allowing...
View ArticleEcho Security Advisory 2007.62
Upload Service version 1.0 suffers from a remote file inclusion flaw.
View ArticleSUSE-SA-2007-012.txt
SUSE Security Announcement - This update fixes a remotely exploitable denial-of-service bug in squid that can be triggered by using special ftp:// URLs. Additionally the 10.2 package needed a fix for...
View ArticleMandriva Linux Security Advisory 2007.025
Mandriva Linux Security Advisory - A slew of vulnerabilities were discovered and corrected in the Linux 2.6 kernel.
View ArticleGentoo Linux Security Advisory 200701-18
Gentoo Linux Security Advisory GLSA 200701-18 - Due to the improper handling and use of format strings, the errors_create_window() function in errors.c does not safely write data to memory. Versions...
View ArticleUbuntu Security Notice 411-1
Ubuntu Security Notice 411-1 - Roland Lezuo and Josselin Mouette discovered that the HTTP server code in libsoup did not correctly verify request headers. Remote attackers could crash applications...
View ArticleGentoo Linux Security Advisory 200701-19
Gentoo Linux Security Advisory GLSA 200701-19 - Tavis Ormandy of the Gentoo Linux Security Team has discovered that the file gencert.sh distributed with the Gentoo ebuild for OpenLDAP does not exit...
View ArticleMandriva Linux Security Advisory 2007.026
Mandriva Linux Security Advisory - A vulnerability in squid was discovered that could be remotely exploited by using a special ftp:// URL. Another Denial of Service vulnerability was discovered in...
View ArticleGentoo Linux Security Advisory 200701-20
Gentoo Linux Security Advisory GLSA 200701-20 - When interfacing with the LiveJournal service, Centericq does not appropriately allocate memory for incoming data, in some cases creating a buffer...
View ArticleUbuntu Security Notice 412-1
Ubuntu Security Notice 412-1 - Dean Gaudet discovered that the GeoIP update tool did not validate the filename responses from the update server. A malicious server, or man-in-the-middle system posing...
View ArticleUbuntu Security Notice 413-1
Ubuntu Security Notice 413-1 - A flaw was discovered in the HID daemon of bluez-utils. A remote attacker could gain control of the mouse and keyboard if hidd was enabled. This does not affect a default...
View Article
