Samba versions 3.0.0 through 3.0.26a suffer from a vulnerability where the processing of specially crafted GETDC mailslot requests can result in a buffer overrun in nmbd.
e72f937e9999c88ee69b8d0ed43eb0b5f32cf81db8a0f776c662af87902e6a63
HP Security Bulletin - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities may allow remote unauthorized access.
901b575005153b95860b05640b68707f3a44368b6fc1b79cdcdd6e9459d4a552
Invisible Ink is a very simple and intuitive steganography program coded in C# that embeds text into a .bmp picture file. Text can be easily encrypted/decrypted with Rijndael algorithm using a 256 byte key generated with the sha256 function.
3fd38f6939a1a6a60067a78959279f22bb85a3bc033e5a4a095fe6fbf60ad030
WordPress brute forcing utility for wp-login.php.
d64fcb649d8746f06fd0d8f6e9998a3656222a4b3bfd7caf6a87c60556bcac0c
Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "reply_netbios_packet()" function in nmbd/nmbd_packets.c when sending NetBIOS replies. This can be exploited to cause a stack-based buffer overflow by sending multiple specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request. Successful exploitation allows execution of arbitrary code, but requires that Samba is configured to run as a WINS server (the "wins support" option is enabled). Samba version 3.0.26a is affected.
82afed15d3f975d552bba9eead56ad36e744e8f82013c3f2af53a1c26f333832
Secunia Security Advisory - Some vulnerabilities have been reported in BtitTracker, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks and to bypass certain security restrictions.
74fb6862d8d545e7487a484f8eb5b4242c968312e1de4f51e943434f43b25c62
Secunia Security Advisory - Gentoo has issued an update for flac. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
e7f16c42b2f5b78a8cd71cba138c3e8c26a0bceb3c743c0eea4f6ed075e674f0
Secunia Security Advisory - Mandriva has issued an update for libpng. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
ce8180ccb9b283bf11be070e918d84a778396fe7b64544da864fe34d3f85d94b
Secunia Security Advisory - A weakness has been reported in Citrix Presentation Server, which potentially can be exploited by malicious people to compromise a vulnerable system.
5fad95c16dec8a3e07cbdf33cfb0b81bd64e1e978979bca8717268b61f0f640b
Secunia Security Advisory - SUSE has issued an update for poppler. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
066ee5efb7887821223bd46020ef1f961a33f319f968d186f54346e9127a0752
Secunia Security Advisory - Some vulnerabilities and weaknesses have been reported in PHP, where some have unknown impacts and others can be exploited to bypass certain security restrictions.
c4c89b1934f04a478723760cd6267a7c68a314bd2aea66b8b81047690e3fe959
Secunia Security Advisory - Gentoo has issued an update for firefox, seamonkey, and xulrunner. This fixes some vulnerabilities and a weakness, which can be exploited by malicious people to disclose sensitive information, conduct phishing attacks, manipulate certain data, and potentially compromise a user's system.
727010e4d25dac57628eb1874a2dcb014ec0f5ff5caa5d94f786b62f754fb924
Secunia Security Advisory - L4teral has discovered a vulnerability in AutoIndex PHP Script, which can be exploited by malicious people to conduct cross-site scripting attacks.
8a9c284844f33a9a5fe2d06e482067daafff879b804505899f6c2ebe1eb07ef0
Secunia Security Advisory - Red Hat has issued an update for ruby. This fixes some security issues, which can be exploited by malicious people to conduct spoofing attacks.
276f26b1d7d2195e581b51cdcdfb98c488e975dcea7894931527c3b91e9ac4ea
Secunia Security Advisory - ShAy6oOoN has discovered a vulnerability in X7 Chat, which can be exploited by malicious people to conduct cross-site scripting attacks.
be4ebfa9a960f2ed17f26af7413eed16529676f8c853eb14b2bd32e64c012317
Secunia Security Advisory - Emiliano Scavuzzo has discovered a vulnerability in TorrentStrike, which can be exploited by malicious users to conduct SQL injection attacks.
1f5703dcc3ee0da3beba43dd9f5f7faec34b69c4456a441b50badb191171323e
Secunia Security Advisory - Ubuntu has issued an update for flac. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
3bc27e5a8070bd063dd1401f14d7b3bcdb60746b8377afc70c9586d10a636630
iDefense Security Advisory 11.14.07 - Local exploitation of an access validation vulnerability in Apple Inc.'s Mac OS X could allow an attacker to execute arbitrary code with root privileges. When executing a setuid-root binary, the Mach kernel does not reset the current thread Mach port, or the current thread Mach Exception Port. By first creating and obtaining write access to a Mach port, and then executing a set-uid root binary, an attacker can write arbitrary data into the address space of the process running as root. This leads to arbitrary code execution in the privileged process.
ddf3efb648c973e23481ba27247dee4c3391b50406769e418dd0d2779ae4fc6a
iDefense Security Advisory 11.14.07 - Local exploitation of a heap based buffer overflow in Apple Inc.'s OS X may allow an attacker to execute arbitrary code in kernel context. The vulnerability exists within a function responsible for allocating an mbuf. mbufs are a BSD concept, long used by BSD kernels to allocate buffers for storing network related data. iDefense has confirmed the existence of this vulnerability in Mac OS X 10.4.10, Workstation and Server editions. Previous versions may also be affected.
d3636fc385ddd79f2efb43a505c489290c2f0348f9f6f5f5b934e9c58f071cf2
iDefense Security Advisory 11.14.07 - Local exploitation of a stack based buffer overflow in Apple Inc.'s OS X may allow an attacker to execute arbitrary code in kernel context. The vulnerability exists within the function responsible for adding an AppleTalk zone to an interface's routing table. A zone can be thought of as something similar to a Windows Domain. iDefense has confirmed the existence of this vulnerability in Mac OS X 10.4.10, Workstation and Server editions. Previous versions may also be affected.
36fda99fdbd5125a1d1b3bffbc10bbe5bf332f6cbb674f55ea2665d857cc06db
iDefense Security Advisory 11.14.07 - Local exploitation of a heap based buffer overflow in Apple Inc.'s OS X may allow an attacker to execute arbitrary code in kernel context. The vulnerability exists within a function responsible for sending an ASP (AppleTalk Session Protocol) message on an AppleTalk socket. When allocating a buffer, the kernel uses a user provided integer to perform an arithmetic operation that calculates the number of bytes to allocate. This calculation can overflow, leading to the allocation of a buffer of insufficient size. This results in an exploitable heap based buffer overflow within the kernel. iDefense has confirmed the existence of this vulnerability in Mac OS X 10.4.10, Workstation and Server editions. Previous versions may also be affected.
98ff4c86de36c7d39cd2880507a3d298ac1b6eba2990cfbad6dcb871ef57508f
Gentoo Linux Security Advisory GLSA 200711-20 - Bas Wijnen discovered that the Pioneers server may free sessions objects while they are still in use, resulting in access to invalid memory zones. Versions less than 0.11.3 are affected.
a1d4fce18098b44553354d8f167c9663d2da35614c7d3a6c47ce571c9c9430dd
Gentoo Linux Security Advisory GLSA 200711-19 - Stefan Esser reported that a previous vulnerability was not properly fixed in TikiWiki 1.9.8.1. The TikiWiki development team also added several checks to avoid file inclusion. Versions less than 1.9.8.3 are affected.
99b2b391e1b8c4e7204fab5ec76d9d88dc7a636333069e52a5271779d50ea093
Gentoo Linux Security Advisory GLSA 200711-18 - A buffer overflow vulnerability in the safer_name_suffix() function in GNU cpio has been discovered. Versions less than 2.9-r1 are affected.
fd33823e7ab97166450f1a66072fa2b17bed42995063e54812d268d94e68b1aa
Gentoo Linux Security Advisory GLSA 200711-17 - candlerb found that ActiveResource, when processing responses using the Hash.from_xml() function, does not properly sanitize filenames. The session management functionality allowed the session_id to be set in the URL. BCC discovered that the to_json() function does not properly sanitize input before returning it to the user. Versions less than 1.2.5 are affected.
56267a11d2e0430390325feac70669ed4b084a3bbfe8e068dc20a304ea8ef191