Zero Day Initiative Advisory 11-136 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Directory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in how ibmslapd.exe handles LDAP CRAM-MD5 packets. ibmslapd.exe listens by default on port TCP 389. When the process receives an LDAP CRAM-MD5 packet, it uses libibmldap.dll to handle the allocation of a buffer for the packet data. A specially crafted packet can cause the ber_get_int function to allocate a buffer that is too small to fit the packet data, causing a subsequent stack-based buffer overflow. This can be leveraged by a remote attacker to execute arbitrary code under the context of the SYSTEM user.
5856c905992ce3367f10fbd82bf9872e59657ed8b978886f53701ed9eeb4747f
Wireshark versions 1.4.1 through 1.4.4 SEH overflow exploit that spawns calc.exe.
1190bfbcea843e5145744418548830b04cb799c34c387f3a3edb3bd512300dbd
Pastebay suffers from a password bypass vulnerability.
ebd3027c69a1ad01ec43a6aa1d8a4c8ab3b282c31cdbd8211cfa94df34fbbaff
A potential cross site scripting vulnerability has been identified in RSA? Adaptive Authentication (On-Premise) that could be exploited in certain circumstances. This is due to an input validation error in a Flash Shockwave file provided by the Adaptive Authentication system.
a83fabf54ed5f3331ab76f5aae6561209b00f4bf7ffb46fbdc69a206932bb910
Ultra Marketing Enterprises CMS and Cart suffers from a remote SQL injection vulnerability.
d34005c364f7d4611990f005c5880bba9ad4ebb113ae3607456293769682cd4a
Ubuntu Security Notice 1113-1 - It was discovered that the Postfix package incorrectly granted write access on the PID directory to the postfix user. A local attacker could use this flaw to possibly conduct a symlink attack and overwrite arbitrary files. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. A remote attacker could exploit this to inject cleartext commands into TLS sessions, and possibly obtain confidential information such as passwords.
6aa138e4da81ce01a79a100e10f8c8db333638d58fca582399c80a99743e1fb6
Windows Credentials Editor (WCE) allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes and Kerberos tickets). This can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.) which can be used to perform further attacks, obtain Kerberos tickets and reuse them in other Windows or Unix systems.
099e55d14489dafd73cfdfa5499d3104b38a4256c3df9a93abae54beaa077d30
EMC NetWorker contains a potential security vulnerability that can be exploited to execute malicious code with elevated privileges on the affected system.
865a9f3693f441082930e4366c848c4a8368c6122943070f7ee2590626605e5f
Go Null Yourself E-zine Issue 4 - Topics in this issue include Lattice-Based Cryptography, The Tech Behind Credit Cards, MapReduce Part 2, 303-833-00xx Scan, and more.
35eabf498921a3ff749db28d5d9622b428e8b2a603b121475303b55a264a85bc
CRESUS suffers from a remote SQL injection vulnerability.
c25206e4b15dfe30428563597e1a1363d64b556f27415c22c47d4f718789b052
Secunia Security Advisory - Fedora has issued an update for proftpd. This fixes two vulnerabilities, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service).
ccafd038dcde1e733e4b0fe7bb2f1aa78dc535b69cc46dc88c1e7b292d77d091
Secunia Security Advisory - A vulnerability has been reported in Mojolicious, which can be exploited by malicious people to disclose potentially sensitive information.
aad435433a3873a784ff551ce1b5893c38b4067071e9cc95e4a411bdae38e924
Secunia Security Advisory - Some vulnerabilities have been reported in Perl Jifty::DBI, which can be exploited by malicious people to conduct SQL injection attacks.
ee16a2eae7ff772f1e2c5bd0a66d63508362ce64912f5fd126c4f08e1aadd575
Multiple Drupal themes suffer from cross site scripting and denial of service vulnerabilities. Affected themes include Fresh News, Inspire, Spectrum, Delegate, Optimize, Bueno, Headlines, Daily Edition, Coffee Break, The Gazette Edition.
165887f15d9354eaf9b8d1bb945cb0dc9da0684b19cf44be05684f5b05d60ae6
Secunia Security Advisory - A security issue and a vulnerability have been discovered in MyBB, which can be exploited by malicious people to disclose certain sensitive information and conduct SQL injection attacks.
803f1203cf51ac1479e8ec409f0b5cbd3b365d60fbb263c69a398552b5100509
Secunia Security Advisory - Fedora has issued an update for libmodplug. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
e1e304df70aa4ca0fbdb0f36fcdadfebd76f644ae156cfe2d94668d90d57c6ef
Secunia Security Advisory - A vulnerability has been discovered in Thunar, which potentially can be exploited by malicious people to compromise a user's system.
2a6071287d06bd3824ab732a02050b854a96d3f94e13dbf03c1fdbe733b1bfe1
Secunia Security Advisory - Fedora has issued an update for tmux. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
a94b1de5c9aa0257247acd99483ddb9e56469c33b019b3eacea9f7eae5cdad51
Secunia Security Advisory - Justin Case has reported a weakness in Skype for Android, which can be exploited by malicious people to gain access to sensitive information.
fae84ac51ac8b67252c924423fdae24c29c3e61ebfd8895a4d5d580f6d947bb6
Secunia Security Advisory - SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
14a64815e3d847dcb4f353283f97876a57888b127e13a7b21aae5a6e887d2251
CompactCMS versions 1.4.1 and below suffer from remote file inclusion and disclosure issues.
9d0a94503eb969764632bc54f78faa71ffad44a133f3df985cbb8c6eaf655d53
Google Chrome version 10.0.648.205 stack exhaustion exploit.
82d6dc22eadb26bdd8279068c3bbf816cda86c79a4185c6e44c2d3edaa340479
Secunia Security Advisory - SUSE has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
13cc27186d5ff20728460c4b2bea54234313f92beb4e86bc06a266b766608ed0
Secunia Security Advisory - SUSE has issued an update for libmodplug. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
771592ce52c244bd9d96461d89141463905d30ace60ab8aebec9d96e7dc8ec94
Secunia Security Advisory - SUSE has issued an update for dhcp6. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
4fb77a1d56d114d8ac31369cca5138277372854eb3228928974ad1cea50d8e32