Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that this is a real world vulnerability which will reveal your private key within a few seconds.
85e50ed51bad2ccd298b77d5a8b7daf4ef35336d896cce52b84c4db05a6c0ba2
OpenCA Security Advisory - Multiple flaws in OpenCA before version 0.9.1.4 could cause OpenCA to use an incorrect certificate in the chain to determine the serial being checked which could lead to certificates that are revoked or expired being incorrectly accepted.
2d8bf6a4c4e3a857072f500345d0d66c8422632aae593d41cd7f4d2e92012deb
The GNU Screen utility versions 4.0.1, 3.9.15, and below, suffer from a buffer overflow vulnerability that allows local users to escalate their privileges. The screen utility is installed either setgid-utmp or setuid-root. It also has some potential for remote attacks and allows an attacker to get control of another user's screen, providing a 2-3 gigabyte transfer of data needed to exploit this vulnerability.
6dd123f1fa7d2605626d7627c38ae214dcddbe9ee058e57e88595aedaa3c365e
FreeBSD Security Advisory FreeBSD-SA-03:19.bind - A programming error in BIND 8 named can allow an attacker the ability to arrange for malicious DNS messages to be delivered to a target name server, and cause that name server to cache a negative response for some target domain name. The name server would thereafter respond negatively to legitimate queries for that domain name, resulting in a denial-of-service for applications that require DNS. Affected versions are up to FreeBSD 4.9-RELEASE and 5.1-RELEASE.
de46a2eed27c50e9d58b35e42ad502868bd6b827919f08f4908ff0233d3c61fb
Secure Network Operations Advisory SRT2003-TURKEY-DAY - Administrators using the traceroute detection utility published in Phrack Volume 7, Issue 51 may be leaving themselves exploitable to a format strings issue in detecttr.c.
33e3182819127da3ad076e5420778a32b82010b43f282830765514729f9307f2
S-Quadra Advisory #2003-11-26 - FreeRADIUS version 0.9.3 and below suffers from a stack overflow in the rlm_smb module. Successful exploitation of the vulnerability leads to code execution abilities as root.
986f4ddf02645e0675d8de23c83f5150b4fe80517b2215a3c1ec52ab1b89b1b1
Utilizing the MHTML parsing vulnerability in conjunction with the BackToFramedJpu vulnerability, a malicious attacker can obtain full MYCOMPUTER security zone access to a victim machine.
8fc2fdff885ad4c4d244ca251097a58a30fe147f299629978d607b790d85fb22
A flaw exists in the way Microsoft Internet Explorer performs MHTML redirection that can lead to a victim having executables downloaded and run. Link to a demonstration included.
5c306ddeb0aa01ef9333f01161239c18011c97126963ca69abcbbe7de0d0f94f
By combining the Microsoft Internet Explorer cache file disclosure vulnerability with several other unpatched vulnerabilities, a malicious INTERNET page can reach the MYCOMPUTER zone. Link to two demonstrations included.
cc43c3bb8c3472af6421059b2f7d473dcbcc23680fa944324c5fc42c247a1411
Microsoft Internet Explorer v6.SP1 and below has a vulnerable download function that can be exploited by a malicious attacker to gain access to a user's cache directory. Link to two demonstrations included.
dcaee30b8ef3a1cceeae51d751d897cc6278c21e1025eac9cf682ea1ae4fd7ab
A cross-zone scripting vulnerability has been found in Internet Explorer. If a web page contains some sub-frame, its security zone may be compromised. Link to a demonstration included.
a7c936db9ccb610dafbe96908b866aeba03e8da8fc499b043cc313c4e16d79ef
After applying the patch for MS03-048, Windows is still susceptible to the Hijack Click attack when performed in conjunction with the method caching attack which can make the window.move accessible again. Link to a demonstration included.
a06ff9d109e90948b1621c8cc5f4399cd3f2acd4266b9a925067a1f7cac1a306
Rapid7 Security Advisory - Sybase Adaptive Server Enterprise (ASE) 12.5 is susceptible to a denial of service attack when a login is made with an invalid remote password array. A valid login is required to exploit this vulnerability. Version 11.0.3.3 for Linux is not vulnerable.
ce1334b583816398c0865c95b48954c24802309142977d252ef92a816628f0f9
CERT Quarterly Summary CS-2003-04 - There have been documented vulnerabilities in the Microsoft Windows Workstation Service, RPCSS Service, and Exchange, various SSL/TLS implementations, a buffer overflow in Sendmail, and a buffer management error in OpenSSH. There have also been reports of W32/Swen.A, W32/Mimail variants, and exploitation of an Internet Explorer vulnerability reported in August of 2003.
111a7f74273b65a5b0d1626916be4f03e2691e306b91abf17827c06c747319c8
S-Quadra Advisory #2003-11-24 - Monit version 4.1 is susceptible to a denial of service via a negative Content-length field and is also vulnerable to a stack overflow when accepting long HTTP requests.
640b7a1304c873c6888f2e239b9dd442a50d1a7bfc300a638ff7e843e49e4c1d
Vapid Labs Security Note - The PrimeBase SQL Database Server 4.2 stores passwords in clear text. Depending on the installation user's umask settings, it may be readable by all local users.
43002c694b892879a9fefb2c4763eaa0435c8018f79e132da7c50c1395f81a57
Two vulnerabilities were found in the Opera web browser versions up to 7.22. Both are related to skin files, with one being a directory traversal attack that allows an attacker to upload a file to a victim's machine while the other is a buffer overflow in the skin file handling.
1fe7a3b278a5f299a11bc53c79e45f6df58c6100dbd0c6ca31456d8ee6312569
Xitami's LiteServe webserver versions 2.5 and below suffer from a denial of service vulnerability that stems from a logic error during the processing of a POST request.
cd786a6a7908e740a47fa4b504d54c3c4bf44e73bbf892f5c3f1f6a1c40cab1a
FreeRADIUS versions 0.9.2 and below have a tunnel-password attribute handling vulnerability. When a malformed attribute trigger gets passed, the server invokes memcpy() with a negative third argument, causing a crash.
1dadd2e3ca40a13e9ce1eb8ddd2ae503f4b94a7f5a399a92dc7c8e84b1a03849
Debian Security Advisory - Within the last thirty hours, some Debian project machines have been compromised, including the bug tracking system, the mailing list, the cvs server, and more.
0ef12d03e523eef94f8b0292d280440a7f426a02ad7d189e7d7177ba2242a834
Atstake Security Advisory A111703-2 - A directory traversal vulnerability lies in the web-tools component of the SAP database server that enables any remote attacker to gain access to any file on the host due to the server running as SYSTEM. The Web Agent Administration service pages are also open by default, allowing any remote attacker to reconfigure the server as they see fit and the service also has at least one buffer overflow vulnerability. Default services within the Web Agent, such as waecho, contain buffer overflows that can be exploited remotely. The session identification generated is also considered to be unsafe since they are stored in the URL and not kept in a cookie either.
cfe1dbd3931e689a57bfc15b63567e94bcca765a6d0bc9f4b283731e4015c6bd
Atstake Security Advisory A111703-1 - Using the SQLAT stored procedure, a local attacker can obtain system access by swapping the NETAPI32.DLL in the current working directory. There is also a remote buffer overflow in the niserver interface on TCP port 7629.
3fbb71973327006d5917535cafb01158647356e443df45dc5dcdececc29c125b
The Symbol PDT 8100 does not attempt to change its default existing WEP keys during installation. If not changed, the PDT 8100 will reveal the WEP keys to any user in plain text by taping on the wireless icon on lower right hand of 8100 and scrolling to the 'encryption tab'. A stolen PDT 8100 or copied keys can allow an insider the ability to totally compromise the Wi-Fi network.
0ef878b8880cfbb42ed45bacdfc32fa99f275624901e1d58461985859e733d1f
Secure Network Operations Advisory SRT2003-11-13-0218 - Symantec PCAnywhere versions 10.x to 11.x allow for a local attacker to gain SYSTEM privileges via AWHOST32.exe that can be run via an icon.
06a0532b6f5bf502d7995e8c3aae01db81045cd634c514dc2d89f1ab19d59781
Corsaire Security Advisory - The PeopleSoft PeopleBooks Search CGI is susceptible to argument handling vulnerabilities that allow a remote attacker to gain access to files outside of the webroot.
54bdecc65f1cc150934bc3dc63cf2ef28eea6cf37d5cea1c26b8bb166ac96381