Mandriva Linux Security Advisory 2009-066 - PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within.htaccess, which causes this setting to be applied to other virtual hosts on the same server. The updated packages have been patched to correct these issues.
ca933f1a927d0df3b27c6a1b7eeda71f826379ed09c2498ed13db80970312993
Mandriva Linux Security Advisory 2009-065 - A vulnerability in the cURL library in PHP allowed context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files using a special URL request. Improved mbfl_filt_conv_html_dec_flush() error handling in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c. PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within.htaccess, which causes this setting to be applied to other virtual hosts on the same server. The updated packages have been patched to correct these issues.
81600b7210442d8910e0548f3b3b74df0d0b40a044f36901a7a75ad77feb28fc
Zero Day Initiative Advisory 09-013 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the browsers garbage collection process. When multiple DOM elements are cloned and linked to one another and the browser is reloaded, a memory corruption occurs resulting in a double free. This can be leveraged to execute arbitrary code under the context of the current user.
0bb471f99cb66d2fc4546dadd4aae02b2dace0754a8ccc7acff4816edca47a99
libc:fts_*() suffers from a denial of service vulnerability. This affects multiple vendors.
f1f7b02d628966dda851d771301cd67c0c164e16441e34b7ea9c6101aecb9818
CelerBB version 0.0.2 suffers from information disclosure, remote SQL injection, and authentication bypass vulnerabilities.
0c342572d915e21b74cfb7c2197aa40577eb1cccf57a7196c439f8d999413940
Amoot Web Directory suffers from a remote SQL injection vulnerability that allows for authentication bypass.
f0c557dca5195c66b5b216ea2029e3057a78cd2578305378a0b02d8e522b2c93
Whitepaper called TippingPoint IPS Signature Evasion through Packet Fragmentation.
fb443bf9924fe8e7be65e5ed6fa20814c640898d19822ad5151f928081513346
Whitepaper called Compilation and interpretation of exploit in Perl, PHP, Python, C, and C++. Written in Spanish.
9ed32ef51af5089ba0487b867388896bad2a6f52c94dad8b84338fc35e87a10b
Whitepaper called Security in the Computer Science Systems, or Seguridad en los sistemas informaticos. Written in Spanish.
62c4ffb7dc3222cb78d7a9f4619266a925e0b5dd226d6d1a0e2fd69aadcd8d2a
Internet Explorer 8 beta RC1 has a flaw that allows for domain name spoofing.
18a9e3ecbc14c0c76b54cf49a03ddc3677e5d291ef28940276dc506adef42519
SupportSoft DNA Editor module code execution exploit that leverages dnaedit.dll.
b4f171a5e1092d8dd52b815a5ccb43eebcf3330cbda106d95b211bbf4af57c9b
Debian Security Advisory 1734-1 - b.badrignans discovered that OpenSC, a set of smart card utilities, could store private data on a smart card without proper access restrictions.
1b75cb3c932d0a9639d9ae1c209e4d5e96fc0e363b607bced179a41b05e1c063
Blind SQL injection exploit for the Joomla iJoomla Archive component.
de4fa36fc87561f1ca3be8cda3da36eb798e3a82dc96ddf4510616b6b0a22d21
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
4bab09503632cca180ca6d63e9b714c2a720ca80e8534d3f1d67ce17a33ffcd7
Media Commands local buffer overflow exploit that creates a malicious .m3l file.
7ca25845f3bb0815393b872c0f25e86a1b46d43762d96eabee23fef2aa5393a4
Media Commands universal SEH overwrite exploit that creates a malicious .m3u file.
fc07ad8a960e401c4030b83347ee666cbfdc0b93b2c03f893e1521e51d57a158
Winamp versions 5.541 and below skin universal buffer overflow exploit. Launches calc.exe.
5205111a1315db28c3d3ab7879b96c792bb6fd5b57802735fb65549a6e5b8435
It has been confirmed that djbdns versions 1.05 and below lets AXFRed subdomains overwrite domains. Patch included.
03f48b351a5eebe4464acf5d6ae3dc83aa3868d7065e42129d362f28db0c61cf
Secunia Security Advisory - Fedora has issued an update for psi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
f0412dd6d6eeaa7cad9afb2ea9391bf729335549a9dc15e2caff968f1910fcd2
Secunia Security Advisory - Some vulnerabilities have been reported in IBM DB2, which can be exploited by malicious users or malicious people to cause a DoS (Denial of Service).
8d704a2bb899c0ebf6be739fbf836b6013eaddfa6f6e74e85e41d7bd826825f1
Secunia Security Advisory - A vulnerability has been reported in FileZilla Server, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
0d560d6d8da694b058e7edeee741885222b569f834b2c2dc1eb8428130111308
Secunia Security Advisory - Ubuntu has issued an update for curl. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
f3e641a12e90a30d0274e31de9b3dbace97a299b678f414bd2004e87c6b784d2
Secunia Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by a malicious, local users to cause a DoS (Denial of Service).
1ba8055aadf064cb1ff0bab19ed0c067cadd65e107b0f7592c75bcf4b3568393
Secunia Security Advisory - A vulnerability has been discovered in Easy File Sharing Web Server, which can be exploited by malicious people to disclose sensitive information.
c2383445480bc4799f4123e976e00b14b8ca7b80a1133861ed5b1cdc8a5d1e5e
Secunia Security Advisory - Red Hat has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system.
3cac7ed8fa88819a9f53d16bcb1e969803a5ddbc9275f0a2d8b6b259a1b11a9e