CVE-2006-5633

Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service crash by creating a range object using createRange, calling selectNode on a DocType node DOCUMENTTYPENODE, then calling createContextualFragment on the range, which triggers a null dereference. NOTE:...

[SECURITY] [DSA 1200-1] New Qt packages fix integer overflow

------------------------------------------------------------------------ Debian Security Advisory DSA-1200-1 [email protected] http://www.debian.org/security/ Noah Meyerhans October 30, 2006 - ------------------------------------------------------------------------ Package : qt-x11-free...

IRIX (5.3/6.2/6.3/6.4/6.5/6.5.11) /usr/lib/print/netprint Local Exploit

No description provided by source. !/bin/sh copyright LAST STAGE OF DELIRIUM jul 2000 poland ://lsd-pl.net/ /usr/lib/print/netprint This code gets released due to another post to the Bugtraq mailing list. For IRIX 6.3 and above this privilage escalation attack can be conducted by local lp users...

AIX 5.1 Bellmail Local Race Condition Exploit (Instructions w/ Exploit)

No description provided by source. -bash-2.05b$ -bash-2.05b$ cat xaix5bellmail.pl !/usr/bin/perl FileName: xaix5bellmail.pl Exploit "Race condition vulnerability BUGTRAQ ID: 8805" of /usr/bin/bellmail command on Aix5 to change any file owner to current user. Usage : xaix5bellmail.pl aimfile aimfi...

PHPForge3b2.txt

PHP Forge 3b2 /inc/inc.php Remote File Include Vulnerability Source Code: http://www.comscripts.com/jump.php?action=script&id=697 Vulnerable Code: require$cfgracine."inc/vars.php"; require$cfgracine."inc/config.php"; require$cfgracine."inc/fonctions.php"; require$cfgracine."inc/systeme.php";...

PHP Forge 3b2 (/inc/inc.php) Remote File Include Vulnerability

PHP Forge 3b2 /inc/inc.php Remote File Include Vulnerability Source Code: http://www.comscripts.com/jump.php?action=script&id=697 Vulnerable Code: require$cfgracine."inc/vars.php"; require$cfgracine."inc/config.php"; require$cfgracine."inc/fonctions.php"; require$cfgracine."inc/systeme.php";...

Debian DSA-873-1 : net-snmp - programming error

A security vulnerability has been found in Net-SNMP releases that could allow a denial of service attack against Net-SNMP agents that have opened a stream based protocol e.g. TCP but not UDP. By default, Net-SNMP does not open a TCP port. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian DSA-1072-1 : nagios - buffer overflow

A buffer overflow has been discovered in nagios, a host, service and network monitoring and management system, that could be exploited by remote attackers to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Debian DSA-1016-1 : evolution - format string vulnerabilities

Ulf Harnhammar discovered several format string vulnerabilities in Evolution, a free groupware suite, that could lead to crashes of the application or the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

MS06-058: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)

The remote host is running a version of Microsoft PowerPoint that is subject to a flaw that could allow arbitrary code to be run. An attacker may use this to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it...

FreeBSD : freeciv -- Packet Parsing Denial of Service Vulnerability (339fbbc1-4d23-11db-b48d-00508d6a62df)

Secunia reports : Luigi Auriemma has reported a vulnerability in Freeciv, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to an error within the handling of the packet length in 'common/packets.c'. This can be exploited to crash the...

[SECURITY] [DSA 1184-2] New Linux 2.6.8 packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1184-2 [email protected] http://www.debian.org/security/ Dann Frazier September 26th, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1183-1] New Linux 2.4.27 packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1183-1 [email protected] http://www.debian.org/security/ Dann Frazier September 25th, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1173-1] New openssl packages fix RSA signature forgery cryptographic weakness

-------------------------------------------------------------------------- Debian Security Advisory DSA 1173-1 [email protected] http://www.debian.org/security/ Noah Meyerhans September 10th, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1166-1] New cheesetraceker packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 1166-1 [email protected] http://www.debian.org/security/ Steve Kemp September 3rd, 2006 http://www.debian.org/security/faq -...

POC & exploit for Apache mod_rewrite off-by-one

Public release date of POC/Exploit: 2006-08-20 Author: Jacobo Avariento Gimeno CVE id: CVE-2006-3747 Bugtraq id: 19204 CERT advisory: VU395412 Severity: high Introduction ---- On July 28 2006 Mark Dowd McAfee Avert Labs reported a vulnerability found in modrewrite apache module to the bugtraq...

Netscape Concurrency-related Memory Corruption Vulnerability

The newest version of Netscape Browser is affected to so-called concurrency-related XML handler memory corruption vulnerability disclosed on Bugtraq recently. When visiting the test link http://lcamtuf.coredump.cx/ffoxdie.html included to the original vulnerability report related to Firefox brows...

Flock Concurrency-related Memory Corruption Vulnerability

The newest version of Flock browser is affected to so-called concurrency-related XML handler memory corruption vulnerability disclosed on Bugtraq recently. When visiting the test link http://lcamtuf.coredump.cx/ffoxdie3.html browser crashed after a delay of some seconds. No user interaction was...

K-Meleon Concurrency-related Vulnerability

The newest version of K-Meleon browser is affected to disclosed on Bugtraq recently. When using test link http://lcamtuf.coredump.cx/ffoxdie3.html browser crashed after a delay of some seconds. No user interaction was needed. Affected versions: Vulnerability has been confirmed in K-Meleon 1.0.1 i...

[SECURITY] [DSA 1153-1] New ClamAV packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1153-1 [email protected] http://www.debian.org/security/ Martin Schulze August 18th, 2006 http://www.debian.org/security/faq -...