CVE-2009-3883

Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel PL&F feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug...

CVE-2009-3882

Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026...

Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability

Multiple Transport Layer Security TLS implementations contain a vulnerability when renegotiating a TLS session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack. The vulnerability exists during a TLS renegotiation process. If an attacker can intercept...

CVE-2009-3374

The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to...

[SECURITY] Fedora 11 Update: python-markdown2-1.0.1.15-1.fc11

Markdown is a text-to-HTML filter; it translates an easy-to-read / easy-to-write structured text format into HTML. Markdown's text format is most similar to that of plain text email, and supports features such as headers, emphasis, code blocks, blockquotes, and links. This is a fast and complete...

Microsoft Silverlight和.NET Framework CLR接口处理远程代码执行漏洞(MS09-059)

Bugraq ID: 36611 CVE ID：CVE-2009-0090 Microsoft .NET Framework是一个流行的软件开发工具包。 Microsoft .NET Framework存在一个远程代码执行漏洞，允许恶意Microsoft .NET应用程序获得一个可管理的指针给长久不使用的栈内存，恶意Microsoft .NET应用程序之后可使用此指针修改位于之后栈中的合法值，导致任意未管理的代码执行。 目前没有详细漏洞细节提供。 Microsoft .NET Framework 1.x Microsoft .NET Framework 2.x Microsoft .NE...

ProFTPd 1.3.0 mod_ctrls Local Stack Overflow (opensuse)

Exploit for unknown platform in category local exploits ======================================================= ProFTPd 1.3.0 modctrls Local Stack Overflow opensuse ======================================================= Title: ProFTPd 1.3.0 modctrls Local Stack Overflow opensuse CVE-ID: OSVDB-ID...

ProFTPd 1.3.0 mod_ctrls Local Stack Overflow (opensuse)

No description provided by source. !/usr/bin/perl -w Exploit for the ProFTPd modctrls vulnerability. Stack Overflow in function int prctrlsrecvrequestprcrlsclt cl unchecked buffer for arguments of the module connects to the unix domain socket and sends a string that is longer than the buffer...

OpenSwan / StrongSwan multiple security vulnerabilities

Multiple vulnerabilities in IKE implementation...

SuSE 11 Security Update : Sun Java 1.6.0 (SAT Patch Number 1163)

The Sun Java JRE /JDK 6 was updated to Update 15 fixing various security issues. - The audio system in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by 1 untrusted applets and 2 Java...

Dialysis hacking techniques of penetration of the firewall to the Shellcode-exploit warning-the black bar safety net

Summary 1. Remote shellcode several ways 2. Reuse the current connection technology of some of the issues and advantages 3. Win32 platform-specific implementation 4. Linux x86 platform specific implementation 5. AIX PowerPC platform-specific implementation Implementation introduction 1...

nginx DNS cache poisoning

Invalid implementation of caching algorithm...

DSA-1888-1 openssl - cryptographic weakness

Bulletin has no description...

CVE-2009-3076

CVE-2009-3076 is a vulnerability in Mozilla Firefox prior to 3.0.14, where dialogs for PKCS#11 module addition/removal are not informative. This could allow remote attackers to trick users into installing/removing an arbitrary PKCS#11 module. The connected MiracleLinux advisory confirms Firefox 3...

CVE-2009-2346

CVE-2009-2346 affects the IAX2 protocol implementation in Asterisk (multiple releases across 1.2.x/1.4.x/1.6.x lines and Business/C.x branches; s800i) and allows a remote attacker to exhaust the call-number space by issuing a high volume of IAX2 messages, causing a denial of service. Connected ad...

CVE-2009-2698

The udpsendmsg function in the UDP implementation in 1 net/ipv4/udp.c and 2 net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash via vectors involving the MSGMORE flag and a UDP socket...

CVE-2009-2698

The udpsendmsg function in the UDP implementation in 1 net/ipv4/udp.c and 2 net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash via vectors involving the MSGMORE flag and a UDP socket...

Null pointer dereference

The udpsendmsg function in the UDP implementation in 1 net/ipv4/udp.c and 2 net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash via vectors involving the MSGMORE flag and a UDP socket...

CVE-2009-2698

The udpsendmsg function in the UDP implementation in 1 net/ipv4/udp.c and 2 net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash via vectors involving the MSGMORE flag and a UDP socket...

kernel: udp socket NULL ptr dereference

The udpsendmsg function in the UDP implementation in 1 net/ipv4/udp.c and 2 net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash via vectors involving the MSGMORE flag and a UDP socket...