Debian DSA-1949-1 : php-net-ping - programming error

It was discovered that php-net-ping, a PHP PEAR module to execute ping independently of the Operating System, performs insufficient input sanitising, which might be used to inject arguments no CVE yet or execute arbitrary commands CVE-2009-4024 on a system that uses php-net-ping. %NASLMINLEVEL...

Debian DSA-1837-1 : dbus - programming error

It was discovered that the dbussignaturevalidate function in dbus, a simple interprocess messaging system, is prone to a denial of service attack. This issue was caused by an incorrect fix for DSA-1658-1. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks...

Top 25 Dangerous Programming Errors Updated

The 2010 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of widespread and critical programming errors that can lead to serious software vulnerabilities. Read the full article. Common Weakness Enumeration/Mitre...

EasyFTP Server 1.7.0.2 - (Authenticated) Buffer Overflow (PoC)

EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow PoC !/usr/bin/python Title: EasyFtp Server v1.7.0.2 Post-Authentication BoF PoC From: The eh?-Team || The Great White Fuzz we're not sure yet Found by: loneferret Hat's off to dookie2000ca Date Found: 13/02/2010 Developer contacted: 14/02/201...

PLS PLA WMDownloader Proof Of Concept

!/usr/bin/python . . | / | | \ \ | / / |\ \ \ |/ // / /\ \ / |/ \ / // | / | | / \ /|\ / / / / \ / \ / / / \ | | /\ /\ / \ | \ // est.2007 / / forum.darkc0de.com Greetz to all Darkc0de ,AI,ICW Memebers Shoutz to r45c4l,j4ckh4x0r,silic0n,smith,baltazar,d3hydr8,FB1H2S,...

UltraISO 9.3.6.2750 Local Buffer Overflow POC (0day)

Exploit for unknown platform in category dos / poc ==================================================== UltraISO 9.3.6.2750 Local Buffer Overflow POC 0day ==================================================== /ccd overflow string=10974 bytes img file size=109974 bytes ccd file size=11812 / include...

DSA-1841-2 git-core - correct build failure introduced in DSA-1841-1

Bulletin has no description...

CamShot 1.2 - Overwrite (SEH)

CamShot SEH overwrite by tecnik import socket, sys if lensys.argv!=2: print "Usage: camshot.py " exit s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.connectsys.argv1,80 print "Sending Exploit to:" + sys.argv1 GET request + overflow string request ="GET /" request...

CentOS 3 / 4 / 5 : gzip (CESA-2010:0061)

An updated gzip package that fixes one security issue is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gzip package provides the GNU gzip data compression program. An integer underfl...

[SECURITY] Fedora 11 Update: ruby-1.8.6.383-6.fc11

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

[SECURITY] Fedora 12 Update: ruby-1.8.6.383-6.fc12

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

J 6.02.023 Array Overrun

J 6.02.023 Array Overrun code execution Author: Maksymilian Arciemowicz and sp3x http://SecurityReason.com Date: - Dis.: 07.05.2009 - Pub.: 08.01.2010 CVE: CVE-2009-0689 CWE: CWE-119 Risk: High Remote: Yes Affected Software: - J 6.02.023 Array Overrun code execution NOTE: Prior versions may also ...

BigAnt Server 2.52 - Remote Buffer Overflow (2)

BigAnt Server 2.52 - Remote Buffer Overflow 2 !/usr/bin/python BigAnt Server 2.52 remote buffer overflow exploit 2 Author: DouBleZer0 Vulnerability discovered by Lincoln a another version of the original exploit by Lincoln application is little hazy.. import sys,socket host = sys.argv1 buffer=...

PHP Update Fixes Bugs, Closes Holes

The PHP developers have released version 5.2.12 of their popular programming language, fixing over 60 bugs mainly to increase stability, but also closing some security holes. Read the full article. The H Security...

[SECURITY] Fedora 10 Update: ruby-1.8.6.368-2.fc10

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

Microsoft Visual Basic 6.0 VBP Project File Handling Buffer Overflow (CVE-2007-4776)

Microsoft Visual Basic is a tool for productively building type-safe and object-oriented applications. It allows developers to create a wide range of Windows, Web, mobile and Office applications. Visual Basic VB is an event driven programming language and associated development environment from...

[SECURITY] [DSA 1938-1] New php-mail packages fix insufficient input sanitising

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1938-1 [email protected] http://www.debian.org/security/ Steffen Joeris November 23, 2009 http://www.debian.org/security/faq -...

Oracle Database Server ctxsys.driload Access Validation (CVE-2004-0637)

Stored procedures are a powerful feature of an Oracle database server. They are essentially a set of SQL statements that are stored server-side, which are called by name and optionally passed a set of parameters. Stored procedures provide improved performance, because only data specific to the...

New pidgin packages fix arbitrary code execution

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1932-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 08, 2009...

XLPD 3.0 - Remote Denial of Service

XLPD 3.0 - Remote Denial of Service Application: XLPD 3.0 Remote DoS Platforms: Windows XP Professional SP2 crash: YES Exploitation: remote DoS Date: 2009-10-06 Author: Francis Provencher Protek Research Lab's 1 Introduction 2 Technical details 3 The Code =============== 1 Introduction...