Researchers Ponder When to Notify Users of Public Vulnerability Exploits

BERLIN–Just whispering the words “vulnerability disclosure” within earshot of a security researcher or vendor security response team members can put you in fear for your life these days. The debate is so old and worn out that there is virtually nothing new left to say or chew on at this point...

KLA10025 DoS vulnerability in GOM Media Player

An unspecified vulnerability was found in the GOM Media Player. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited from the network at a point related to an unknown application via a specially designed .WAV file. Original advisories N...

KLA10078 DoS vulnerability in B-e-soft Artweaver

A buffer overflow vulnerability was found in Artweaver. By exploiting this vulnerability malicious users can cause denial of service and possibly execute arbitrary code. This vulnerability can be exploited from the network at a point related to unknown applications via a specially designed AWD...

Linux Kernel Sendpage Local Privilege Escalation

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

KLA10356 Multiple vulnerabilities in pcAnywhere

Multiple serious vulnerabilities have been found in Symantec products. Malicious users can exploit these vulnerabilities to obtain access to client information or cause denial of service. Below is a complete list of vulnerabilities 1. lack of client state control can be exploited remotely by...

KLA10394 Multiple vulnerabilities in Siemens

Multiple critical vulnerabilities have been found in Siemens products. Malicious users can exploit these vulnerabilities to read & modify arbitrary files, cause denial of service, execute arbitrary code, bypass authentication, obtain access and inject arbitrary HTTP headers. Below is a complete...

KLA10034 Critical Vulnerabilities in Adobe Photoshop Elements

Multiple buffer overflow vulnerabilities have been found in Adobe Photoshop Elements. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary code via specially designed .grd & .abr files. Original advisories Adobe bulletin Exploitation Public exploits...

Linux 2.6.x fs/pipe.c local root exploit

No description provided by source. For those who were not yet aware, there is at least 3 public exploits since 11/05/2009 for CVE-2009-3547 targeting all linux kernels from 2.6.0 to 2.6.31 included. Since spender and fotis have already release their own, there is not need for us to keep this on o...

MS Internet Explorer 7 Memory Corruption Exploit (MS09-002) (xp sp2)

Exploit for unknown platform in category remote exploits ==================================================================== MS Internet Explorer 7 Memory Corruption Exploit MS09-002 xp sp2 ==================================================================== // Skyland win32 bindshell 28876/tcp...

KLA10186 Multiple vulnerabilities in HP Quick Launch Button

Multiple serious vulnerabilities have been found in HP Quick Launch Button. Malicious users can exploit these vulnerabilities to read and write arbitrary registry entries or execute arbitrary programs Below is a complete list of vulnerabilities 1. Vectors related to GetRegValue and SetRegValue ca...

KLA10093 Multiple vulnerabilities in CA software

Multiple serious vulnerabilities have been found in ARCserve Backup. Malicious users can exploit these vulnerabilities to execute arbitrary code or cause denial of service. Below is a complete list of vulnerabilities 1. A buffer overflow can be exploited remotely via specially designed RPC...

curl/wget

New curl packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current, and new wget packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current. These address a buffer overflow in NTLM handling which may present a security problem, though no public exploits are...