iDEFENSE Security Advisory 10.13.05-2 - Remote exploitation of a buffer overflow vulnerability in multiple vendor's implementations of curl and wget allows attackers to execute arbitrary code. The vulnerability specifically exists due to insufficient bounds checking on user-supplied data supplied to a memory copy operation. iDEFENSE Labs has confirmed the following software versions are vulnerable: wget 1.10, curl 7.13.2, libcurl 7.13.2.
6ca0a080104f023ed49478d1c52cf6c338ea8b44a064333663bae90d8eb049b6
iDEFENSE Security Advisory 10.13.05-1 - Local exploitation of a buffer overflow vulnerability in XMail, as distributed with multiple vendors' operating systems, allows local attackers to execute arbitrary code with elevated privileges. iDEFENSE Labs has confirmed the existence of this vulnerability in XMail 1.21.
1b320b689bedead02c74ee3c697b8e7f048d9d58114241bfebf418570abc25d1
Secunia Research has discovered a vulnerability in AhnLab V3 Antivirus, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the archive decompression library when reading the filename of a compressed file from an ALZ, UUE or XXE archive. This can be exploited to cause a stack-based buffer overflow (ALZ), or a heap-based buffer overflow (UUE/XXE), when a malicious ALZ/UUE/XXE archive is scanned. Successful exploitation allows arbitrary code execution, but requires that compressed file scanning is enabled.
0bff14116cee96edd9a96cde5a18e497ac854da9b5c70332dd7da845b1b46b5d
Sec-1 has identified an exploitable buffer overflow within Collaboration Data Objects (Cdosys.dll and Cdoex.dll). The vulnerability exists when event sinks are used within Microsoft Exchange 2000 or Microsoft Mail services to parse e-mail content. Several Content Security packages were identified to be vulnerable/exploitable.
9f4f941c51cdd9e0d26f660aabaaad96258464fb7cea45f0278841f2584003a0
Ubuntu Security Notice USN-203-1 - Chris Evans discovered several buffer overflows in the RTF import module of AbiWord. By tricking a user into opening an RTF file with specially crafted long identifiers, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user.
76c702637dc3eb014767a04c7676321c0459eeef60f740776468d9162ea3fed1
Yapig versions 0.95b and below suffer from code injection and cross site scripting vulnerabilities.
1b89367e70367c6555029ed21e894a27887a5d9c998021069da8b702910b3d0a