iDefense Security Advisory 03.23.07 - Remote exploitation of a design error vulnerability in Sun Microsystems Inc.'s Java System Directory Server 5.2 may cause a denial of service (DoS) condition. Due to a design error in the clean-up code following certain types of failed queries, it is possible to cause the server to call the free() function on an address obtained from uninitialized memory. This can result in an invalid memory reference leading to denial of service. iDefense has confirmed Sun Java System Directory Server 5.2 Directory Server 5.2 2005Q4 is affected by this vulnerability. Previous versions are also suspected to be vulnerable.
ac099f40ba061feb00a83559d6cf6b62136a18047a4e3275d989b8ac93005f93
iDefense Security Advisory 03.23.07 - Remote exploitation of a password bypass vulnerability in DataRescue Inc.'s IDA Pro Remote Debugger Server allows attackers to execute arbitrary code under the context of the user who is running the remote debugger server. iDefense has confirmed the existence of this vulnerability in the remote debugger server for Windows and Linux from IDA Pro versions 5.0 and 5.1. It is suspected that the MacOS X version and earlier versions are also affected.
42f604e14359b9b4a03f0fa1da10b72bf3727d2df3a4fba8fc808d996e1f5c64
Fuzzled is a powerful fuzzing framework. Fuzzled includes helper functions, namespaces, factories which allow a wide variety of fuzzing tools to be developed. Fuzzled comes with several example protocols and drivers for them.
756d0936668277d0a6e297852e5b8e31741e59e53616005718f5af29870b22fe
MetaSploit exploit for the remote buffer overflow issue in dproxy versions 0.5 and below.
93a48384d4123533a4cf4d4b95a8e2faf0006039c1860712e18e3f39485121bc
dproxy suffers from a typical buffer overflow condition, which allows an attacker to overwrite the stack. Version 0.5 and below are affected.
105b19b9f636ba774d84d4ddd91b39ff45110d8e236554da8ee19b7dd5e116e5
PHP version 5.1.6 is susceptible to a CRLF injection vulnerability via its ftp function.
f3825b2d25c295cf9de3071ddb0bfea280c955c959b67780920ef24227d22cf4
The Microsoft Vista Windows mail client is susceptible to a code execution vulnerability when a user clicks on a maliciously prepared link. Vista's mail client will execute any executable file if a folder exists with the same name.
9d93de47a83e7df885f822a52d0a58a108b0400d364a74a1b91a71cba896cba2
Debian Security Advisory 1272-1 - Moritz Jodeit discovered an off-by-one buffer overflow in tcpdump, a powerful tool for network monitoring and data acquisition, which allows denial of service.
c8497a12417b48772854183a14c2c44e852095ad18b8e140406184cb5bfef42b
A remote file inclusion vulnerability exists in Coppermine Photo Gallery.
984508ca1c5a9e8ca3d2241f98b27bac20aa6ab5016c69af156840cd79f6f35d
The Takebishi Electric DeviceXplorer SYSMAC OPC server has security vulnerabilities, allowing an attacker with access to the OPC interface to arbitrarily read and write the process memory, potentially leading to the execution of attacker-provided code.
51dbc8b41d20e28402e3f86a60d2bb549b073e580e6fbcfd89790242dce2a2ca
The Takebishi Electric DeviceXplorer MODBUS OPC server has security vulnerabilities, allowing an attacker with access to the OPC interface to arbitrarily read and write the process memory, potentially leading to the execution of attacker-provided code.
8cb33ba0ad4a128adf09db399a145e6e72c12a1b7920968c282f9e760c06697d
The Takebishi Electric DeviceXplorer FA-M3 OPC server has security vulnerabilities, allowing an attacker with access to the OPC interface to arbitrarily read and write the process memory, potentially leading to the execution of attacker-provided code.
52af4b4375b268850339d5b6df527f40e730e7722cacafcf9729cd0917d237b3
The Takebishi Electric DeviceXplorer MELSEC OPC server has security vulnerabilities, allowing an attacker with access to the OPC interface to arbitrarily read and write the process memory, potentially leading to the execution of attacker-provided code.
7af1ceb7670494e47ccb84c3bcb86b5dbed005eb143f1fd8bfb4d891ea6ba6d1
The Takebishi Electric DeviceXplorer HIDIC OPC server has security vulnerabilities, allowing an attacker with access to the OPC interface to arbitrarily read and write the process memory, potentially leading to the execution of attacker-provided code.
2daa115b0cc754c5e67f369025f7c8c0005d004b429f3a2174e65293cf1605e5
The NetxEIB OPC server has security vulnerabilities, allowing an attacker with access to the OPC interface to arbitrarily read and write the process memory, potentially leading to the execution of attacker-provided code.
cc5e3497ad3b9ec1cd94870fa3bd4f9ddecf05dc27580164d21b98968bfffa6d
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
cd2e7e5ea479d50982b08334b1f4477a6620e6b45bc79ab55ddd07b128c64611
Mandriva Linux Security Advisory - Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
4f62b3eb1cb4026205e69534e90bbacb7ac28fc6d2861ee53df14c830e1f91a7
Mandriva Linux Security Advisory - Due to an internal error Squid-2.6 is vulnerable to a denial of service attack when processing the TRACE request method. This problem allows any client trusted to use the service to perform a denial of service attack on the Squid service.
462ae1a336df1deaf247df7072ada040b0c6d14b56480b78c4739e9e3625a08a
Mandriva Linux Security Advisory - Jean-Sebastien Guay-Leroux discovered an integer underflow in the file_printf() function in file prior to 4.20 that allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
73404ee6b9cfa61253385a98da5075f54bc1d529bf4bec08ee9a5925329ba5c3
Exploiting Microsoft DNS dynamic updates for fun and profit.
c5ab6320f2c6c4fb706f554131fc0d9e5bb76c5ef5653d4c5995ddca09bf0050
Ubuntu Security Notice 440-1 - Stefan Streichbier and B. Mueller of SEC Consult discovered that MySQL subselect queries using "ORDER BY" could be made to crash the MySQL server. An attacker with access to a MySQL instance could cause an intermittent denial of service.
33e5f204a3d9b0571211cfe65ed8b364116c5c7461b05b0ff2f21ab78ba1842e
Ubuntu Security Notice 439-1 - Jean-Sebastien Guay-Leroux discovered that "file" did not correctly check the size of allocated heap memory. If a user were tricked into examining a specially crafted file with the "file" utility, a remote attacker could execute arbitrary code with user privileges.
4d1da7553bbccf35ace2f6eff54746863923585f6832730a046e7187e47d88b2
Study Planner versions 0.15 and below suffer from a remote file inclusion vulnerability.
388e9f1ca8959efd2f10582c9a993dffe0de7f844e38ba572a05081033a1272d
FutureSoft TFTP Server 2000 remote SEH overwrite exploit.
2bd9f22a291deb5d7af97f99679568dc161829efc07ea1fc0050e0ce3ca6dff0
Ethernet device drivers frame padding information leakage exploit.
9ae933732d77ccfa5d3fe1968e818678cd2d78a76c646d90e1bcc999d19d34b7