Ubuntu Security Notice USN-766-1 - It was discovered that acpid did not properly handle a large number of connections. A local user could exploit this and monopolize CPU resources, leading to a denial of service.
dc3f1cf387c2f5a1beee0128fcfbb0fb81293418e585e2785559d4491fae2084
Ubuntu Security Notice USN-761-2 - USN-761-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 9.04. Original advisory details: It was discovered that PHP did not sanitize certain error messages when display_errors is enabled, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. It was discovered that PHP did not properly handle certain malformed strings when being parsed by the json_decode function. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 and 8.10.
6f6e34a7e1f868afac7b08717f7988445bf15f42f9f330b10b088428ac39d08e
Mandriva Linux Security Advisory 2009-099 - The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro. Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays. The updated packages have been patched to correct these issues.
2e569807acb2c17926c793d01b802bde70b62b12ff6fcf105af9193ac070266b
Mandriva Linux Security Advisory 2009-096 - Multiple overflows in relation to the Ghostscript code base also affect the printer-drivers package. The previous update went with a wrong require version of perl-base in the foomatic-db-engine package. It is fixed on this update.
10427fbc3d79e97597b7b3890a3f548ff78e24c923d7d9a2fe2d3811d36b02b7
Mandriva Linux Security Advisory 2009-098 - The MIT Kerberos 5 package suffers from denial of service and code execution vulnerabilities.
c3d3e4274812b9c2cce624dd05968c9b06064f2095293045b170f7bb2707e171
Adobe Reader javascript this.spell.customDictionaryOpen exploit.
2429c9f8c7f71679b1f70ba073ecb40d9b91f22c7d2c216b5e3d1a0032536d24
Adobe Reader javascript getAnnots exploit.
d56dbe8308e6ff097410ef71947d9fe55b98ca39707fd13fd6e07b91edb9c8bd
The Aladdin eSafe parsing engine can be bypassed by a specially crafted and formatted archive file.
bd8bc62ccc20c7336a31c7fa6429f28146402aba1afd6d44405f7bc420581150
The Comodo Antivirus parsing engine can be bypassed by a specially crafted and formatted RAR archive.
18b393059b9194ffe44de9030e73d9f2b01ee62075973b7408323109bf2feb1f
The Avira Antivirus parsing engine can be bypassed by a specially crafted and formatted CAB archive.
9b038c8e5f10a03ac624831a08698ba08315d147290d5e5bb33799922ee5499f
T2'09 Call For Papers - Announcing the annual T2´09 conference, which will take place in Helsinki, Finland, from October 29 to 30, 2009. They are looking for original technical presentations in the fields of information security. Presentations should last a minimum of 60 minutes and a maximum of two hours and be presented in English.
f0297642c1912adc25392c5eb9d075cfb7dbba1428039354b7a476457b39b0e4
HP Security Bulletin - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code.
1a258654f26d113ca7f3e730ac4ddf85705926425fdf1b07c191de42377e51f0
Certain Precidia Ether232 devices contain memory overwrite and authentication flaws.
06fb4c4901b1eb607950569d3671220ffcada129d7ffa0f6286d14c5ba666cc3
Thickbox Gallery version 2 suffers from a local file inclusion vulnerability.
79180ea5dc5d99dcce0d11b5d5cbfce12d4b81089af59929c0d69097c710ad66
ABC Advertise version 1.0 suffers from an administrative password disclosure vulnerability.
f836d7c51a959f97d6a016121608a140d444d55b8301fb8eee17795d662829dc
SDP Downloader version 2.3.0 local buffer overflow exploit that creates a malicious .asx file.
59757d3633e5ee0e9373f51cfe41d1852572b7d99d835b4749c8c0a3b4825011
Destiny Media Player version 1.61 local buffer overflow exploit.
9fb90fe1cf75d30ba11227875c35d0e2528ecbd8bd9e16d9cd913331ef63cd63
libvirt_proxy versions 0.5.1 and below local privilege escalation exploit.
d6a86f33d2c8f6b21caeda9e12fe29f7be896e99bc24a3e50439a596759674f8
The Comtrend HG536+ suffers from privilege escalation, default credentials, password disclosure, and various other vulnerabilities.
ad282ac53c0926f879f70e779c39a0172eba25c346f54c07c4991ede96d12937
ECSHOP version 2.5.0 suffers from a remote SQL injection vulnerability.
65a2c3837d4971d0b0e189f0b7c22721cd6b465ebe6365f8e8dac331fcc7e846
Siqma Electronic Shop (SES) suffers from a remote SQL injection vulnerability.
b4eb565160925a4f17bf8a5a93286558f033f359f666c06563c60ed4b6608cce
Hzzp is a HTTP compliant client and server fuzzer. Hzzp's main features include HTTP response and request fuzzing, authentication fuzzing, query parameter fuzzing, and automatic or manual exploit generation.
7407b05d1cf6bb1faff9f84cb8b6c90807c711fc7d4cb78481ca10533173aeea
EZ-blog version 1 Beta2 suffers from SQL injection and shell upload vulnerabilities.
64fb6571f5920bff78bee52910bd48f879880543f18ace534242d6f448e448b0
DEW-NEWphpLinks version 2.0 suffers from local file inclusion and cross site scripting vulnerabilities.
d82381f3e79bb124a96e9625bd1392b6f7608b4f44c15e2ff326354e9adfd097
Whitepaper called Routers and Routing process explanation through NAT. Written in Italian.
8d635de93299b7ca1492865c8710e2ebcac9f0da28f4fe76ce57ee282bfe8bf4