ghostscript-poc.txt
Proof of concept exploit that demonstrates a buffer overflow vulnerability in Ghostscript versions 8.61 and below.
View ArticleOpen Source CERT Security Advisory 2008.8
The xine free multimedia player suffers from a number of vulnerabilities ranging in severity. The worst of these vulnerabilities results in arbitrary code execution and the least, in unexpected process...
View ArticleOpen Source CERT Security Advisory 2008.12
Two cross-site scripting (XSS) vulnerabilities were reported in Horde Framework. The first of which is that the Horde framework fails to properly sanitize the filename of MIME attachments on received...
View ArticleOpen Source CERT Security Advisory 2008.16
Several functions inside the OpenSSL library incorrectly check the result after calling the EVP_VerifyFinal function. This bug allows a malformed signature to be treated as a good signature rather than...
View ArticleOpen Source CERT Security Advisory 2009.2
The OpenCORE multimedia decoding subsystem suffers from an insufficient bounds checking vulnerability during MP3 decoding. Versions 2.0 and below are affected.
View ArticleOpen Source CERT Security Advisory 2008.15
Base64 encoding and decoding functions in glib suffer from vulnerabilities during memory allocation which may result in arbitrary code execution when processing large strings. A number of other...
View ArticleOpen Source CERT Security Advisory 2009.1
Pango suffers from an integer overflow during heap allocation size calculations.
View ArticleOpen Source CERT Security Advisory 2009.6
Android, an open source mobile phone platform, improperly checks developer certificates when installing packages that request the shared user identifier (uid) permission. Android versions greater and...
View ArticleOpen Source CERT Security Advisory 2009.16
Both the Poppler and Xpdf projects are vulnerable to an integer overflow during heap memory allocation when processing a PDF file. In general, this results in unexpected process termination. If an...
View ArticleApple OS X iTunes 8.1.1 ITMS Overflow
This Metasploit modules exploits a stack-based buffer overflow in iTunes itms:// URL parsing. It is accessible from the browser and in Safari, itms urls will be opened in iTunes automatically. Because...
View Article
