libpurple-based applications broadcast the plaintext of OTR (off-the-record) conversations over DBUS. This makes the plaintext available to other (possibly unrelated) applications executing under the same user. Also, due to a design flaw in libpurple, the user’s choice of not logging OTR plaintext on Pidgin is not communicated over to the third party applications listening on DBUS. This may lead to unintentional (on disk) logging of private messages.

Netvolution v2.5.8 is vulnerable to a blind SQL injection attack in the HTTP “referer” header. A malicious user may utilize this vulnerability to modify content on the vulnerable website, inject malicious javascript code to a visitor’s browser, collect CMS usernames and plaintext passwords and, in some cases, execute commands on the system hosting the database server. This is a critical vulnerability since it does not require authentication and its exploitation may go undetected.

We have discovered two improper input validation vulnerabilities in the FreeBSD kernel’s NFS client-side implementation (FreeBSD 8.0-RELEASE, 7.3-RELEASE and 7.2-RELEASE) that allow local unprivileged users to escalate their privileges, or to crash the system by performing a denial of service attack.

We have discovered a remotely exploitable “improper input validation” vulnerability in the Monkey web server that allows an attacker to perform denial of service attacks by repeatedly crashing worker threads that process HTTP requests.

We have discovered a remotely exploitable “improper input validation” vulnerability in the CoreHTTP web server that leads to an off-by-one stack buffer overflow. The vulnerability can lead to denial of service attacks against the web server and potentially to the remote execution of arbitrary code with the privileges of the user running the server.

We have found an off-by-two stack buffer overflow in the Linux kernel SUNRPC implementation. Linux kernel versions from 2.6.32 to 2.6.32-rc7 are affected.

We have discovered an “improper input validation” vulnerability in the gif2png utility that leads to a stack buffer overflow.

We have discovered an “arbitrary file overwrite” vulnerability in libtorrent that allows an attacker to create and modify arbitrary files (and directories) in remote systems, with the effective rights of the user executing the vulnerable libtorrent-based application.

We have found that Debian packages of the GNU libc library (versions prior to and including 2.7) provide a static (i.e. guessable) canary value to all applications armoured with the gcc SSP mechanism.