Hardened-PHP Project Security Advisory: PHP open_basedir Race Condition Vulnerability.
49eb67c0bff58dce3693b82c5f4abd425e3367215ae98d376ea356a1d9f3368e
Several vulnerabilities in IPB exist that can force the admin to execute malicious SQL commands through the IPB SQL toolbox.
73d6a3bf7149192a423b428e91af1ebac4c45000f392f1a0bb99a05fc01acece
Yener Haber Script 2.0 suffers from an SQL injection vulnerability.
b4591ca1ba3a57bd93a3d97fb34194a8b434e75f9d9a7098353108f788f72f68
Mandriva Linux Security Advisory MDKSA-2006-179: Tavis Ormandy of the Google Security Team discovered a Denial of Service vulnerability in the SSH protocol version 1 CRC compensation attack detector. This could allow a remote unauthenticated attacker to trigger excessive CPU utilization by sending a specially crafted SSH message, which would then deny ssh services to other users or processes (CVE-2006-4924, CVE-2006-4925). Please note that Mandriva ships with only SSH protocol version 2 enabled by default.
31fb83ce2c362a1244555f594057b417fbdde1e1f799e524bb45fc87e23b7a67
Debian Security Advisory 1188-1: Several security related problems have been discovered in mailman, the web-based GNU mailing list manager. The Common Vulnerabilities and Exposures project identifies the following problems:
5675b2de9f810a586d9dde488257810c99b62c4af96f701c4b79c5c7ee52cdc1
Gentoo Linux Security Advisory GLSA 200610-01 - A number of vulnerabilities have been found and fixed in Mozilla Thunderbird. For details please consult the references below. Versions less than 1.5.0.7 are affected.
ae4b2bf6a7cdc96630eee662fd2f01e20f1c3d736930c5fd01f7f7af6087b59b
Gentoo Linux Security Advisory GLSA 200610-02 - The Adobe Flash Player contains multiple unspecified vulnerabilities. Versions less than 7.0.68 are affected.
8682b873b4449b172dafff9ad57df97004075e61bc5947bbc626fbc4da3955c8
Debian Security Advisory 1190-1: Oliver Karow discovered that the WebDBM frontend of the MaxDB database performs insufficient sanitising of requests passed to it, which might lead to the execution of arbitrary code.
f63cb2669b67cc9796104b9964345f84bd09f9f946fb982d59b60a5151a448a2
Debian Security Advisory 1189-1: Several remote vulnerabilities have been discovered in OpenSSH, a free implementation of the Secure Shell protocol, which may lead to denial of service and potentially the execution of arbitrary code.
02cad4dfc6a25e2dd2ea2481faecc958bf424315d407b46f562741c0d6ea3260
Ubuntu Security Notice 357-1: Sebastian Krahmer of the SuSE security team discovered that the System.CodeDom.Compiler classes used temporary files in an insecure way. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Under some circumstances, a local attacker could also exploit this to inject arbitrary code into running Mono processes.
aa139baf703e5dc316437d811887a074ddcede04fb9a0acdbba2dcc6981ac937
Ubuntu Security Notice 353-2: USN-353-1 fixed several vulnerabilities in OpenSSL. However, Mark J Cox noticed that the applied patch for CVE-2006-2940 was flawed. This update corrects that patch.
e669be9ccdea94b40360c9e75c4c166906d93b3b8fd47aa3e090fcc2fa0ecb44
Ubuntu Security Notice 358-1: ffmpeg, xine-lib vulnerabilities
1ad4664747ea5dc9a066ea4a2a438607ea6853815349a5167e20739a794e99b3
osCommerce contains a flaw that allows a remote cross site scripting attack.This flaw exists because the application does not validate 'page' param upon submission to multiple scripts in /admin folder.This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
e784c526382627be9844d4f29fd4a4705c81c062f03f08b832c9eeae8976a0de
Dr.Web 4.33 antivirus LHA long directory name heap overflow: When building a special LHA archive with a long directory name in an extended directory header, a fixed size buffer on the heap is overflowed. When processing this malicious archive, it is then possible to make Dr.Web run arbitrary code by overwriting some internal malloc management informations.
2a30296b1d42bc902eefd52faffa18b6b2e14bb10873a005d4d3df2b73a5ab6c
CAID 34661: CA Unicenter WSDM File System Read Access Vulnerability: Unicenter Web Services Distributed Management 3.1 uses a known vulnerable version of Jetty WebServer, an open source java web server. An advisory describing the Jetty WebServer vulnerability can be found at https://www.securityfocus.com/bid/11330. The vulnerability allows a remote attacker to gain full read access on the install partitions file system of the Unicenter WSDM host system through a directory traversal attack
59d313f06c61c6c3e14d15a2c66be546acd4d72d6e7daa4d3b078b9969a8198d
iDefense Security Advisory 10.02.06: Remote exploitation of a DoS vulnerability in Novell Inc.'s GroupWise Messenger could allow attackers to crash the Messenger server.
08fe0b130f5994748693d0868c3ba77e6017f17e4f49b94a123aa2494b31d195
FreeBSD 5.2 and prior shmat local kernel exploit.
f115f3bd68abfe5196acc1e163784d94ea90217661b8b2c5a61be2b9797c191e
HPSBUX02157 SSRT061220 rev.1 HP-UX Running Ignite-UX Server, Remote Unauthorized Access and Privilege Elevation: A potential security vulnerability has been identified in HP-UX running the Ignite-UX server. The vulnerability could be exploited to allow a remote unauthorized user to gain root access to the system running the Ignite-UX server.
81346cca3f04cae58e84251e25ca121b182ae9afa2a9aca2d13b0a7cc432f9d7
HPSBUX02129 SSRT061149 rev.1 - HP-UX running SLP, Remote Unauthorized Access: A potential security vulnerability has been identified in HP-UX when running Service Locator Protocol (SLP).The vulnerabilit y could be exploited by a remote user of Service Locator Protocol (SLP) for unauthorized access.
f5a6eb5575a32d881bf444286af32d1ecd0a3df2602c46c2a0c43b6ad532f865
National Cyber Alert System Technical Cyber Security Alert TA06-275A: Multiple Vulnerabilities in Apple and Adobe Products
5ed461803c9cb7d5e4c286b90864ac53794a47e7cdb3892f52746d42ada972ee
Pebble 2.0.0 RC1 and 2 suffer from a cross site scripting vulnerability.
08a5e732869950e08e91c781c24e82104a020041dcae765ae6d6b23413dffc6f
Aimject facilitates man-in-the-middle attacks against AOL Instant Messenger's OSCAR protocol via a simple GTK interface.
5e23f13f4df0e76d70be2e7172cebdbc3306215726fa47e539dcfe6080b57cc0
McAfee ePolicy Orchestrator 3.5.0 contains a pre-authentication buffer overflow vulnerability in NAISERV.exe. Protection Pilot 1.1.0 uses the same HTTP server, and is also vulnerable.
b10041868084225e62f4a63f86c4fb4e2f49df32ae08ccc857170b2bfe9a4c39
IBM Informix (IDS) V10.0 suffers from several flaws that could allow an attacker to overwrite any file on the system or inject commands into the installer scripts.
e299b03aa62557f2b9a2a6bba84f0efdb77c22a8264d634d77e8361c2c039429
EasyBannerFree suffers from a remote file inclusion vulnerability in functions.php.
9b893740a21ec833f32fc15da276c2a776806d2a60be53cad0f0d3554f13ccb1