Debian Security Advisory 1064-1 - Jason Duell discovered that cscope, a source code browsing tool, does not verify the length of file names sourced in include statements, which may potentially lead to the execution of arbitrary code through specially crafted source code files.
a8f89bb398482ee717fa362c1ff589782d14c3ee78fc72897267ebcae14a238c
Debian Security Advisory 1063-1 - It was discovered that the Avatar upload feature of FUD Forum, a component of the web based groupware system phpgroupware, does not sufficiently validate uploaded files, which might lead to the execution of injected web script code.
f7dac0190d87de2d92872a8ed14a750a541584f1a2bf3647c72cb9bd5a4dd07e
Debian Security Advisory 1062-1 - Sven Dreyer discovered that KPhone, a Voice over IP client for KDE, creates a configuration file world-readable, which could leak sensitive information like SIP passwords.
e43eb68f8838660ad158fd5e58baf434c116bd1ae06411fbb74caf6694f547af
Debian Security Advisory 1061-1 - It has been discovered that popfile, a bayesian mail classifier, can be forced into a crash through malformed character sets within email messages, which allows denial of service.
794c9be43b21a0e1c3a7e613d8510132482984ce6f881246103a76d22c8b6fa1
Debian Security Advisory 1060-1 - Jan Rekorajski discovered that the kernel patch for virtual private servers does not limit context capabilities to the root user within the virtual server, which might lead to privilege escalation for some virtual server specific operations.
3aed17cd99ab1e88ef9b9ecf145d04d6aab679c71dbb3ee300592441a9776506
Debian Security Advisory 1059-1 - Konstantin Gavrilenko discovered several vulnerabilities in quagga, the BGP/OSPF/RIP routing daemon.
05a4815402c308b3630832927737df765e27fab26aad5aa38609893c47f07684
Secunia Research has discovered a vulnerability in CAM UnZip versions 4.0 and 4.3, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when listing the contents of a ZIP archive. This can be exploited to cause a stack-based buffer overflow when a malicious ZIP archive containing a file with an overly long filename is opened.
15e13f5a99e65b3adbc306a4ea2fa32d802e0121972b3078e9f2fecd56fb97b1
Zeppoo is a tool that attempts to detect if a rootkit is installed on your system. It also makes it possible to detect hidden tasks, modules, syscalls, some corrupted symbols and also hidden connections.
1439e67ba34b17d65f91964b263fe41d50d6bfb583255b37e624438d716f2378
Debian Security Advisory 1058-1 - Hendrik Weimer discovered that specially crafted web requests can cause awstats, a powerful and featureful web server log analyzer, to execute arbitrary commands.
bf251c2b8efacad2aecb9fedc70d83cd7632034bd70224a9c351cddfaf835dcf
CYBSEC Security Advisory - The SAP sapdba command for Informix versions prior to 700 and version 700 up to patch number 100 is susceptible to a local privilege escalation flaw.
d0bb0296b74b8630d49c49d2a5a2b787bb7acd1aa5e70e8c1d5bfd9da9d8fd23
AspBB version 0.5.2 is susceptible to cross site scripting attacks.
81092cd7b89b337d129aedbb50429aae3ae520a3542cb4e14884f6a58b0553c9
When an unsuspecting user installs Diesel PHP Job Site on their webserver, all information is emailed back to the original programmers of this software. This information is sent from install.php, which includes the database host, database name, username, and password used to connect.
5d5b0dd0d3e52882f08f1ee23035cf6d6d17e1037ea7dd9e74b2ca1c2e0a0c95
Cosmoshop versions 8.11.106 and below suffer from SQL injection and directory traversal flaws.
8b27208612e77657b4af85607e71e76051898f89a6acde4b8fb317e982698949
Bitrix CMS version 4.1.x suffers from cross site scripting flaws.
0a9cf4670ec929144c3b5ac12abe825fb3c9fc9d4113ac66499d5bad270cf005
The Avatar MOD gives portal administrators the ability to upload avatar images to be used within the forum. CodeScan located a file upload vulnerability in the avatar_upload.asp which can be exploited by a remote user to upload any arbitrary file. Affected is Avatar MOD versions 1.3 for Snitz Forums version 3.4.
2eb62ab93715f9d4ee641a79883e816bcfc429ad114f94872a12317cca26fde8
Proof of concept exploit for heap overflow vulnerabilities in libextractor versions 0.5.13 and below.
82207e575d47751f0ae1e30db5cf23f98ea05d95b35f094cfcb0cd9d730403e5
libextractor versions 0.5.13 and below suffer from multiple heap overflows.
67e762bfcd88ce4d4a552497a2bbc957de99d2ca971120e729381cad99d4e5f1
Mobotix IP Network Cameras suffer from multiple cross site scripting flaws. M10 version 2.0.5.2 and M1 version 1.9.4.7 are affected.
4cb8a42bae57c9821b121d9e4fffd82812f0a361d2b80bfac2bf0cc4ff91b998
Single CPU Sun systems running Solaris 7, 8, and 9 are all susceptible to a simple denial of service attack using ping.
d315910b29d305a1f62fa06a1d5db2fe016935aa6e141bdc1fdb2d57ba66a3a9
Spymac WOS V is susceptible to multiple cross site scripting flaws.
1d37ec6d926fe9255f317bcdeffa9eb829783c5b33b7aeacd0774e7b8a4ce248
Firefox version 1.5.0.3 with IE Tab version 1.0.9 on Windows XP/2k suffers from a null pointer dereference bug.
cc0015c8a3dbf991cbe4abdd828b84520776ba42c305e028b8812cb6094baab5
This paper discusses a simple technique for injecting code by manipulating hidden form fields.
0b4cb3450ed6fb3cf6fe7f9d2db8b581e808fc233c702aef0904dc6adfa52162
Newsportal versions 0.36 and below are susceptible to a remote file inclusion vulnerability.
32c4e976a967338de5ae840b79ab388e3060aed45b545db64ded9e4d59ab81cd
myBloggie version 2.1.3 is susceptible to CRLF and SQL injection attacks.
450a90581b32d4d771b1b5c3e091773978e9e5146b232cb85a5acaf3d71f4d15
Ipswitch What's Up Professional 2006 is vulnerable to a spoofing attack whereby the attacker can trick the application into thinking he/she is making a request from the console (which is considered trusted). This attack will allow the attacker to bypass the authentication mechanism of the application and login without credentials.
c45af487c7e701523e3170d31c0f127bc7bab3856ae1e9d76f301b7c98ab5dcd