Trustix Secure Linux Security Advisory #2005-0059 - Multiple vulnerabilities in apache, lynx, mod_php4, openssl, php4, php, squid, texinfo, and wget.
b4197c01fe5f684fdb98b3e5b534d68a67f885d006e32bc2b7bb8fef99c8c5f0
Hardened-PHP Project Security Advisory - And audit of phpMyAdmin revealed a design flaw in the way phpMyAdmin includes it's register_globals compatibility layer, that allows inclusion of arbitrary local files, which usually leads to remote code execution.
07c39621998dfc6ec31c6e8cee28b68e1549bc5e4f8dd5cf117ed955de7ddbc5
Gentoo Linux Security Advisory GLSA 200510-21 - Stefan Esser discovered that by calling certain PHP files directly, it was possible to workaround the grab_globals.lib.php security model and overwrite the $cfg configuration array. Systems running PHP in safe mode are not affected. Furthermore, Tobias Klein reported several cross-site-scripting issues resulting from insufficient user input sanitizing. Versions less than 2.6.4_p3 are affected.
bdc34b73151d595048e983ee59c1ac6b53aeef0310b18852111bdc00a67958ec
Gentoo Linux Security Advisory GLSA 200510-20 - Zope honors file inclusion directives in RestructuredText objects by default. Versions less than 2.7.8 are affected.
fa3508d05860a34beb4eaf6ad27147ade6dd88c2ba2ef0d5255a87e4300bf526
Gentoo Linux Security Advisory GLSA 200510-19 - iDEFENSE reported that insufficient bounds checking on a memcpy() of the supplied NTLM username can result in a stack overflow. Versions less than 7.15.0 are affected.
b403869cb001836a2a8f8c3b58aa4ab7d808f737aa05a63af0cbcdbbd522b133
BMC's Control M enterprise scheduling facility creates temporary files insecurely.
10159e46cbab518398523ed1786a87cbc0d512a8f648293114d56d7015f86202
[KAPDA::#8] Domain Manager Pro Vulnerability - A remote user can conduct cross-site scripting attacks.The 'panel' script does not properly validate user-supplied input at the 'err' parameter.So remote user can inject html script to fake login form and steal admin's password.
884d2c7cab6a1fb8491aefd45b26685f951bc1ff50e09b9c0295fdebbf165705
aRCHILLES Newsworld versions less than 1.5.0-rc1 suffer from multiple vulnerabilities including login bypass and information disclosure. POC and workarounds included.
9227656086e77f731c91ef4311c8666b9482d7c9442c448649307de93e6d155c
F.E.A.R. (First Encounter Assault and Recon) 1.01 is still vulnerable to a bug discovered in December 2004.
1bd561f56fa4976f859ecef647720e1eb9ae93c82482cbb22ccd4ed2d2c48187
Nuked klan 1.7 suffers from multiple XSS vulnerabilities.
007b2b8e0fea92b9aae3119a716f437e8d9879ce0387de9d16846c550ce487a8
SEC-CONSULT Security Advisory 20051021-0 - Since april 2005 SEC-Consult has found 5+ serious vulnerabilities within Yahoo's webmail systems. All of them have been fixed in the production environment. Nevertheless SEC-Consult believes that input-validation thru blacklists can just be a temporary solution to problems like this. From our point of view there are many other applications vulnerable to this special type of problem where vulnerabilities of clients and servers can be combined.
7a64cb8ab3b8e5a8f4156e727abc3f37614cab2407e89b76e8fa54c19d9a2919
SNS Advisory No.85 - Software XOOPS for building community websites contains multiple cross-site scripting vulnerabilities.
42ef2f7b204282e9348d3748062f73c7a8d9049e88f398ad78a5f593de24a6d8
SNS Advisory 84 - Oracle Application Server has vulnerabilities of HTTP Response Splitting. This makes possible to represent an unreal content as if it is real or to cause Cross Site Scripting attacks.
d2593262db3bce5fcc290a10c71016c69956f1b4127c661c1b9c404cf7abd8d5
SCO Security Advisory - iDEFENSE has identified a Buffer Overflow vulnerability in SCO Openserver backupsh. The backupsh utility is a standard binary distributed with Openserver 5.0.7 and earlier.
05597ecea3d8a0bd926b0282d3c7164ffc0d5a812b5296d3da2b44ba717b8f45
SCO Security Advisory - iDEFENSE has identified a Buffer Overflow vulnerability in SCO Unixware ppp prompt. Local exploitation of a buffer overflow vulnerability in the ppp binary, allows attackers to gain root privileges.
52844b9a3101e4ce8cadab981c41468ce7e578544ae531927abae4e4d937634b
iDEFENSE Security Advisory 10.20.05 - Local exploitation of a design error in the DiskMountNotify component of Symantec Corp.'s Norton Antivirus 9.0 for Macintosh may allow a user to gain elevated privileges. The vulnerability specifically exists in failing to specify an explicit PATH for the "/Library/Application Support/Norton Solutions Support/Norton AntiVirus/DiskMountNotify.app/Contents/MacOS/DiskMountNotify" binary.
ebecbb36ea10c4ab83e03fc878e06f2189ffdd7121fc3cc14da3f15fa860cb0a
iDEFENSE Security Advisory 10.20.05 - Local exploitation of a design error in the LiveUpdate component of Symantec Corp.'s Norton Antivirus 9.0 for Macintosh may allow a user to gain elevated privileges.
e72e0eb45f151aca7593af2915144cd93a7044b126e87bd6a8c95dd626e2649b
Secunia Security Advisory - Some vulnerabilities have been reported in Mantis, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
984383cb421f6ccc88debbc3effe23d50a2f4c813b2109e8256b605222bee8ca
Secunia Security Advisory - Lostmon has reported some vulnerabilities in Flyspray, which can be exploited by malicious people to conduct cross-site scripting attacks.
7813a1bb45483efb82a4beeea157e1e4712a362555b9703db218839e78e87797
Secunia Security Advisory - Debian has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
f3dcfa0b2e2c44da5fe7a3c3230d5da81f06c0df070029a412480997de7dfa79
Secunia Security Advisory - Steve Kemp has reported two vulnerabilities in GNOME-DB libgda, which potentially can be exploited by malicious people to compromise a user's system.
784ed426b2a20fd88333e7e13e598e99aef92184ede969415d15c8abd89ba3a6
Secunia Security Advisory - Sven Tantau has reported a vulnerability in CHM Lib (chmlib), which potentially can be exploited by malicious people to compromise a user's system.
d1e5397d7a5037f693318cd1593ce85656f991647c895a98748375b7aa278ee4
Secunia Security Advisory - Red Hat has issued an update for ethereal. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
1afcc5ea7c95bfa6218a9f5f430fbe16097ad6e4452bf9207adca05b8530a4ad
Secunia Security Advisory - Francesco aScii Ongaro has discovered a vulnerability in PHP iCalendar, which can be exploited by malicious people to compromise a vulnerable system.
22354fbd1b4ed30e79a706a3378a1d1594bf495433d59b32a509b1336a1ad0b8
Secunia Security Advisory - Daniel Fabian has discovered a vulnerability in Snoopy, which can be exploited by malicious people to compromise a vulnerable system.
9a0237dbfdcab60f26953b5153a546608d7cb40a910d17da10405cc0b8864f44