Secunia Security Advisory - Maksymilian Arciemowicz has reported some vulnerabilities in PostNuke, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, and to bypass certain security restrictions.
7fc36021b3b3d623dc3ea2f4649581b8fa5da037450d0f7cdf07b72f832706aa
Secunia Security Advisory - A vulnerability has been reported in CherryPy, which can be exploited by malicious people to disclose potentially sensitive information.
b820be2be77b44ed7e8d0b38947823ece4b99fa4e47faaedd2ab6841bc379226
Secunia Security Advisory - l0om has discovered two vulnerabilities and a security issue in Guestbox, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and conduct script insertion attacks.
ca5668c160429c80534ce4cb2eef62c04d35f0740d37067bf2cbbfdbead575f7
Secunia Security Advisory - Two vulnerabilities have been reported in PHP-Fusion, which can be exploited by malicious people to conduct cross-site scripting attacks.
2c9b5d0f392b496e05525b9f1e69bbb5ee667526ddcd637a6f1cc1a77fdee5fc
Secunia Security Advisory - x128 has discovered a vulnerability in ilchClan, which can be exploited by malicious people to conduct SQL injection attacks.
3040fd056ced28c4c29ceeea64ef63fa77036fd300fba8bee5245b327640511b
Secunia Security Advisory - Michael Lehn has discovered a vulnerability in Mac OS X, which can be exploited by malicious people to compromise a user's system.
6c2391cac67f7d53edb05ec78876bf1c7c7a1fce60616166899a0fca3e321099
Secunia Security Advisory - A weakness has been reported in Dropbear SSH Server, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
e4aa1525c65da37d5e8e7f591329764f8a3cb268f37b23e366566257a2ac4b98
Secunia Security Advisory - pcps has discovered some vulnerabilities in Barracuda Directory, which can be exploited by malicious people to conduct script insertion attacks.
6038d0c874fa97150e36f0f48a8abd775474978548877ce1147925fdf2f88adf
Secunia Security Advisory - SUSE has issued an update for gpg / liby2util. This fixes a security issue, which potentially can be exploited by malicious people to bypass certain security restrictions.
afdbbfe561a4939c2e617c70e7e5b50f98583a1626568252742ffd5e406bccb3
Secunia Security Advisory - Gentoo has issued an update for openssh / dropbear. This fixes a weakness, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
a865d132fb5cedf9d64c9264d1de7c30c0bf0543b5a28636aeaf4e4d3b27d607
SUSE Security Announcement - With certain handcraftable signatures GPG was returning a 0 (valid signature) when used on command-line with option --verify. This only affects GPG version 1.4.x, so it only affects SUSE Linux 9.3 and 10.0. Other SUSE Linux versions are not affected. This could make automated checkers, like for instance the patch file verification checker of the YaST Online Update, pass malicious patch files as correct.
dbcd94580d937c8fdef6ffd158eb912f1108bcb0aa65778e07df99b105d01d9b
Secunia Research has discovered a vulnerability in NJStar Word Processor, which can be exploited by malicious people to compromise a user's system.
f61370fbbebc0b233634c48add43e1717d790ddf432d0c18c9d602041c886b71
OpenPKG Security Advisory - An allocation off-by-one bug exists in the TIN [1] news reader version 1.8.0 and earlier which can lead to a buffer overflow.
64e27cc817d51c76569266a91682b2158159cd0d6564041947d43eeeac5e2676
OpenPKG Security Advisory - According to vendor security information [0], privilege escalation vulnerabilities exist in the PostgreSQL RDBMS [1] before version 8.1.3. The bug allowed any logged-in user to "SET ROLE" to any other database user id. Due to inadequate validity checking, a user could exploit the special case that "SET ROLE" normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example.
c40cab37f34f78513b56727208269fd48812b531d971509e3a808ace7e30a5b9
Magic Calendar Lite suffers from an authentication bypass vulnerability.
6682f06fe6b89ff05adb4eea45cfea38d405f94dd88ecd9d3ecc03a73a4eb702
TTS Software Time Tracking Software suffers from multiple vulnerabilities including XSS and SQL injection.
92b023be3b6678e1268a8ca48e3f664fac208f949fa14b224f3ed1e3c05f0ac8
CALimba suffers from an authentication bypass vulnerability.
0495f9484c0b6d6baf8930666f3414bde78582337f38b55f25d0320a570add42
PHP/MYSQL Timesheet suffers from multiple SQL injection vulnerabilities.
62a2a25c114d4ea7c4b1d95d6e4d484bfc89df8c72f9a056973523be384bac0e
Scriptme SmE GB Host suffers from an authentication bypass vulnerability.
f02c790b64c7675d20ff20e89902eec2bb8ca5ec5b8ce281d347eb210a5b96ab
Scriptme products "SmE GB Host" and "SmE Blog Host" suffer from arbitrary script code insertion in the BBcode [url] tag.
19a3fa43bdd0dfcc8ede4249507fe15db1e263755f93bc20dab6246118b230f8
Winamp versions up to and including 5.13 suffer from a .m3u buffer overflow vulnerability
e4574457d5bc6b9d0f12e56864b885fce741a0f53c0a098bee785a94b91de1db
It is possible to crash the web interface on a D-Link DWL-G700AP by sending it a simple GET request. POC included.
b871451dc09aa313045fd79f0f175a1b7c4a71df8e6f5fc1ed298a782aff19be
It is possible to gain administrative access on Kyocera 3830 printers by using telnet.
7aeebf751b381ae2252541ba8745ebca6d719e929fef24288eb300f0b88b85f5
Security advisory for MS06-009 - Misuse of ShellAbout() API could allow elevation of privilege Affected system: Korean version of Windows XP, 2003 and Office 2003.
5040ef262c895b9b0fe3b2f1e23e354a9fc3d0a36e0d103507a8fd05a91fd8f5
PLUS (PatchLink Update Server) version: 6.2.0.189 suffers from several bugs and security issues.
58baf2f29a5064e0b84a52fab2ed18a11b809e4bf44d324bf4320abd35865304