HPSBUX02152 SSRT5973 rev.1 - HP-UX Kerberos Client Remote Unauthenticated Execution of Arbitrary Code
04478cd17b34dd049c0353a2e2e9d88667982fff97edaba6fd983857530148a5
HPSBUX02155 SSRT061235 rev.1 HP-UX CIFS Server (Samba) Local Unauthorized Access, Elevated Privileges
47c7bf9cc87b0a7ee0766b584ed63da8c200eeecfd3afe0dfa7ceff61988128b
wwwthreads 5.4.2 and prior suffer from multiple cross site scripting vulnerabilities.
b1ef28726e07dc33340c8f3569cc4da231bb64cc5c52893a7b61da9838adb4d9
PhotoStore suffers from multiple cross site scripting vulnerabilities.
e8597abd8eec3302faf3bce96bafc0ba96f43ea3472ceff15b78495aeb1f97e2
Opial Audio/Video Download Management suffers from cross site scripting in index.php
325ddc04dd64f00aca912e982c6e54efd4992fb06eab091933e32ced03edf610
toendaCMS suffers from a local file inclusion vulnerability.
cfa27594dce544149069606ee96212e6d3e43fd1b0ea6d67437daf4954d66b15
RISE-2006002: There exists a vulnerability within a architecture dependent function of the FreeBSD kernel (FreeBSD 5.2-RELEASE through FreeBSD 5.5-RELEASE), which when properly exploited can lead to local compromise of the vulnerable system. This vulnerability was fixed in FreeBSD 6.0-RELEASE, but production (legacy) releases 5.2 through 5.5 are still vulnerable.
94ae7ebd3c47291aab33892e9d461968249c807d5246b761a801423c4e3cd32e
Mandriva Linux Security Advisory MDKSA-2006:169: A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.7.
f33758df224b00509a71f9625a4e2c13401139dc010b8ab80ed346ac90633989
Mandriva Linux Security Advisory MDKSA-2006-170: Webmin before 1.296 and Usermin before 1.226 does not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
fcc70de1f0b8fb80bc654cefe2ac26bf287436e8af4d86d1327518633d1cb206
SUSE Security Announcement SUSE-SA:2006:055: If an RSA key with exponent 3 is used it may be possible to forge a PKCS verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature.
8d222b929117b6ffaf793e8d87050c7a1e45882b6558aa5a8d06d705379ca1f6
jevoncms (.inc) suffers from a path disclosure vulnerability.
04942ab2ced107cc8835e6631092fbdcfa1f8c6ee0483a8add86a62e2ae08cf9
Plesk 7.5 and prior and 7.6 for windows suffer from an information disclosure vulnerability in the file manager.
bdd23e84ef0b4ca5190c3113a7d720f79eb92f19f1d7035510920a849629b192
MySource Matrix versions 3.8 and below and MySource 2.x may be used as an unauthorized HTTP proxy.
9e44da0c3056acc315f38f8bf87e5f99cd7b2cc75d4f87e766cb0933ad2bbf9e
ContentKeeper 123.25 and below suffers from a design flaw in the user administration interface which reveals account passwords inside the HTML source code. Any authenticated user with appropriate access to the user administration page may use this information to compromise the accounts on other systems.
7fadf9fa09f5f30be956b15ebca46178ed641e6a8ee2f3737f361a88553df408
Zachary McGrew has discovered and reported that the FiWin SS28S WiFi VoIP SIP/Skype Phone with firmware version 01_02_07 has VxWorks Telnet open with a hardcoded user/pass of 1/1. Various debug commands enable viewing SIP credentials, WEP keys, etc. on the phone.
138cdacc373d3af2dbbd24f6e8d71941abf2c06921c5be017a9267824cfd6155
Woltlab Burning Board 2.3.X SQL Injection Vulnerability
1a2d647f855fcf4342296872c4932b18906bfefcb550fe99ba24dfba76f998d0
APPLE-SA-2006-09-21 AirPort Update 2006-001 and Security Update 2006-005: The security fixes described below are available in AirPort Update 2006-001 and Security Update 2006-005. AirPort Update 2006-001 contains an additional non-security fix to address a reliability issue that occurs on a limited number of MacBook Pro systems.
5ab3add3a7b5042f8bbe07e6836bec97b033281f32280787bd33023539c5a892
CAID 34616, 34617, 34618: CA eTrust Security Command Center and eTrust Audit vulnerabilities
b236dc13a9d36b5ace9a497fbaa92180a506c8f2c86ab714d159c59c043c12ba
During the analysis of RSA Keon Certificate Authority Manager, Arhont Ltd consultants have discovered several vulnerabilities in the Log Verification function. A rogue CA (Certificate Authority) administrator or any local administrative user with the access to the CA server could manipulate the secure logging process to disguise his/her activities. Versions 6.6 and 6.5.1 are vulnerable.
79163b2b0488c73c966551df79ceebef350345edfcadddadd34b53ddf8c53d3d
scip AG Vulnerability ID 2555 (09/21/2006) Sun Secure Global Desktop prior 4.3 multiple remote vulnerabilities
99b3f6235975754f3df02b59c8103ade16fe507c2e7f51d1373c49aa0e89fe6b
Commerce Bank's website is susceptible to cross site scripting.
4f24bca931198904b78b834449c469f90b91c1b41d3cc6a385a1413a2c9a0959
Several greek banks suffer from cross site scripting vulnerabilities.
3684796542d0aecfd70e661bca5299f6a11b35b4ef5c750abe606690f5d2df71
OpenSSL Security Advisory 20060928 - Dr. S. N. Henson recently developed an ASN.1 test suite for NISCC. When the test suite was run against OpenSSL two denial of service vulnerabilities were discovered. Other issues were also addressed.
9502f989ec9da5214945e96a2d710fcdd773af905ce1f2c7d00260acc1346401
SUSE-SA:2006:056 - The gzip tool does not handle some specific values correctly when unpacking archives. This leads to vulnerabilities like buffer overflows or infinite loops.
5824d78af59c485e4c5bb9f39940cd6e46ba645d578cca1837b78e822e4a3cdd
ZDI-06-029: Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities
ca61c977f812670146a0d94dbc484e48367957bd2cdc17f091fcd89dc5ca2915