[MajorSecurity Advisory #29]: foresite CMS - Cross Site Scripting Issue.
8591278f8bbfc8be498a8207e57066ecce64c04c52e794b04cb177d5929572a8
A SQL injection vulnerability has been found in the search.asp script of WebWizForum.
cead45ff35294fdd3b96eea233a7ef20ecfb57a70f0706f879b2c00a0b636710
Applications which fail to provide their own filtering on top of the inbuilt .NET request filtering may be vulnerable to XSS attacks. Provided that a web application solely relies on .NET request filtering before echoing input back to the web browser, it is possible to inject scripting code and successfully launch XSS attacks by submitting a specially crafted request.
dd910ad2db757329a92d803219be35c477e9961683836178d55fca2a887cde87
Secunia Security Advisory - Some vulnerabilities have been reported in Free File Hosting, which can be exploited by malicious people to compromise a vulnerable system.
c417f3b1403e655517cc03eadec6d6e8090e0a08c15c4b60a1fb71422e6e9226
Secunia Security Advisory - ajann has reported a vulnerability in Techno Dreams Announcement, which can be exploited by malicious people to conduct SQL injection attacks.
7bc222043155d0bf4dd3e218da068579891041797baaa27eaffdf573b6d52a38
Secunia Security Advisory - ajann has reported a vulnerability in Techno Dreams Guestbook, which can be exploited by malicious people to conduct SQL injection attacks.
113e49308775559397c4fb2c8dff44469c9df684ebdca1ccf88d9ecb2a9409de
Secunia Security Advisory - Greg Linares has discovered some vulnerabilities in Easy File Sharing Web Server, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to disclose sensitive information.
c6e2c16cfa4a83180b50f49bc2a4d9cb918c90863de86047c096a0f9871232f7
Secunia Security Advisory - Mandriva has issued an update for ImageMagick. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
0b5942cd94bfebea643930aa51b9cacbfb1c932ac7b938c12e97b0872a2f5456
Secunia Security Advisory - Mandriva has issued an update for postgresql. This fixes some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service).
9179cfbbcd8baad686d3eb81777e2aad92e506232be6e0a5ef93dc036327525e
Secunia Security Advisory - Some vulnerabilities have been reported in various Informix Products, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
4474f9ffc116a320d92cc32a4f2f6260e9810704359684cdce62c387cef3b01e
Secunia Security Advisory - Nms has discovered a vulnerability in PunBB, which can be exploited by malicious people to compromise a vulnerable system.
50b5b47f55323a7bfc259c7b749e593ed374c22e26207243f6809ca39e6a0dec
Secunia Security Advisory - ajann has discovered a vulnerability in E-Annu, which can be exploited by malicious people to conduct SQL injection attacks.
8205b1e486a175bb18d42c0bf7cadfffc71a57e9f01ffdc69413274e5a1de103
Secunia Security Advisory - Gentoo has issued an update for cheesetracker. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
897774063149edaee2d5ebf02260b7a9c073785281bfeac22afa9178c4808803
Secunia Security Advisory - v1per-haCker has discovered some vulnerabilities in phpProfiles, which can be exploited by malicious people to compromise a vulnerable system.
eba166697d775b3e6c9164e8c7cf859f79c2cf8b6ea82dd3dd963b8526d8d1e6
Secunia Security Advisory - Debian has issue an update for qt-x11-free. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
29ddc870aeb9a5b0845e168dbe49f8b272cc89a57647b02a7512ee19e6536a58
Secunia Security Advisory - David Vieira-Kurz has reported a vulnerability in foresite CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
6181e22590bbe9f9c85bbb9684490f698602d93dedb9fddb9ea50df60b202e3f
Secunia Security Advisory - Gentoo has issued an update in php. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
a10e364019adcdd4bc2e22a368a171d92357ec306544f13c9dd9995fb12ac285
Secunia Security Advisory - Gentoo has issued an update for asterisk. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
db11feaf1c259a300ccc9d5a89e6cd4116401492de668480f0c7e8d8f2eff891
Secunia Security Advisory - HP has acknowledged some vulnerabilities in HP Tru64 Unix, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
ed9366f2229c5d8683161552844975502ba9bb712c513794e4a10636568ee2f8
Secunia Security Advisory - Handrix has reported a vulnerability in Sun Java System Messenger Express, which can be exploited by malicious people to conduct cross-site scripting attacks.
2623f772e78a88f61679fc33ec47cd425389c2eb3d3c1781c90eecee4e8b2c98
OpenPKG Security Advisory OpenPKG-SA-2006.027: According to a vendor release announcement [0], security issues exist in the personal publishing platform WordPress [1]. The "wp-db-backup" plugin accepts filenames which could be used to access security sensitive files.
786e8c5107fa0271085c49cebac3c5b1b20b0e7d0c2c919671a5d378f98e6762
Debian Security Advisory 1200-1: An integer overflow has been found in the pixmap handling routines in the Qt GUI libraries. This could allow an attacker to cause a denial of service and possibly execute arbitrary code by providing a specially crafted image file and inducing the victim to view it in an application based on Qt.
164139ba980ab9d32154bee061c5bef7b490dd17b4a4973d1c31ba91ed30a90b
Gentoo Linux Security Advisory GLSA 200610-15 - Asterisk contains buffer overflows in channels/chan_mgcp.c from the MGCP driver and in channels/chan_skinny.c from the Skinny channel driver for Cisco SCCP phones. It also dangerously handles client-controlled variables to determine filenames in the Record() function. Finally, the SIP channel driver in channels/chan_sip.c could use more resources than necessary under unspecified circumstances. Versions less than 1.2.13 are affected.
7da97c63b8d70d60c0b51785511e6d3d1a6ceb5bc517f75ec86487e728c91a87
Gentoo Linux Security Advisory GLSA 200610-14 - A flaw in the PHP memory handling routines allows an unserialize() call to be executed on non-allocated memory due to a previous integer overflow. Versions less than 5.1.6-r6 are affected.
24fd15d792177179ef4dbacc3bf7f43884ae94a89b5aefdbfb4aa7af666fa023
Mandriva Linux Security Advisory MDKSA-2006-192: The CGI library in Ruby 1.8 allowed a remote attacker to cause a Denial of Service via an HTTP request with a multipart MIME body that contained an invalid boundary specifier, which would result in an infinite loop and CPU consumption.
e82ad3dc1bfceb29448f2800b116b0e14eb98d470f43c94368a5d815b98b2f78