Cisco Security Advisory 20040317 - A new vulnerability in the OpenSSL implementation for SSL has been announced. An affected network device running an SSL server based on an affected OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack.
42b7301b69fb615efdd79960fe4a0a79c2e23d757d2404a1777bb41cce77e433
OpenSSL Security Advisory - A Null-pointer assignment during an SSL handshake can result in a denial of service. Versions 0.9.6c to 0.9.6k and 0.9.7a to 0.9.7c are affected by this issue. Versions 0.9.7a, 0.9.7b, and 0.9.7c are affected by another vulnerability in the handling of Kerberos ciphersuites that can cause OpenSSL to crash. Patches are attached to the advisory.
74e5edb8b95d18badf28cf2d243789474aa52058185bcdddde38d9e1318f98b5
PHPX versions 2.x through 3.2.4 fail to create a secure session management engine. A user can obtain a session by simply supplying a uid of the user in which they want to obtain the account from, and as long as their session is in the database, it will allow session hi-jacking to occur. Further-more it is concerning that the session id itself is generated by a simple auto increment field in the MySQL database, making it trivial for an attacker to steal a cookie. Full exploitation included.
fb0bbfeaadbd58d619c24ee87dd0140c31f995df5bbf874802ab65ece9d08f64
S-Quadra Advisory #2004-03-15 - ModSecurity 1.7.4 for the Apache 2.x webserver series is vulnerable to a remote off-by-one overflow that allows for arbitrary code execution. Version 1.7.5 has been released to address this issue.
46914b1d1e2b2200f173555807ff77394e863e8d79257fe7862682dac2771be0
The Mambo Open Source web content management system version 4.5 stable 1.0.3 and earlier suffers from multiple vulnerabilities including cross site scripting, SQL injection, and query tampering.
eb69cdd423873abc07892485078b6e9b2d11df2891ed76993754c49b73c5c23c
Jelsoft vBulletin 3.0.0 RC4 and other releases and susceptible to cross site scripting attacks.
9ba7da743e628349c8ee4a1a744b90aa09ff076bcd1c22b86689eb34a1126b4e
Local exploit for the Crafty game versions 19.3 and below that makes use of a buffer overflow vulnerability. Tested on Red Hat 9.0 and Slackware 8.0.
82dbacb90891acc5cb1caec18b225e003314199535445fa71cd2de41626faf7d
A vulnerability exists in the Crafty game versions 19.3 and below that allows a local user to escalate privileges via a buffer overflow.
d713ebffde11218f34d8b01dc14e79a08b13899fd42c6dc9b3f2f306677c6691
Cross site scripting vulnerabilities exists in Phorum versions 5.0.3 Beta and below.
5b4e2faeef8fc7c76847ad3ef1332b7b89e7e904e4fcb3dad65ce3a6d8adb457
Both cross site scripting and SQL injection vulnerabilities exist in the 4nGuestbook version 0.92 module for PHP-Nuke versions 6.5 through 6.9.
f732ec2b913b6d095bd8180dac6ad638b87e3c15c8c333cfdacde98395e7fb6d
The 4nalbum module for PHP-Nuke versions 6.5 to 7.0 suffers from path disclosure, cross site scripting, remote file inclusion, and SQL injection vulnerabilities.
b72910a8ea7f3795a3370ca420ebdd0d9f784cdcd93d78ee2fde747165559de9
PHP-Nuke 7.1.0 is susceptibel to multiple cross site scripting attacks.
bf21be75eb9e862841810c4026922d4b2d10f41775f4e6120c0f1755aee6e9a2
Multiple vendors suffer from a denial of service vulnerability in their SOAP servers. Products affected: Macromedia ColdFusion/MX 6.0 and 6.1, ColdFusion/MX 6.0 and 6.1 J2EE, all editions of Macromedia JRun 4.0, and Sun Java System Application Server 7 Update 2 Upgrade and prior releases.
edfd88863f29ed6adcb5fa19d6baa42407918c5ba0a3e4f0296be2a21ea83fbd