Invision Power Services versions prior to 2.0.4 suffer from cross site scripting and SQL injection vulnerabilities.
b8bf3466e307247bc48b42810996ed9e65cb7ab87a84029aa0f25cee9605095c
CJ Ultra Plus versions 1.0.3 and 1.0.4 suffer from SQL injection flaws.
633b622b7664e227e0eb4e99a25efd7bb4cf4d8da806d4431050f188a3637def
Debian Security Advisory DSA 721-1 - Michael Bhola discovered a bug in Squid, the popular WWW proxy cache. Squid does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.
180e04f417cf4cafea4b6478b034d4d28b823b71e2594c367dd73be18f901646
Ubuntu Security Notice USN-122-1 - Michael Bhola discovered that errors in the http_access configuration, in particular missing or invalid ACLs, did not cause a fatal error in Squid. This could lead to wider access permissions than intended by the administrator.
61a13e5fe5b4b4da41b9e1a72b60fe19b6da49a870d6c4924d47a1d28bc4f2e2
Ubuntu Security Notice USN-121-1 - The StgCompObjStream::Load() failed to check the validity of a length field in documents. If an attacker tricked a user to open a specially crafted OpenOffice file, this triggered a buffer overflow which could lead to arbitrary code execution with the privileges of the user opening the document.
cdf1f9dd2da38e3b10b4658ab67df4dc1a8941af89e8d3d82768b76a27658a5d
Ubuntu Security Notice USN-120-1 - Luca Ercoli discovered that the htdigest program did not perform any bounds checking when it copied the user and realm arguments into local buffers. If this program is used in remotely callable CGI scripts, this could be exploited by a remote attacker to execute arbitrary code with the privileges of the CGI script.
8138e2be0a078d5d656787fda86f83f293df9f68fdc2bad9d56fe03dac7414f6
Statcounter is susceptible to a script injection user session hijacking flaw.
2f8b0a24361026c281e96ee3041e21b8b9c0a48c33866ddddd38ba3d356683b6
MidiCat PHP Shopping Cart suffers from multiple cross site scripting, SQL injection, and other security bugs.
cfcaf4f2b96fe2bd8e82fdc6f46ae6caa96a374e250b09add3e5cb9c59f6329a
Every user with CREATE JOB privilege can switch the SESSION_USER to SYS by executing a database job via dbms_scheduler on Oracle 10g.
89a141519dcef0c60eb5caae4118b9350bed9c359a49fba7854f155c388e595c
Fine grained audit (FGA) is disabled for all users if the user SYS runs a SELECT statement on a FGA object in Oracle 9i / 10g.
ef0e69af9d00f437ba72ca0fee630f111a4921211bcba924fef4da010fb8148c
Ultimate CGI Guestbook Scripts MegaBook version 2.0 is vulnerable to multiple cross site scripting attacks.
69540585fe0f27145e6811e2c70cdf8addf7a7e32745d148840ce097b8d9b69f
The Gamespy cd-key validation system allows for multiple use of the same key.
8139c1152cfd8033b373585e5ec3187e22c4c9b4dcd050934cf1cccab4456a1d
SimpleCam 1.2 suffers from a directory traversal flaw.
d4e58f065d5c7588a794c9e5395507eab6a319a2473bb1d69625b852d95f74e6
iDEFENSE Security Advisory 05.04.05 - Local exploitation of a buffer overflow vulnerability in Apple Computer, Inc.'s Mac OS X allows attackers to execute arbitrary code. vpnd is the system daemon which manages IPSEC or PPTP connections. The vulnerability specifically exists due to insufficient bounds checking on the value given to the Server_id parameter.
0237606ce969824dc940b7a556542ba770756a2abb6a8d17d8aad8742cfb0a93
A local file detection bug exists in Adobe SVG Viewer version 3.0.
b56516177838b137c11f376de8fc95ba5e4906d2d1a019f2e5bd11efb8f5d84b
Leafnode versions 1.9.48 to 1.11.1 suffer from a denial of service vulnerability.
30b6c7c1e8d7eeb30cd82999c84bd5e80690a1a2b8ceede25323b0633cea4b3d
Ubuntu Security Notice USN-118-1 - Postgresql suffers from multiple vulnerabilities.
d115508980e6b35c51f9fb331119affaab6ae7c99bb8434b6050362aa9206618
vpnd on Mac OSX versions 10.3.9 and below suffers from a stack buffer overflow.
cf228ea2cc508d49888b67af2c4fca70d0985d71b8d036276387de3ca4f74d36
Gossamer Threads Links SQL version 3.0 suffers from cross site scripting vulnerabilities.
44db85324d70c4d5216d3f1c587472cb8e368e120d5434190724996e35f1f780
Multiple vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow for cross site scripting, arbitrary file viewing, and more.
bbd44f9d66d0b59f4e1b162ed1fba5a48f52f53f725ac4d72198eda5661ffc2b
Apple OSX suffers from multiple bluetooth vulnerabilities.
1f2d239e36a2a11e6998d72399a7c9b0cdc8dcabb42c9fdd577e9c7bfc8b8182
iDEFENSE Security Advisory 08.05.05 - Remote exploitation a directory traversal vulnerability in EMC Corp. Navisphere Manager could allow an attacker to retrieve arbitrary files from the system running Navisphere Manager as well as retrieve directory listings. Navisphere Manager Base 6.4.1.0.0 is reportedly vulnerable.
23db99e7edc094a9e39cedae3a001c17e7b01798c2fdcad6e2749c3b9dd31137
nbSMTP version 0.99 remote format string exploit. Tested on Slackware Linux 9.0, 10.0, and 10.1.
10190d51efb7acc9891701971fa67cb9aa231b76267cf93d3c6f21332ddb0dbc
Write up discussing a methodology to bypass Citibank Virtual Keyboard Protection, a mechanism to help protect against keyloggers and spyware.
0bf50c337ec9fbe542418f18b4fc538ccfdf1b3d1c5af837b01094ce509c4ddd
Multiple Lantronix Secure Console Server local root exploits that make use of security issues allowing for unrestricted shell access.
c0a5ce471897d527b519e28394d96c4425c7cba31436744d12e76f3ba35bd3c2