All versions of RealPlayer 10 and some builds of RealPlayer 10.5 suffer from a heap overflow in the ID3 tag parsing code.
46421bbdec94678eace2f1448aa87b7317888d18e61f1d242f583bc1db79e149
Debian Security Advisory 1388-3 - The patch used to correct the DHCP server buffer overflow in DSA-1388-1 was incomplete and did not adequately resolve the problem. This update to the previous advisory makes available updated packages based on a newer version of the patch.
aa575a2ef5aed2ab88c2ec89366c596430eecb1fb84615f855448062aeb85f21
TikiWiki versions 1.9.8.1 and below suffer from a remote PHP code evaluation vulnerability.
1e448247e42b5213f25a1930d3dc3f1fbd07ce7769c7aa65080d354bf82a5b72
Secunia Security Advisory - A vulnerability has been reported in Django, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
239531467915702198504158e73a5888cdba35a74b67ca748f5f24b2bb72a569
Secunia Security Advisory - rPath has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct phishing attacks, manipulate certain data, and compromise a user's system.
c0102b05fd0443b258507f466521284e422cb330cfbf597967c54ad4f676e86e
Team SHATTER Security Alert - Oracle Database Server provides the SYS.DBMS_AQADM_SYS package that is used internally by the SYS.DBMS_AQADM package to provide procedures to manage Oracle Streams Advanced Queuing (AQ) configuration and administration information. This package contains the procedure DBLINK_INFO which is vulnerable to buffer overflow attacks. Affected versions include Oracle Database Server versions 9iR1, 9iR2 (9.2.0.7 and previous patchsets) and 10gR1.
58d76e3a0aef0c6352b4c4758f736521b656d25dc7b79ead00dce2d59a6de04b
Team SHATTER Security Alert - Oracle Database Server provides the MDSYS.SDO_CS package that contains subprograms for working with coordinate systems. This package contains the function TRANSFORM which is vulnerable to buffer overflow attacks. Affected versions include Oracle Database Server versions 8iR3, 9iR1, 9iR2 (9.2.0.6 and previous patchsets) and 10gR1 (10.1.0.4 and previous patchsets).
c1a8396a98fadf1347f49ba35e4dac43085a4c2e84bd788266f80b864f34c281
Omnistar Live suffers from a cross site scripting vulnerability.
67292beadd7560c2dab90692f7e2f9806dcc6e9822d9df3c8059a1ba90df0c36
AGTC-Membership system version 1.1a remote add administrator exploit.
0b9b008502ba04e1769466e8168120c061c7f4b6e6b26aa36cebd8b6fcf37de5
GOM Player version 2.1.6.3499 remote overflow exploit that makes use of GomWeb3.dll version 1.0.0.12. Spawns calc.exe.
906d927f7281a8d6b9f463de5a38983fe8e053fcbf3c0fe5cc7a02137c97ef19
Kodak Image Viewer code execution exploit that takes advantage of the MS07-055 TIFF vulnerability. Spawns calc.exe.
ac113a9757fdb12baa7a63fe821b53472c829b45ebe854614e258959e2d484e4
Sony CONNECT Player M3U playlist processing stack buffer overflow local exploit.
19b107d7edc7d67b224ebaa14f6fd2ba851bdbb98711f2d2ce4880a13495b6e4
Slides from the presentation Oracle Database Vault: Design Failures.
aa413dac2420e9793150ea25140ef356d8f3b5c166c5a82b88e5082a51840006
Slides from a lecture discussing Next Generation Viruses.
6cfbaacb1ce17979d011060139f0ba7bfe18bf60ee51ae17acf2c0723f1c8117
Slides from a lecture discussing Shadow Software Attacks.
9d3f365a840d4fe79ac57428f939eee876ade4b85c65af44212870259fb87bd6
Slides from a lecture given by the Technical University of Vienna Politecnico di Milano regarding AntiPhish: An Anti-Phishing Browser Plug-in based Solution.
11fdb1fd6cf3504814e13cee83b573ad2c17c0fd9b5ca17d7c6ea7217edc9c3e
Slides from a lecture discussing Writing Behind A Buffer.
67417f7ee79d3f522c2a4e3d577097a0fbf2a4fb4b71b2b080564f565d937cd5
SAXON version 5.4 is susceptible to a SQL injection vulnerability.
23411f8d6a90e9b31e57ceffd7996d568c7aa8f2fdbeaa3bac734ad639ddb4e4
SAXON version 5.4 is susceptible to a cross site scripting vulnerability.
1d43a200a24c368debf8a8e4ecee5ed36919c93f61f189dd6150d359436d3501
Webroot Desktop Firewall versions 5.5.10.20 and below suffer from a DNS recursion vulnerability.
7499ce19071c898db4710e4a745d9d4bd46c353b60d884a7b6f1e0746d168c5b
Secunia Security Advisory - Joey Hess has reported a security issue in vobcopy, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
b73a33229ad873d14944c1485b66cc3d03ac62ac3e6fd46a5b1a4d5adf851dd4
Secunia Security Advisory - Some vulnerabilities have been reported in OpenLDAP, which can be exploited by malicious users to cause a DoS (Denial of Service).
425bef9722424c9c57b0d7b7d10ebae7ea0ba5559ab26af6f05a25863be54609
Secunia Research has discovered some vulnerabilities in IBM Tivoli Storage Manager Client, which can be exploited by malicious people to conduct script insertion attacks. Certain input passed in HTTP requests to the CAD service is not properly sanitized before being logged. This can be exploited to insert arbitrary HTML and script code into dsmerror.log, which is executed in a user's browser session in context of the affected site when e.g. viewing the log file via the web-based interface using the "FILE" functionality of the CAD service.
277de8c11d9582d8e9b98a606bb24ac192a34dc0c97ab2267b159f9843c34e82
Smart-Shop Shopping Cart is susceptible to cross site scripting vulnerabilities.
6dab28de6ebe8e2ea6aa36fc03a5207632099c3f00fc85f513eb04fb2a85d6ef
Whitepaper discussing the prevention of cross site request forgery attacks.
f175ac2a874a9f1415a57c6ed31b6044ef783497e4f88ea01d77445b1856299e