Secunia Security Advisory - Red Hat has issued an update for redhat-ds-admin. This fixes some vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to bypass certain security restrictions.
abf883b08aaa73b70b079d814e257c4b6d73d1a5fa69c8bb7cb49eb78ee62559
Secunia Security Advisory - VMware has issued an update for VMware ESX Server. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose sensitive information, or potentially compromise a vulnerable system.
9440b2f0cd70b5f428e2cdccb1167bc4da1ce41c4992e6ade2db15bc4eb0f04f
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in WebKit. When nesting regular expressions with large repetitions, a heap overflow occurs resulting in a condition allowing the execution of arbitrary code.
d7226cf9fbed0e7b5e82d1dd575f6e61f1ded367886e94e1a5db1549689e7f83
CA products that implement the DSM gui_cm_ctrls ActiveX control contain a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. The vulnerability is due to insufficient verification of function arguments by the gui_cm_ctrls control. An attacker can execute arbitrary code under the context of the user running the web browser.
b63cbfd73b81137d031f97bd4f2406b126e28b710e79acc9de05299b137471b2
Carbon Communities Forum versions 2.4 and below suffer from SQL injection and cross site scripting vulnerabilities.
ec8b6da167cb0ac04f04778c691d037a9cd993aa0d5833d3b0c4f5594180c62e
BS.Player version 2.27 Build 959 .SRT file buffer overflow exploit.
8cfbd5de445f4718c1656cc8b0690b95807d0e631cd49dd835765144bcb2a3be
iDefense Security Advisory 04.15.08 - Local exploitation of a design error vulnerability in Oracle Corp.'s Application Express web application development tool allows attackers to gain elevated privileges. The vulnerability exists in "run_ddl" function within the "wwv_execute_immediate" package. This package is included in the "flows_030000" schema. This function allows attackers to execute SQL commands as any database user, such as SYS. iDefense confirmed the existence of this vulnerability in Oracle Application Express version 3.0.1.00.08, which is installed by default with Oracle Database 11g R1 (version 11.1.0.6.0). Previous versions may also be affected. However, Oracle Database 10g R2 does not install Oracle Application Express by default.
e62655ecf9cf417e237bbdfa2451137b6da01ab4c98426bae246e30ac759b70b
Cisco Security Advisory - A vulnerability exists in the Cisco Network Admission Control (NAC) Appliance that can allow an attacker to obtain the shared secret that is used between the Cisco Clean Access Server (CAS) and the Cisco Clean Access Manager (CAM).
53c82c43309c5cb46dbf366870f9222e679ccdb752a2d6f78eb6b7ae7538b2c9
INFIGO IS's security team has identified a critical remote buffer overflow vulnerability in the latest ICQ version (ICQ 6.0).
f15fcb7c39b1de855c85925767b7a551daaddf85fabc42a30d0971f234fc959e
Oracle 9i Release 1 through 10g Release 2 suffer from a hard coded password vulnerability.
5a626b3f3db0d29867bfeb5c6c55255678262395a263f8d3e5ad0123e3b0aa0a
Oracle 9i Release 1 through 10g Release 1 suffer from a SQL injection vulnerability in the SDO_GEOM package.
5c6480feed1ae87a9b01f04e8303b0822b3ea652afdbae60cea161366ac61511
Oracle 9i Release 1 through 11g Release 1 suffer from a SQL injection vulnerability in the SDO_IDX package.
d6d0053dc2be5c9cf1894ba082e60dc8f4f2aa3f839d4a47bb79a73fc0baee27
Oracle 10g Releases 1 and 2 suffer from a SQL injection vulnerability in the SDO_UTIL package.
014f11cb69ac5e56681ff953324c818122c8520818bfd0427b2c1fb0b6b0c4d1
afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
673ffbfd010c1c40cf1b2c6602fbc592d45dc9e5540844d1d8b3d4b95dc6cdd8
XplodPHP AutoTutorials versions 2.1 and below suffer from a remote SQL injection vulnerability.
de86652c23159fe36ac35481dc7fe41b5c2e8656a4bb6abf46056f585ab7c0cd
Secunia Security Advisory - cO2 has discovered a vulnerability in Lasernet CMS, which can be exploited by malicious people to conduct SQL injection attacks.
b50e6d32d5a2c6fe7ce9190caadc812e3576362e6d9197e5b9f15fc2cfda9887
Secunia Security Advisory - securfrog has discovered a vulnerability in DivX Player, which can potentially be exploited by malicious people to compromise a user's system.
1fa7ace65af8a308c0e979a3cfa28e88c4921a4f10c857658befe3667e3dfa52
Secunia Security Advisory - Two vulnerabilities have been reported in IBM DB2, which can be exploited by malicious, local users to perform certain actions with escalated privileges or gain escalated privileges.
283d95504a46921fe577783b216e067e3d94f2712b9696a599612ff62db2dcff
Secunia Security Advisory - Morgan ARMAND has discovered a vulnerability in DotClear, which can be exploited by malicious users to compromise a vulnerable system.
3f4f841cf84b2892713479e5e131bf2d41298cb9c041ec13ccc872d42a2a629f
Secunia Security Advisory - Multiple vulnerabilities have been reported for various Oracle products. Some vulnerabilities have unknown impacts while others can be exploited by malicious users to bypass certain security restrictions, conduct SQL injection attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
c37bd3b2bb8d24aba55976dee3446b830d6040298ba5df01872fbab785b526fa
Secunia Security Advisory - Matteo Memelli has discovered a vulnerability in BigAnt Messenger, which can be exploited by malicious people to compromise a vulnerable system.
156b5ae4bbdc581476c298b3d49daf911a96f6159c4a9830bf5dfdefcd85940d
Secunia Security Advisory - Felipe Sateler has discovered a security issue in Cecilia, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
7f305369490779a5f5ee3deae80ed03d6cb69850e779a6c6f9abbb91cd21e9c8
VMware Security Advisory - VMware has released updates for pcre, net-snmp, and OpenPegasus.
05d3cc52d406c326ff1eab9dc8daa8b27e7db3e09c7914fad3295665ea9f50da
Lasernet CMS version 1.5 suffers from a remote SQL injection vulnerability.
fc72773e3a46fb2aa6f60be12009e84b233fcdf36cbcd4f457ebe1ca79cf2957
Mandriva Linux Security Advisory - The isdn_ioctl function in isdn_common.c in the Linux kernel prior to 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which trigger a buffer overflow. The do_corefump function in fs/exec.c in the Linux kernel prior to 2.6.24-rc3 did not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which could possibly allow local users to obtain sensitive information. The shmem_getpage function in mm/shmem.c in the Linux kernel versions 2.6.11 through 2.6.23 did not properly clear allocated memory in certain rare circumstances related to tmps, which could possibly allow local users to read sensitive kernel data or cause a crash.
9d45829355f0a104401e0ff0bc6eb1b4fdb73a895ecae86b1fe47a119c6a9e3b