Debian Security Advisory 1565-1 - Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. Cyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS). Nick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code. David Peer discovered that users could escape administrator imposed cpu time limitations (RLIMIT_CPU) by setting a limit of 0. Alexander Viro discovered a race condition in the directory notification subsystem that allows local users to cause a Denial of Service (oops) and possibly result in an escalation of privileges.
ed43a1ccb15a2ec568645c1df25b8fe8d03affe766fc2a7cde70bedba788f722
Debian Security Advisory 1564-1 - Several remote vulnerabilities have been discovered in wordpress, a weblog manager. Multiple cross-site scripting vulnerabilities allowed remote authenticated administrators to inject arbitrary web script or HTML. SQL injection vulnerability allowed allowed remote authenticated administrators to execute arbitrary SQL commands. WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. Insufficient input sanitising caused an attacker with a normal user account to access the administrative interface.
7aec6003c272ef69deae398d5dba99b0d52dfc993f407eefa4106bdf56885017
mjguest version 6.7 suffers from cross site scripting and redirection vulnerabilities.
5654b6d68fe01e4002e02811d528637ac4592ab91e91f072b51ebdfdc77833bd
iDefense Security Advisory 04.30.08 - Remote exploitation of a design error in Akamai Technologies, Inc's Download Manager allows attackers to execute arbitrary code in the context of the current user. iDefense confirmed the existence of this vulnerability using version 2.2.2.1 of Akamai Technologies Inc's DownloadManagerV2.ocx. Additionally, iDefense confirmed the problem exists in version 2.2.2.0 of the Download Manager Java Applet. All versions prior to the fixed version are suspected to be vulnerable.
f0e0510c73a61c63aa3aab61418d9329d39123888ec190022a7e749ba1be1c5c
Team SHATTER Security Advisory - Oracle Database Server versions 10gR1, 10gR2 and 11gR1 suffer from a SQL injection vulnerability in SYS.DBMS_CDC_UTILITY.LOCK_CHANGE_SET.
94ba6caf19058ad048493cc14fa73c4bc39279796b9fa5d8409fa5e71f5b898b
Team SHATTER Security Advisory - Oracle Database Server versions 9iR2, 10gR1, 10gR2 and 11gR1 suffer from a buffer overflow vulnerability in SYS.KUPF$FILE_INT.GET_FULL_FILENAME.
99556d664ab32dc34f75b94140c8074a1bbce0bebd0a724b7250aeff65c852ef
Team SHATTER Security Advisory - Oracle Database Server versions 9iR1, 9iR2 (9.2.0.7 and previous patchsets) and 10gR1 suffer from a buffer overflow vulnerability in SYS.DBMS_AQJMS_INTERNAL.
1c7f1b151a5468928658fcc1e0d2f4b62069f6f76811b2a21b6a32822343f1f8
vlBook version 1.21 suffers from local file inclusion and cross site scripting vulnerabilities.
4a66304f20b976a722de873e13b1b9e248c4170c8cd8ad77fab13a0fcebf0e28
ActualAnalyzer Lite version 2.78 suffers from a local file inclusion vulnerability.
90664d29906072243682b62bce708f5b85ef62fa4758cb52d9f3e222cffeb05e
Blind SQL injection exploit for the Joomla Webhosting component.
4501c5a87daa1bce328737c9fd9aba3ee6e486c1b6c5f806a920980ffb1b226e
Packet Storm new exploits for April, 2008.
b26cfb99fd61de8e007de5fd284d62bdba78f0fcd580859a6040d5f4f47ba4db
AstroCam versions 2.5.0 through 2.7.3 suffer from a cross site scripting vulnerability.
f0d70dc471b487e095c1c1b658f70d9feacc28f774495582874721a4dffe478d
A security vulnerability has been discovered in versions prior to 2.2.3.5 of Akamai Download Manager. For successful exploitation, this vulnerability requires a user to be convinced to visit a malicious URL put into place by an attacker. This may then lead to an unauthorized download and automatic execution of arbitrary code run within the context of the victim user.
6513f8507a93764c7e4e3f9c944ed980d881f73edd90dc048061591e2b5a87e3
Debian Security Advisory 1563-1 - Joel R. Voss discovered that the IAX2 module of Asterisk, a free software PBX and telephony toolkit performs insufficient validation of IAX2 protocol messages, which may lead to denial of service.
97d037ca7b365b1c1889ff90e00b690dfb8d67d9335ff98918757842a39e8032
Harris WapChat version 1 suffers from multiple remote file inclusion vulnerabilities.
a048d2ba8b9d9b4e4ee2f3ce819417c9b9bf836e962847c7263556c847e54fa2
HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running WBEM Services. These vulnerabilities could be exploited remotely to execute arbitrary code or to gain extended privileges.
e565660b4395504e89cce5071209f8be22639198ad37e0cee7e83139c5765578
OpenNHRP implements the NBMA Next Hop Resolution Protocol (as defined in RFC 2332). It makes it possible to create a dynamic multipoint VPN Linux router using NHRP, GRE, and IPsec. It aims to be Cisco DMVPN compatible.
952864d4b416e345b0087958afb252884104d6a86bf6e1c9e1e7dc2c31905d01
OxYProject version 0.85 suffers from a remote code execution vulnerability in edithistory.php.
c9c2884eb94ae0ce3d2cdb9e8d5e65c3f7c89b8837751fca2c42107228be82b6
Wade Alcorn and John Heasman of NGSSoftware have discovered a stack overflow vulnerability in Castle Rock Computing SNMPc Network Manager. Versions 7.1 and below are affected.
44f1205ae4dc7f2841bac78a799e87ca996df01f25e2116bf1a2a9de5b97fa5d
Project Based Calendaring System (PBCS) version 0.7.1 suffers from remote file upload and remote file disclosure vulnerabilities.
9c1798634ac52cc0585e135861a1c3530a8bbf5e6c5435988633ccfd6a85149e
Kiwicon '08 Call For Papers - Kiwicon2k8 is intended to be an informal conference, drawing on the wider security community of Australia and New Zealand. It will be held in Wellington, New Zealand, on the weekend of the 27th and 28th of September, 2008.
14c10c4a4b81ab4c0695c3d90533ba7889ed39d8d24e37ae0bf8b67d92367072