The United Kingdom's Centre for the Protection of National Infrastructure document entitled "Security Assessment of the Transmission Control Protocol (TCP)".
44dc58c211bb1352cd020643a92ef5268a0eb859d3199842caa9f1cd57484e42
Whitepaper called From Boot to Remote Root - How I owned the network.
1a588e4d805936eee393c484afd2b76ff7c29819ab3cd06638e6d84686263080
Whitepaper called From Legal Frame Injection To Illegal Redirect.
1932efdcb260e088e8506743defaac5713b0bd721444bef458f897c63e340921
Gentoo Linux Security Advisory GLSA 200902-04 - An error in the processing of special sequences in xterm may lead to arbitrary commands execution. Paul Szabo reported an insufficient input sanitization when processing Device Control Request Status String (DECRQSS) sequences. Versions less than 239 are affected.
0131e76876c7cebbb97deee77a4673733c286d37eb16cfe9f06ef660692c0383
Gentoo Linux Security Advisory GLSA 200902-03 - An untrusted search path vulnerability in Valgrind might result in the execution of arbitrary code. Tavis Ormandy reported that Valgrind loads a .valgrindrc file in the current working directory, executing commands specified there. Versions less than 3.4.0 are affected.
75a6bce8f765b9f7d40c28eb61f9aa4b9f47555fdf157d4e90dc3535d6589745
Gentoo Linux Security Advisory GLSA 200902-02 - An error in the OpenSSL certificate chain validation might allow for spoofing attacks. The Google Security Team reported that several functions incorrectly check the result after calling the EVP_VerifyFinal() function, allowing a malformed signature to be treated as a good signature rather than as an error. This issue affects the signature checks on DSA and ECDSA keys used with SSL/TLS. Versions less than 0.9.8j are affected.
f13499deaa027a65c3d9771c2e9479aff96cdfb004eaf1507e2bcfc5c18d1863
Baran CMS version 1.0 suffers from file upload, cross site scripting, SQL injection, cookie manipulation, and database disclosure vulnerabilities.
16990994f77c72a74621ea1b02449b8f745086850ed573d04fa0b2870c179533
Ubuntu Security Notice USN-720-1 - A significant amount of vulnerabilities in PHP 5 have been addressed. These range from security bypass to denial of service issues.
a31f39cf30e5eb073f9dc121d4e40f5b0fdbb62143587c9dc60669c009e7c708
Ubuntu Security Notice USN-719-1 - It was discovered that pam_krb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. Derek Chan discovered that pam_krb5 incorrectly handled refreshing existing credentials when used with setuid applications. A local attacker could exploit this to create or overwrite arbitrary files, and possibly gain root privileges.
ccb390c7c8ac7375711ca07de825f8151af54f882f27007ed7f3ab0cf68d877d
Free Joke Script version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d6352f23b9fb17c4781ca666437d2dbcc199aa6df4c5182fa275037261b460d3
Mandriva Linux Security Advisory 2009-036 - Multiple integer overflows exist in various versions of python. The updated Python packages have been patched to correct these issues.
4bc7c56b44f04c83e5be7c57de9017257d3056e21d5866a60447ee4c5deced03
PHP Krazy Image Host Script version 1.01 suffers from a remote SQL injection vulnerability in viewer.php.
68827498d8b9331f4ba810bbec89a9ad06716e07b2c8eb264c3d6c0df7b60775
Debian Security Advisory 1723-1 - Michael Brooks discovered that phpMyAdmin, a tool to administrate MySQL over the web, performs insufficient input sanitizing allowing a user assisted remote attacker to execute code on the webserver.
0ce8623c3eb2df117c5ee0aa0b3dbaa95f8eddf9d15ced49b7924312e3411fd2
Secunia Security Advisory - Debian has issued an update for libpam-krb5. This fixes some vulnerabilities, which can be exploited by malicious, local users to overwrite files and to gain escalated privileges.
4b308d431a19d6e32c51108994802e1e8f9a73d12f4ff8a2a4296f3e946b09b5
Secunia Security Advisory - david.vorel has reported a vulnerability in Trend Micro InterScan Web Security Suite and Trend Micro InterScan Web Security Virtual Appliance, which can be exploited by malicious people to disclose sensitive information.
1812723500b3c21417fcfae1d842739342aa0f9171fca401a25eef2313d30332
Secunia Security Advisory - A vulnerability has been reported in FAST ESP, which can be exploited by malicious people to conduct cross-site scripting attacks.
f0e7c8546070e69be689e0078b66547f4f8cceadc1f9c62f274c33353ba6fefe
Secunia Security Advisory - Dejan Levaja has reported a vulnerability in GeoVision Digital Video Surveillance System, which can be exploited by malicious people to disclose sensitive information.
c2238e0d3c0ab1e1929f842c865264c610291318ce49bfc0ecbc26945f49e569
Secunia Security Advisory - A vulnerability has been reported in Becky! Internet Mail, which can be exploited by malicious people to compromise a vulnerable system.
1f808fee7fa5f64a1f40d55ce1ea9830a74f8603ab192666158ab4f9de2a4485
Secunia Security Advisory - nuclear has reported a vulnerability in Den Dating Website Script, which can be exploited by malicious people to conduct SQL injection attacks.
1bacf5dcc9d1144bb80dd289bf21cb5a61de2ceba83cdc7acdbead2c5a770e7a
Secunia Security Advisory - x0r has discovered some vulnerabilities in Graugon Gallery, which can be exploited by malicious people to bypass certain security restrictions and conduct SQL injection attacks.
e1965ed6f356b0cb289d1b891aa98a680f5ff222250d2a6ce97a752e27f3cde0
Secunia Security Advisory - Two vulnerabilities have been reported in Calendarix Basic, which can be exploited by malicious people to conduct SQL injection attacks.
88bbc3f7defae3f866741ee8c1b55bd22cbb34586c5e10cab095aff0b50a02b1
Secunia Security Advisory - Jaykishan Nirmal has reported two vulnerabilities in Calendarix Advanced, which can be exploited by malicious people to conduct SQL injection attacks.
6e1046e4410f89ffbf7a545537779f1e89d9d88f3800b7787316b669e9c01495
Secunia Security Advisory - Justin C. Klein Keane has reported a vulnerability in the Advertisement module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
7ef4bd3679d8c6171e46107e8d0fdf2374908df45cba6a9b6d6429557084dc7c
Secunia Security Advisory - Debian has issued an update for phpmyadmin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site request forgery attacks.
07ab8fe2440aea08956e69550b25877ea6acf88224b6c580b13e82d6786ff988
Secunia Security Advisory - A security issue has been reported in Drupal, which can lead to unauthorised users performing actions with escalated privileges.
321127bcafd0197ef532fd9a4d0f52f299cde9193a3a3e9be1ddec4a795406b4