LetoDMS versions 1.7.2 and below suffer from cross site request forgery and local file inclusion vulnerabilities.
c9b6e49cdbd9d24344a2e48a4b49a02dfc63f27df1f1c9790f6bea3a57ed26ab
VUPEN Vulnerability Research Team discovered a critical vulnerability affecting Adobe Acrobat and Reader. This vulnerability is caused by an integer overflow error in the U3D module when processing malformed data, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document. Versions 9.2 and below are affected.
1aa7c92056fdf6a92efa15fd83bcd82f7d102180f06fa7e2c1d656f2e3562927
Mandriva Linux Security Advisory 2010-009 - The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. The updated packages have been patched to correct this issue.
d1aeec67eec6887d76ca8f55deb110bf96caf2a2d7dc196f59f2420f47db0f9a
The Joomla Uploader component suffers from a shell upload vulnerability.
e7a8ed914533ab8f44032d020abc9b1b5b343b92089b00cef55695849f9bd0db
Testlink TestManagement and Execution System suffers from directory traversal vulnerabilities.
83f339bed5abb1597662d74924888afa7fdc10c709333f7bf52d46be82a6cbe1
Testlink TestManagement and Execution System suffers from cross site scripting vulnerabilities.
8a208e2fc273c56399bdd1d85eaf21d90d1e06ad4d3f4357aba6e056b9c2bfd1
AthCon IT 2010 Call For Papers - This year the conference will take place in the Jockey's Country Club in Athens, Greece from June 3rd through the 4th, 2010.
aead2e21aa94d19811388ae9a86da1994a771a8921eb3a3aefcd6378e27670e1
Funk Gallery suffers from a cross site scripting vulnerability.
2693d7cb467c2c79d91050cdd91539afa12a10c282b339895ea1a798f93e07a0
Mandriva Linux Security Advisory 2010-008 - The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.
c5438a6562ebbc112246d9acf0442254a06cf7b21ae5ccf722fd2dc399400237
This is a whitepaper called Packet Sniffing. Written in Persian.
28f05e70d4182aed3be7382328c2b3298d5cea3b1f552305a53bab3386bf7486
Mandriva Linux Security Advisory 2010-007 - The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465. The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. The updated packages have been patched to correct these issues.
a5e30a5cb2e7c44e5f7ca9485bed9a3fcf2dedcd62d54e21bee5b2d8140cdbab
Microsoft Animated Cursor .ANI buffer overflow exploit written in Perl.Works on Windows XP SP2.
43aede19b0ac28f7f9411fea3b80041598e5233b0d8a97c97ff5aec340e5f6f5
OtsTurntables Free version 1.00.047 SEH overwrite exploit that generates a malicious .ofl file.
a7fdaa109e8fe81be46cdfcc3fb8311010c5f4907dea08453866bcf33b38e502
Micrologix 1100 and 1400 controllers suffer from multiple vulnerabilities that allow unauthorized control of the PLC. Details of these vulnerabilities will be disclosed only to legitimate parties such as asset owners (utilities), after receiving the approval of the local CERT or any other local official entity.
488ad569c5cecbf68d458ed4c08071d485ed70de51bbe59a8bd1260aa745c3cb
Surge FTP's administrative web interface suffers from an Apache Tomcat 5.5.26 directory traversal vulnerability.
5aa049891604b9dfa07b7722c2d65d120db87b6fa8bce970aa60b60c0e9d479d
43 bytes small Linux/x86 MBR overwrite code that hits /dev/sda with LOL!
d5781e68ae3254e63aa024d28c5fa3b8bb4003a050b6fe75afadc434a7289359