The Call For Papers for nullcon Dwitiya 2.0 is now open. It takes place February 25th through the 26th, 2011 in Goa, India.
b0a68dad0c43f4a90db1153af267e08b5bc3792485889e4033b571b8cb1859b1
Amiro.CMS version 5.8.4.0 suffers from a stored cross site scripting vulnerability.
74f56cde8773e15f0da9a0fdd54f622eb86171e0a7d49156ac70bffa896c3fa9
Whitepaper called Advanced XSS. Written in Arabic.
27ff3ff533fcf59d69798f9e25bec084facf7341830b8bd2962ff1a1e09bef64
Month Of Abysssec Undisclosed Bugs - Cpanel suffers from a PHP restriction bypass vulnerability. Versions 11.25 and below are affected.
a26084126a9982ba0657cefa5e9e38ae8efa4456c48fda461e921073ce7fd604
Month Of Abysssec Undisclosed Bugs - Adobe Acrobat Reader and Flash Player suffer from a "newclass" invalid pointer vulnerability.
e7aaf1734389e0c5d88406c170e909b6f66c0ed081c93cf0c5473f4cf0889acd
Mandriva Linux Security Advisory 2010-168 - Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service and possibly execute some sources refer to this as a use-after-free issue. The updated packages have been patched to correct this issue.
531f346cdb1818f62c1356d23aa1e495cb1f0b99540d9a6b27de46d7270456b7
LEADTOOLS version 16.5.0.2 suffers from buffer overflow, integer overflow and denial of service vulnerabilities related to Active-X Common Dialogs.
dfa7d8e1d37bb018b4f9c4c73d5ddde7edee027e7ee6c5693155ab62354e1a23
cPanel Customer Portal suffers from a cross site scripting vulnerability.
eeb8b19165ddeb321bde8f15701aabe93440d4f1f190d74002980c83bbcfd863
TFTP Desktop version 2.5 suffers from a directory traversal vulnerability.
0fba52121f139f361783100a4e7602e6739c3d372cec5c7ce4e052c5324029fe
TFTPDWIN version 0.4.2 suffers from a directory traversal vulnerability.
6b25596cb5f2b7dc11c07f6c696f52e039cebe0da74ac55862020b1ad4889478
The parental controls built into the Mac OS X Mail client can be easily bypassed by anyone who knows the email address of the child and his/her parent.
2cea0d1de0854cd9bb8d264fbcd69773f9c4ef72a630259446ef50733e64ab09
Autodesk MapGuide Viewer version 6.5 suffers from an Active-X related overflow vulnerability in MGAXCTRL.DLL.
b80514466ac4b3172c33af964fa09b1de9d10ee0d597300d79654121f85f1056
Month Of Abysssec Undisclosed Bugs - Adobe Acrobat Reader and Flash Player suffer from a "newclass" invalid pointer vulnerability.
2c5508855b6a5b095407a8976a6b33acc009bc84c8d18e7cd0219d6ad166701d
Month Of Abysssec Undisclosed Bugs - Cpanel suffers from a PHP restriction bypass vulnerability. Versions 11.25 and below are affected.
15ac610db469eca7fe8c7db15b851aa5217c6f66ee1ef5ec52d850f432f47652
PHP Joke Site Software suffers from a remote SQL injection vulnerability.
de20191176e99e46861714fa633063794d8ded8bca383f5995c43fd1be11d9dd
Dompdf version 0.6.0 Beta 1 suffers from a remote file inclusion vulnerability.
2218cfea1ceb392cf608c46b39de7b57c0e5dfaee5402717114037c1b622a335
mBlogger version 1.0.04 remote SQL injection exploit that leverages viewpost.php.
ad67f65f9d7f20b832968beda4d86a419dbd6063e6ed35fa169828ffb2369b3e
This archive contains all of the 422 exploits added to Packet Storm in August, 2010.
697596a1adba8b6c24da7982ffa1b21cd6105089749948577f269282aac6534f
dBpowerAMP Audio Player local buffer overflow exploit (EDI overwrite method used).
b12353ad095517fa0af0fc25a33dc1565f78f2a751f623553b119e82e88733c3
ArtGK CMS suffers from cross site scripting vulnerabilities.
0231b6425a3271ac2e4f61e30a147eb0f5fc3506c599e37b14c2f2d4c373b4b0
Rooted CON 2011 Call For Papers - Rooted CON is a security congress which will be held in Madrid (Spain) from 3 to 5 March 2011, whose spectrum of participants ranging from students to state forces and secret services, through professionals of the security market, lawyers, or even technology enthusiasts (and others).
34ad1fb3e6b235be357925dcffb1f3b061badda3fb3a06196981b8c6c180de97
Rumba CMS version 2.4 suffers from cross site scripting vulnerabilities.
311de6cac54f7bab762a97eb36d239fec0233fcfb575a49bcfe079655bffeeff
VMware Security Advisory - The service console package cpio is updated to version 2.5-6.RHEL3. The service console package tar is updated to version 1.13.25-16.RHEL3. The service console packages for samba are updated to version samba-3.0.9-1.3E.17vmw, samba-client-3.0.9-1.3E.17vmw and samba-common-3.0.9-1.3E.17vmw. The service console package krb5 is updated to version 1.2.7-72. The service console package perl is updated to version 5.8.0-101.EL3.
d9f282f0d9f5fec35a2bbedbc199700f42e61ad6e7d07ff47128d015784fd210
Gawker suffered from a local file inclusion vulnerability.
cb4daf7920c54b3e8b44ef31f3d8a8858f7d33f1ebd9013589f21fd2ad442543
Mandriva Linux Security Advisory 2010-167 - lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a. character, which allows remote servers to create or overwrite files via a 3xx redirect to a URL with a crafted filename or a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
74795e4d17810b910f6c05d27cb6c8f960f3cfee14bfdfcc1271393daac67a27