CompactCMS version 1.4.1 suffers from a remote SQL injection vulnerability.
0aae9c39dbe4e9932062fbd4f582ab7adcd21a2614b9791220cc11dffd746189
Zero Day Initiative Advisory 10-252 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support for a component within the SIZ marker in a JPEG 2000 image. When the component contains a malicious value, the application will add a corrupted object to a queue of data which will be processed by the Component Manager's JP2 decompressor. Later when attempting to decompress this data, the application will use the corrupted object. This can lead to code execution under the context of the application.
2f588dbb6899ad3e253001a14e3ed363f6e46d4eda11f8289acaf22cee93bdee
This is the Cisco Product Security Incident Response Team (PSIRT) response to a posting entitled "Cisco Unified Videoconferencing multiple vulnerabilities" by Florent Daigniere of Matta Consulting regarding vulnerabilities in the Cisco Unified Videoconferencing (Cisco UVC) 5100 series products. Several of the vulnerabilities also impact Cisco Unified Videoconferencing 5200 and 3500 Series Products.
69ff03ff2b451e16c8342723ca698a082590a674746e6fb250333321452c49ba
WebRCSdiff version 0.9 suffers from a remote file inclusion vulnerability.
bf3cfc7a7901d32413def9013f50f085252bf69d3470e0051931b7d0cb78b928
Zero Day Initiative Advisory 10-251 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support for huffman tables within a flashpix file. By specifying an index larger than a particular value, a pointer will cease to get initialized. Later the application will use this pointer to as the destination in a copy operation. Successful exploitation will lead to code execution under the context of the application.
b572a2e8d78a4f466a08b3ac02f903f7e889a6396d757dd6dbf73752f4a5d50d
SAP XRFC version 6.40 and 7.00 suffers from a stack overflow vulnerability.
9b8e7b9a5adb907ede97829d87b64a1087018e9595e7e83781a56c9d2180bf3a
The SAP NetWeaver administrator panel from ECC version 6.0 suffers from cross site scripting vulnerabilities.
3d805721f30788cc734b4cca6025ed61f899f4240facd6d677bd99feb4a472b9
IceBB version 1.0-rc10 suffers from information disclosure and remote SQL injection vulnerabilities.
4154648b228af08be3aa2e468d9bb83b49c1495619524edd3be11f3ed3206b6d
Zero Day Initiative Advisory 10-250 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing rec chunks within an AVI media file. By modifying specific values within the data structure a heap corruption condition can be triggered. An attacker can abuse this to execute arbitrary code under the context of the user running QuickTime.
e82baa6e732f9c0d4f22b195f8a8ec9d5a7bc0a42d9cc0ffd5eeccd6a35f4812
Zero Day Initiative Advisory 10-249 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way QuickTime decompresses video samples that are encoded with the Sorenson v3 Codec. Upon parsing malformed video sample data, the application will calculate an index for decompression and use that to seek into a buffer used for writing. Due to lack of bounds checking on the index, a pointer can be made to point outside of the target array. Upon writing of the data a memory corruption will occur. Successful exploitation can lead to code execution under the context of the application.
7a76209d14c4e8dcd8ad0dee783cf9f4bea01ebaf939d4e1fbaa2c363885a0c3
AWCM version 2.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
c3dbab4a192a3d40470d5d16457409c6eb685ed45bb3478f445cbebf6d3c30a1
Topics for this issue include database protocol exploits being explained, measuring web application security coverage, combating the changing nature of online fraud, and much more.
4f2d4bc104ae0632e16b20da43c4185ac5fb86ed068817c6e9e5e52ae884df94
Secunia Security Advisory - Multiple vulnerabilities have been discovered in openEngine, which can be exploited by malicious people to conduct cross-site scripting attacks an disclose sensitive information.
a4f85e7bab83c6b6c427e81688bd42a5020327800071b5cf669b5ac136cae34d
Secunia Security Advisory - A security issue has been reported in Apache mod_fcgid module, which can be exploited by malicious, local users to potentially gain escalated privileges.
2117a7e79bc97d5cffe5dde91b96bde8b2ae0cac9375b68fa52d8043feac33d5
Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Commerce, which can be exploited by malicious users to conduct SQL injection attacks.
5d14c485af0f4a3cbd27643a70364595d4ea0bebcda7dd5972dcdeb14954349f
Secunia Security Advisory - Aung Khant has reported two vulnerabilities in Eclipse, which can be exploited by malicious people to conduct cross-site scripting attacks.
e5d00fe0d48c5c09ae316d86b661311c812afd6034661ed13eb83de1c29f7cfa
Secunia Security Advisory - Some vulnerabilities have been reported in IBM WebSphere Commerce, which can be exploited by malicious people to conduct cross-site scripting attacks.
6b4b66e8d54d6918891153f7eda0e5a9a7fd840481201bb996372d8cebcc3e1e
Secunia Security Advisory - A security issue has been reported in Mac OS X Server, which can be exploited by malicious users to gain knowledge of sensitive information.
933907f8481fce461d7f27ae2251d550c4698eee8536706deb6dc1720b01c080
Secunia Security Advisory - A vulnerability has been reported in HP LaserJet Printers, which can be exploited by malicious people to disclose potentially sensitive information.
650867058e289a62190aa6a460b9bef31f7d603f9bc62a8a38a4058a911ac680
Secunia Security Advisory - Multiple vulnerabilities have been reported in DServe, which can be exploited by malicious people to conduct cross-site scripting attacks.
c1a25e5cbcf39763ee4e3d2c2ee75fff61378649ccecab4b5fb738e837fcbcb3
Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Portal, which can be exploited by malicious people to conduct cross-site scripting attacks.
bfb279913b5c34b1f4b69472c16dac0319fac83de64db364de3efecbc6d45674
Secunia Security Advisory - A vulnerability has been discovered in Al-Furqan component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
983d1932981037fd601075d53382c661eef5adc5da38bb3cd757615a19b4f7c3
Secunia Security Advisory - Two vulnerabilities have been reported in NolaPro, which can be exploited by malicious users to conduct SQL injection attacks.
e8a57b3de6a6e5d7b713e7cd77db3de21ac9ebdca103942d76683ca1fcd5e1af
Secunia Security Advisory - A vulnerability has been reported in BPowerHouse BPAffiliateTracking, which can be exploited by malicious people to conduct SQL injection attacks.
be8dfb4f7a11537015ed026011907bff131f6e597eb4f84e401714dcf9268cf7
Secunia Security Advisory - A vulnerability has been reported in BPowerHouse BPDirectory, which can be exploited by malicious people to conduct SQL injection attacks.
6fb0d87a44cb09b83016a7ff29b35ff3389cf5c2b21d07354b237967df8cf979