Secunia Security Advisory - A weakness has been reported in Dropbear SSH Server, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
e4aa1525c65da37d5e8e7f591329764f8a3cb268f37b23e366566257a2ac4b98
Secunia Security Advisory - pcps has discovered some vulnerabilities in Barracuda Directory, which can be exploited by malicious people to conduct script insertion attacks.
6038d0c874fa97150e36f0f48a8abd775474978548877ce1147925fdf2f88adf
Secunia Security Advisory - SUSE has issued an update for gpg / liby2util. This fixes a security issue, which potentially can be exploited by malicious people to bypass certain security restrictions.
afdbbfe561a4939c2e617c70e7e5b50f98583a1626568252742ffd5e406bccb3
Secunia Security Advisory - Gentoo has issued an update for openssh / dropbear. This fixes a weakness, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
a865d132fb5cedf9d64c9264d1de7c30c0bf0543b5a28636aeaf4e4d3b27d607
SUSE Security Announcement - With certain handcraftable signatures GPG was returning a 0 (valid signature) when used on command-line with option --verify. This only affects GPG version 1.4.x, so it only affects SUSE Linux 9.3 and 10.0. Other SUSE Linux versions are not affected. This could make automated checkers, like for instance the patch file verification checker of the YaST Online Update, pass malicious patch files as correct.
dbcd94580d937c8fdef6ffd158eb912f1108bcb0aa65778e07df99b105d01d9b
waraxe-2006-SA#046 - Critical sql injection in phpNuke 7.5-7.8.
43f0203754f8d406a0dd9aedc02d23f9f6a6a4ab3cf5967be7327fc3758c30ef
waraxe-2006-SA#045 - Bypassing CAPTCHA in phpNuke 6.x-7.9.
607f522e8c5193af13594323a0c45bce281f42ea9b760d1ae3cd0646ee366cb0
Secunia Research has discovered a vulnerability in NJStar Word Processor, which can be exploited by malicious people to compromise a user's system.
f61370fbbebc0b233634c48add43e1717d790ddf432d0c18c9d602041c886b71
OpenPKG Security Advisory - An allocation off-by-one bug exists in the TIN [1] news reader version 1.8.0 and earlier which can lead to a buffer overflow.
64e27cc817d51c76569266a91682b2158159cd0d6564041947d43eeeac5e2676
OpenPKG Security Advisory - According to vendor security information [0], privilege escalation vulnerabilities exist in the PostgreSQL RDBMS [1] before version 8.1.3. The bug allowed any logged-in user to "SET ROLE" to any other database user id. Due to inadequate validity checking, a user could exploit the special case that "SET ROLE" normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example.
c40cab37f34f78513b56727208269fd48812b531d971509e3a808ace7e30a5b9
Magic Calendar Lite suffers from an authentication bypass vulnerability.
6682f06fe6b89ff05adb4eea45cfea38d405f94dd88ecd9d3ecc03a73a4eb702
TTS Software Time Tracking Software suffers from multiple vulnerabilities including XSS and SQL injection.
92b023be3b6678e1268a8ca48e3f664fac208f949fa14b224f3ed1e3c05f0ac8
CALimba suffers from an authentication bypass vulnerability.
0495f9484c0b6d6baf8930666f3414bde78582337f38b55f25d0320a570add42
PHP/MYSQL Timesheet suffers from multiple SQL injection vulnerabilities.
62a2a25c114d4ea7c4b1d95d6e4d484bfc89df8c72f9a056973523be384bac0e
Scriptme SmE GB Host suffers from an authentication bypass vulnerability.
f02c790b64c7675d20ff20e89902eec2bb8ca5ec5b8ce281d347eb210a5b96ab
Scriptme products "SmE GB Host" and "SmE Blog Host" suffer from arbitrary script code insertion in the BBcode [url] tag.
19a3fa43bdd0dfcc8ede4249507fe15db1e263755f93bc20dab6246118b230f8
Siteframe Beaumont 5.0.1a suffers from a flaw that allows a remote cross site scripting attack.
902ce8c37a6cd6f61a009656c9b99f43f27775b39c8b08fd6f93a2235da6445f
PHPKit v.1.6.1 release 2 remote code execution exploit.
40dbfa7d4e7c88faa8ef13dedd9f663f5ef67c0a942f8de03bcbc553a30bc228
Winamp versions up to and including 5.13 suffer from a .m3u buffer overflow vulnerability
e4574457d5bc6b9d0f12e56864b885fce741a0f53c0a098bee785a94b91de1db
It is possible to crash the web interface on a D-Link DWL-G700AP by sending it a simple GET request. POC included.
b871451dc09aa313045fd79f0f175a1b7c4a71df8e6f5fc1ed298a782aff19be
RUNCMS version 1.3a is vulnerable to SQL injection due to improper user input sanitization. POC included.
14e347c720be0a14ec4ca360bd0bd757032c17d4c6cd0582b2fb62fc3c809842
It is possible to gain administrative access on Kyocera 3830 printers by using telnet.
7aeebf751b381ae2252541ba8745ebca6d719e929fef24288eb300f0b88b85f5
XOR Crew :: Security Advisory - Wimpy MP3 Player - Text file overwrite. (lame)
7bc198a85e597e1c0f111b55aa7529eb074c38e39cb28d54200295c1ae6ffcc2
XOR Crew :: Security Advisory - HostAdmin - Remote Command Execution Vulnerability. POC Included.
6219a1cce7396fca0cafffc2189eae721c467e8a9b1cdbcee1b4eaa027860189
XOR Crew :: Security Advisory - Web Calendar Pro - Denial of Service SQL injection (lame). POC included.
e2061819fde5f3990cc88175624322611b1af03da0aa806de4d7cf4c4d151ff8