The NCP VPN/PKI client version 8.11 Build 146 is susceptible to local privilege escalation and denial of service attacks.
5c13a105224920a1c8a00b498f7b74baef8dc35f45afc18cdf36abd56dec10f7
Leif M. Wright's Blog version 3.5 is susceptible to information disclosure, authentication bypass, code execution, and cross site scripting flaws. Exploit details provided.
f39ddb0473140f0584760e53110a3ed5d4f6b2109e11e0b117609ca692e20054
Secunia Research has discovered a vulnerability in NetworkActiv Web Server, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to a validation error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files (e.g. PHP) from the server via specially-crafted requests containing the forward slash character. Version affected: NetworkActiv Web Server 3.5.15. Other versions may also be affected.
52e88db2fb22c4e141e5ac87318e8208574eeb0aa901289e10c84b42977dfb96
Secunia Research has discovered a vulnerability in Lighttpd, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to a validation error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files (e.g. PHP) from the server via specially-crafted requests containing dot and space characters. Version affected: Lighttpd version 1.4.10 for Windows. Other versions may also be affected.
f541f5d5728b7ae7a29ce41a78bd2c56a5c35ff8240f2378ff1d1465c65dc7b6
FreeBSD Security Advisory FreeBSD-SA-06:10.nfs - A part of the NFS server code charged with handling incoming RPC messages via TCP had an error which, when the server received a message with a zero-length payload, would cause a NULL pointer dereference which results in a kernel panic. The kernel will only process the RPC messages if a userland nfsd daemon is running.
8712b0c54e6195379a38f208914e6b31aecb2b2ca2355a6a67d8db63219f7a5e
FreeBSD Security Advisory FreeBSD-SA-06:09.openssh - Because OpenSSH and OpenPAM have conflicting designs (one is event-driven while the other is callback-driven), it is necessary for OpenSSH to fork a child process to handle calls to the PAM framework. However, if the unprivileged child terminates while PAM authentication is under way, the parent process incorrectly believes that the PAM child also terminated. The parent process then terminates, and the PAM child is left behind. Due to the way OpenSSH performs internal accounting, these orphaned PAM children are counted as pending connections by the master OpenSSH server process. Once a certain number of orphans has accumulated, the master decides that it is overloaded and stops accepting client connections.
012cb667b2bae94ec1b414c8de659b5091c2732abdfc4cd748a4a6a9557830cd
SAP Web Application Server was found to be vulnerable to an URL manipulation allowing an attacker to prefix the http response to a request containing a manipulated URL with a sequence of bytes of their choice.
359c095584bb339416e6802a90d60c8596b49b1d7998abf7f1d7ee2d1ce24614