Hustle Labs Advisory - There is an integer overflow present that affects Novell Windows clients and Novell Netware server and Novell Open Enterprise server. All versions of Novell Netware and Novell Netware Client for Windows are affected. All Netware based versions of Novell Open Enterprise Server are affected. Detailed analysis provided.
435daa5ce9ab016eefbb6be70ac9be842be30a1b33f6b52faa8e122246865e00
CYBSEC Security Advisory - SAP BC was found to allow reading and deleting any file from the file system to which the user that the SAP BC is running as had access. The vulnerability is present in the Monitoring functionality of the SAP Adapter. Versions affected are SAP BC 4.6 and 4.7.
c8bc6a731b2ebaef23b185c3f666d7668b9b2e2c18e43dca79c563367958356d
CYBSEC Security Advisory - SAP BC was found to provide a vector to allow Phishing scams against the SAP BC administrator. Affected versions are SAP BC Core Fix 7 and below.
e4688a58b3fc3a976f7bd7797de8dc2f0af5aefdbd7c421d0bc8ed09af417d40
SDC, or Self Decrypting Binary Generator, creates self decrypting binaries for common operating systems and architectures. The target file is encrypted using Blowfish in Cipher text Feedback Mode (CFB) and appended to an executable which reads itself and attempts to decrypt the appended data when it is run. Targets: Linux x86 (ELF), Windows x86 (PE-COFF), OpenBSD x86 (ELF), OpenBSD arm (ELF), OpenBSD sparc64 (ELF), FreeBSD x86 (ELF), NetBSD x86 (ELF), Solaris sparc (ELF).
f8223b21d9e0665d1c51a15c3ff8648c9be5ab04838d19b5a89c5059b1b40aff
Secunia Research has discovered a vulnerability in FilZip, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in UNACEV2.DLL when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user extracts a specially crafted ACE archive. Version 3.04 is affected. Earlier versions may also be affected.
3ea41b8aba7ca95bd8dfdd303738878ce172f63b3e466ee5588ce610127fef88
Gawab.com mail services portal system is susceptible to cross site scripting attacks.
d8d7d2ef54d3c3fcb6986599329310e4567a2a699d9d65bf0bf71f7357ff19af
RealVNC version 4.1.1 suffers from a remote compromise flaw due to handing authentication duties client-side.
575d4d8012ea1b81a7f308b1adc4ab1ccdb5101261007d38109f509b506a41f0
Azboard versions 1.0 and below suffer from multiple SQL injection flaws.
33476bf6f7b838cc5ee3c6c04715ba5a2b1e936850c0edfb6d4eadfa6072ddab
Sugar Suite Open Source versions 4.2 and below "OptimisticLock!" arbitrary remote inclusion exploit.
77e5dd9f28c3e01dc8a9868b7af02e63e8cf2b18767c50b305a2f5ddce4b4526
ClamAV freshclam suffers from an incorrect privilege dropping vulnerability.
d99dfdbc0180fa1f1ace658b029461b9473dd08a3bfa42d4a2b470b5aa3e3137
Squirrelcart versions 2.2.0 and below suffer from a remote file inclusion vulnerability.
8721a30af3435fc7a848a6b4dd09d748c70ca04d671f8fd033779791d626f305
32 byte execve() shellcode with 'fuck up disasm' ability.
ad2250ea9791a84a522c61851997606eabe8ac44ff645a9b816167d06cf67db5
Proof of concept exploit for freeSSHd version 1.0.9 that binds a shell to tcp/1977.
70e91e619f7b15419f449c464f030d79ebef4b1c68ffdba75c776fc7981ec059
FreeTextBox and FCKEditor Basic Toolbar Selection suffers from multiple cross site scripting issues.
347fc292d33982b168fe1dbe0532a4493cac2665e27361070444c1d7786872fb
RadLance Gold version 7 suffers from a local inclusion vulnerability.
1317884f3ad234638251154450f85c9f4baa3c399e07ae6ec445aa549df2bc6e
It appears that a slew of various programs written in PHP suffer from full path disclosure issues.
57ab05eb50aeb458e9fab1a25a559ad1ce839d9d3d6bec5ae4da8a5dc1d3dfd2
A vulnerability exists in the PHP Apache SPI POST parsing code.
981a73c9bda4da413d07f9fef5fdd5da85ad7f6ec1508d8507992215953bbebc
Technical Cyber Security Alert TA06-132A - Apple has released Security Update 2006-003 to correct multiple vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web browser, Mail, and other products. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities include bypassing security restrictions and denial of service.
4f2ec34f941fe093f4e56ef2b2f7d31e9e3d5da629419a3a2ea771f892859abe
phpBB versions 2.0.20 and below Admin/Restore Database/default_lang remote command execution exploit.
f9d3921b88b7d38f8dd1c86e993db4423b760341e44259693d4238be5f419d4c
GPhotos versions 1.5 and below suffer from directory traversal and cross site scripting flaws.
8e74a3bed766b60506f332590b45275a84e907067d59eb2a1a674d844971a4c2
e107 CMS versions 0.7.2 and below suffer from a SQL injection vulnerability during cookie processing.
8617e73ab061bd89bab2169af72c7e7eb60ddb9639bee6f4faabd4c73f32e1fe
GNUnet version 0.7.0d and below suffer from a UDP socket unreachable flaw that results in a denial of service condition.
2bb144fa16a61427cce5ae975b2f613cd351f32f24b474dffcf65e9fc815cea0
Proof of concept exploit for Outgun versions 1.0.3 bot 2 and below which suffer from various flaws including a buffer overflow and invalid memory access.
7a9a16557778b5a2514c31944464e80e5a3a2e6dd3eb46139194396fec182790
Outgun versions 1.0.3 bot 2 and below suffer from various flaws including a buffer overflow and invalid memory access.
888fe151c69e0efbea95463d4b550ba2d5c4fa1b28a59390851de2a778457f75
Proof of concept denial of service exploit for Empire versions 4.3.2 and below.
6f63e140ff96ace0628fbc5d6fde47faebc2d5850ca341f96461aaa8fb23b72e