Secunia Security Advisory - luny has reported some vulnerabilities in Pre Shopping Mall, which can be exploited by malicious people to conduct SQL injection attacks.
fd9ef0f9fc0377aa654ccc0c7db03e7a6fd7fa069c913fca98793e8e89f072fc
Secunia Security Advisory - luny has reported a vulnerability in CMS Mundo, which can be exploited by malicious people to conduct cross-site scripting attacks.
76a1ae4defb950562e439bdfd6391a47a7ed29122565c652696b7cb3232a05e6
Secunia Security Advisory - beford has discovered a vulnerability in V-webmail, which can be exploited by malicious people to compromise a vulnerable system.
3c9cfbf4abd4b99b87e728e218e119d9e8218a9926b0cbe926f8e24195f6e656
Secunia Security Advisory - beford has discovered some vulnerabilities in DoceboLMS, which can be exploited by malicious people to compromise a vulnerable system.
4500dcb77866c1a7de12747fe0e18e8c32e9735cff6619e4c588485055e999b1
Secunia Security Advisory - Kacper has discovered some vulnerabilities in ActionApps, which can be exploited by malicious people to compromise a vulnerable system.
b17c34a3af7bda0b712055576c7675b94883668287aa2101187cade526eb8268
Secunia Security Advisory - str0ke has discovered some vulnerabilities in Basic Analysis and Security Engine, which can be exploited by malicious people to compromise a vulnerable system.
db5b24e656a549fb1f79a921e6e123b06184d198f746e4de7c0445a4ccd733f1
Secunia Security Advisory - Kacper has discovered a vulnerability in the open-medium.CMS, which can be exploited by malicious people to compromise a vulnerable system.
9080e8ddfe85c07d391a26b8eecf5fa607b6ac8d644c2c11ea4333ccd7fe2fea
Secunia Security Advisory - Jeroen van Wolffelaar has reported a vulnerability in Open OBEX, which can be exploited by malicious people to manipulate certain data on a user's system.
fbbfdd35cf079d480951ef9fe57094d860b5c075c258d91238967d657d5dd2f7
Secunia Security Advisory - A vulnerability has been reported in MailManager, which potentially can be exploited by malicious people to conduct SQL injection attacks.
a24909e482facad647997d5c4c38f1376eca9a2b7d847e36d9ea7ea22c1ece96
Debian Security Advisory 1074-1: A. Alejandro Hern
c950d477246aaa1411c089a7a5b99ff8faefe7443b45e1fd76bf6da9d7dc9eb1
Mandriva Linux Security Advisory MDKSA-2006-091: An integer overflow in the wordwrap() function could allow attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, triggering a heap-based buffer overflow
7846d4113e359dc33b8a3da153d6ea6409c1d5bc10c1bd418403985c197e23f3
Mandriva Linux Security Advisory MDKSA-2006-090: A potential security problem was found in the useradd tool when it creates a new user's mailbox due to a missing argument to the open() call, resulting in the first permissions of the file being some random garbage found on the stack, which could possibly be held open for reading or writing before the proper fchmod() call is executed.
33a87576086a09cc18f57d738a69d4cc0de63725b8f8554b6cf14ec4865fdcb0
Mandriva Linux Security Advisory MDKSA-2006-089: Kphone creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords.
21ee06562d8588a70a2a0faef8341156f9548fe79f75c66f69cc10aaca1db028
Mandriva Linux Security Advisory MDKSA-2006-088: Hostapd 0.3.7 allows remote attackers to cause a denial of service (segmentation fault) via an unspecified value in the key_data_length field of an EAPoL frame.
33fe48ff6bbf0c8125375e2a2b59eebdcff559f7f4508a091b094775e0c85b83
Mandriva Linux Security Advisory MDKSA-2006-087: Memory corruption can be triggered remotely when the ip_nat_snmp_basic module is loaded and traffic on port 161 or 162 is NATed.
c7e3fc6f5f7ef2859ce7d6bc006856a8c1c6c8f2cb6b21697f9761e244d6129a
HPSBUX02114 SSRT061115 rev.1 - HP-UX Running Software Distributor Local Elevation of Privilege
c0a4c15fa178f2550342cc8ce4b768373160c43634bbe732e9e6e440e2e0315a
HPSBMA02121 SSRT061157 rev.1 - HP OpenView Storage Data Protector Remote Arbitrary Command Execution
5e37ca123f364566ca21d2851cfbeacc981524b30152484d8767fdc2b1c60aa2
HPSBUX02075 SSRT051074 rev.5 - HP-UX Running xterm Local Unauthorized Access
531b2e434c34aa85548a21c86b70e34a6eee3f8d26e23578a32f04b0269fa1ad
HPSBMA02098 SSRT5911 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access, Arbitrary Command Execution, Arbitrary File Creation
ff13eb6f569a7931ccdef20afd23cc3f2dfa54a6a6b5c316d2cf1b52ddd68692
Paper discussing new avenues of exploitation for OSX systems running on Intel hardware. Details ways to execute code despite the NX bit being present.
9d18fe12fe6c0f06eef46fae37e5f916eab293d3d1e3d6cb0c09d272fb631603
OpenPKG Security Advisory OpenPKG-SA-2006.008: According to a Secunia security advisory [0], a weakness exists in OpenLDAP [1] which is caused due to a boundary error in slurpd(8) within the handling of the status file. This can be exploited to cause a stack-based buffer overflow via an overly long hostname read from the status file. The weakness has been reported to be in OpenLDAP version 2.3.21 and earlier.
35b2c6e9172d541f87ce454adf0ccdedf773c8a13b249e3d6998f0e996d82829
Kaspersky antivirus 6 and Kaspersky internet security 6 suffer from a vulnerability due to HTTP parsing errors in the HTTP monitor that could allow malicious software on the local computer to bypass the HTTP virus monitor.
268c19c0cb19f78740cd72d2a95993b7c5094298ce1e62a50f86ff0573425201
Paper discussing the Stakkato intrusions which ultimately resulted in the theft of IOS source code released by one of the affected sites detailing how they caught stakkato.
f12d9a771f93e172c82d0cf8c134be8d0542594beb3ee7913f2f44001af575f3
If the Netgear WGR614 Cable/DSL Wireless Router is configured to backup configuration settings, the device will store various information in cleartext. Accessing this file could allow an attacker to obtain sensitive information which could aid the attacker in compromising the web administration interface of the device, DSL/cable account passwords etc.
9cfbd8d261b1cb15794d7cc39039afff53588ee685db3d47a76a4b7e215c8f43
The default screen saver in Windows XP and Windows 2003 Server runs as a system process. Thus if a malicious person changes logon.scr to cmd.exe or explorer.exe they can take control of the system when the screen saver runs. POC exploit included.
9e05af997c3f8dc90610177e1645b1cbb30384da557ca3ff72d1e3a6861247a5