APBoard versions 2.2-r3 and below suffer from SQL injection flaws.
05852cf4c1e359d571a7b922513d58dd71932731d6cb56c98f928f530511ee6e
Mandriva Linux Security Advisory MDKSA-2006-103 - A flaw was discovered in the way that spamd processes the virtual POP usernames passed to it. If running with the --vpopmail and --paranoid flags, it is possible for a remote user with the ability to connect to the spamd daemon to execute arbitrary commands as the user running spamd.
62846606858a36bfd6e588f6bb7e34ed35413305cf7f226c0bbc093a93f2666c
Eprayer is susceptible to cross site scripting attacks.
379cb21e794c05d34a83fd0ec28b9f586ac6b6429c966bf25df9f24c21c337c0
Mandriva Linux Security Advisory MDKSA-2006-102- A buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in a sprintf call. Corporate Server 3 and Corporate Desktop 3 are not affected by this vulnerability as tiff2pdf was not part of the libtiff version shipped in those products.
b024cc19f30aa8f88c181c5f2adc746b46398e06f295932ad291235ccb9881ad
Mandriva Linux Security Advisory MDKSA-2006-101- A PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.
e715b5a25233aed653abcfd92cdcb5aa15bfb1fd29d434f904efdbad0b00084b
Setuid programs that are part of the iPlanet Messaging Server version 5.2 HotFix 1.16 try to read the configuration file msg.conf. If the environment variable CONFIGROOT is set, the configuration is read from that directory. A symlink attack is possible, and as a result it is possible to read the first line of any file with uid 0 privileges.
94e5f407bee15f4c3e6a69c53eb00a2486a4512d76f18261bc67b01b6568470b
Debian Security Advisory 1099-1 - Michael Marek discovered that the Horde web application framework performs insufficient input sanitising, which might lead to the injection of web script code through cross-site scripting.
3f8bf5fa359aa72394529808716b18c1d9594b801e2a1cbd48e30fa3bc567179
Debian Security Advisory 1098-1 - Michael Marek discovered that the Horde web application framework performs insufficient input sanitising, which might lead to the injection of web script code through cross-site scripting.
594bcc5844f41f265ae1caebc0bfb813fd6c7ae33c2d0228881bfac7176e9a12
Confixx versions 3 and below suffer from a cross site scripting flaw in ftp_index.php.
d761210d3ba620cb06194efcb4b722e28482a023b82b438e9ee8625607e7c97b
Ubuntu Security Notice 301-1 - Ludwig Nussel discovered that kdm managed the ~/.dmrc file in an insecure way. By performing a symlink attack, a local user could exploit this to read arbitrary files on the system, like private files of other users, /etc/shadow, and similarly sensitive data.
f22160a6ae8a12ea2e032bc8938369ef9366e3a3ba75d416124b6b6945c17e22
Ubuntu Security Notice 300-1 - libwv2 did not sufficiently check the validity of its input. Certain invalid Word documents caused a buffer overflow. By tricking a user into opening a specially crafted Word file with an application that uses libwv2, this could be exploited to execute arbitrary code with the user's privileges.
89a4a61a482386ae6b1a60f5a1c1ad6b3fa4982edeed5cfba9fc563774c3003a
FreeBSD Security Advisory - A suitably malformed multipart MIME message can cause sendmail to exceed predefined limits on its stack usage.
4c64110a3ce437e1fc236d7f09777c2a562a531cde1988c0e58a3141c21e6e8e
SUSE Security Announcement - The Mail Transfer Agent sendmail has a remotely exploitable problem, where a specially crafted MIME messages can crash sendmail and block queue processing.
106182506c5879f796a2b8dccaff8d7cb977dc8f6f56ad2d5cec909d08a39ec4
KDE Security Advisory - KDM allows the user to select the session type for login. This setting is permanently stored in the user home directory. By using a symlink attack, KDM can be tricked into allowing the user to read file content that would otherwise be unreadable to this particular user. This vulnerability was discovered and reported by Ludwig Nussel. Affected is KDM as shipped with KDE 3.2.0 up to including 3.5.3. KDE 3.1.x and older and newer versions than KDE 3.5.3 are not affected.
493de7dce7242b287dcc692387f2a132843559e38ab67417468d28a46688fab2
Debian Security Advisory 1097-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
b2de7ff95c97fb5e9c56933271b3f3e64183f2a8c738055da0c6cc07195cba22
Gentoo Linux Security Advisory GLSA 200606-16 - Stefan Esser discovered that the DokuWiki spell checker fails to properly sanitize PHP's complex curly syntax. Versions less than 20060309-r1 are affected.
a4ba599b227fcccf80325fc2a620663874eb896c9a13e3054c442b1edc3b14c1
Gentoo Linux Security Advisory GLSA 200606-15 - Asterisk fails to properly check the length of truncated video frames in the IAX2 channel driver which results in a buffer overflow. Versions less than 1.0.11_p1 are affected.
94dc89ea3317fcef2238454e7d5d5767e2edea94c9f4a35b5d4640d60aef13ab
ISPConfig version 2.2.3 suffers from a file inclusion vulnerability.
0ce51a0eb669a71280121c993647ac850f69808abd774582659f13f3d677703b
PhpBlueDragon CMS version 2.9.1 suffers from a file inclusion vulnerability.
f226641ed0cdc748c98884ae86130291b073a22e86a98e35d0d15d5a3868a57d
Confixx versions 3 and below suffer from a cross site scripting flaw.
416602b2fc35e1209ba70ad3b015b6ae5c73a54501b3d33d181d051f0cc2f7cb
Secunia Research has discovered some vulnerabilities in DeluxeBB version 1.06, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
dabd3850dcb181b78f640f41286930158f735aa2641bb4e983e057e7c47f4b6b
Secunia Research has discovered two vulnerabilities in CMS Mundo version 1.0 build 007, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
c01cb438a40a860be28eb49b660964a6dcff479b929e888513af815a54a05093
2nd European Conference on Computer Network Defense (EC2ND) Call For Papers - The 2nd European Conference on Computer Network Defense will take place in December 2006 at the School of Computing, University of Glamorgan. The theme of the conference is the protection of computer networks. The conference will draw participants from national and international organizations. The conference will comprise a number of tracks arranged according to the submissions received and interests expressed.
38e7325fc64d45b2068d188ef5892fa2fe1355aec6aa2f6fd8dc91297ba8c2b0
Fusion Polls appear susceptible to a remote file inclusion vulnerability.
af93cf06eda76a432315aa3099e690d6e7c84d0eba78e8d0f721ec74c2fdf9c3
Flipper Poll appears susceptible to a remote file inclusion vulnerability.
04229de12551782a016af68f8f9974891169c87d25eceede02fc3456b27a1f3d