First International Workshop on Secure Software Engineering (SecSE 2007) Call for Papers.
2bfa57ce7bd343c88882495b9896f757eef178639c647f79b910c58b9cb2782e
Mandriva Linux Security Advisory MDKSA-2006-185: PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
27310dbb424a82328878a8a04d0938cfacb946c37aaf529227e2013a5b42fa9a
Mandriva Linux Security Advisory MDKSA-2006-184: An integer overflow in previous versions of ClamAV could allow a remote attacker to cause a Denial of Service (scanning service crash) and execute arbitrary code via a Portable Executable (PE) file
d1647c09217ee19ffd00ef4cd78679c49763cacc27ad8fcb63b1f0f2ef15e4ec
Mandriva Linux Security Advisory MDKSA-2006-183: The libksba library, as used by gpgsm in the gnupg2 package, allows attackers to cause a denial of service (application crash) via a malformed X.509 certificate in a signature.
89388737d478054255c768917f7d3f889c8453673c1d4d5154fb5faaa60df9bd
Gentoo Linux Security Advisory GLSA 200610-07 - Benjamin C. Wiley Sittler discovered a buffer overflow in Python's repr() function when handling UTF-32/UCS-4 encoded strings. Versions less than 2.4.3-r4 are affected.
ac596868dad58edea552bff5a99dbd8cc23e71d559c966d538f47f81f90c04d1
Gentoo Linux Security Advisory GLSA 200610-07 - Benjamin C. Wiley Sittler discovered a buffer overflow in Python's repr() function when handling UTF-32/UCS-4 encoded strings. Versions less than 2.4.3-r4 are affected.
ac596868dad58edea552bff5a99dbd8cc23e71d559c966d538f47f81f90c04d1
Gentoo Linux Security Advisory GLSA 200610-06 - Daniel Bleichenbacher discovered that it might be possible to forge signatures signed by RSA keys with the exponent of 3. This affects a number of RSA signature implementations, including Mozilla's NSS. Versions less than 3.11.3 are affected.
8467e2d69de2dead809edaba47cd62e88698449b55d5a1bdbbadc2bf00278957
Gentoo Linux Security Advisory GLSA 200610-06 - Daniel Bleichenbacher discovered that it might be possible to forge signatures signed by RSA keys with the exponent of 3. This affects a number of RSA signature implementations, including Mozilla's NSS. Versions less than 3.11.3 are affected.
8467e2d69de2dead809edaba47cd62e88698449b55d5a1bdbbadc2bf00278957
Gentoo Linux Security Advisory GLSA 200610-05 - Lionel Elie Mamane discovered an error in c2faxrecv, which doesn't properly sanitize TSI strings when handling incoming calls. Versions less than 01.03.00.99.300.3-r1 are affected.
addce86269198abd40c0ab1d4f2e7687b612f3572ade85a8cd8d25fd7c0d2933
Gentoo Linux Security Advisory GLSA 200610-05 - Lionel Elie Mamane discovered an error in c2faxrecv, which doesn't properly sanitize TSI strings when handling incoming calls. Versions less than 01.03.00.99.300.3-r1 are affected.
addce86269198abd40c0ab1d4f2e7687b612f3572ade85a8cd8d25fd7c0d2933
iDefense Security Advisory 10.15.06 - Remote exploitation of a buffer overflow in Clam AntiVirus allows attackers to potentially execute arbitrary code or cause a denial of service condition.
0cf3ff834570bb0870efc83461018345771b50eac3ec31f7cb90635bc6c9de5e
iDefense Security Advisory 10.15.06: Remote exploitation of a input validation vulnerability in Clam AntiVirus's ClamAV could allow attackers to crash the virus scanning service.
4f5f9d658ff57dd1bf2eb543d1338bcc1d436e8341c777195ac3b359bdd7297a
GOOP Gallery versions prior to 2.0.3 suffer from a flaw that can allow cross site scripting attacks
a6dd6f0e60b3902048981724a29d35cd4d55349f9d854d574f891ce8e8d1386c
woltlab.de burning book 1.1.2 and prior SQL and PHP injection proof of concept exploit.
94745355d052b840f8260f53b1ec1a317a497ad5c00a2ad1d90a4cbdea28267d
Asbru HardCore Web Content Editor is vulnerable to a command injection attack vulnerability.
8faebc3ebb744f5e464d9397f86a2bc2f60595c5d0d533faeb33ab4b5e4f44e7
Paper describing the various methods and techniques of cross site reference forgery.
0d74b20fe311533c844750df4a40b17be780bbfc0f1cf786aac71f4e1b316276
The Netflix.com site was vulnerable to cross site request forgery, also known as hostile linking.
267eaaecfd060a68144a850cfc13065d946f90ad806b99d6c23163ab04dc84f4
AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client (and server) related technologies. The current release supports several browser based attacking techniques, simple but powerful JavaScript console and powerful attack channel and associated API for controlling zombies.
9eff982804aed2813db91db112a8fb122c40b8ebedb5503b2fe3ab2647c5cf14
vbulletin 3.5.4 Exploit-Toolbox v.0.1.1 - Three POC vbulletin exploits in one. Includes Install_path exploit, Xss vbulletin 3.5.x, and vBulletin 3.5.4 Flood Exploit.
4d3db6a4ee8b1f426686972d21c993c7756fb8a02d419960e16ab481aaef35b5
BlackICE PC Protection protects its files against manipulation by malicious software. Its critical files like its database of trusted applications or firewall configuration are protected. The list of protected files is stored in filelock.txt in the BlackICE installation directory. If this file is deleted files mentioned in filelock.txt are not protected any more and can be changed by malicious applications. The implemented protection allows malicious applications to delete this file using native API function ZwDeleteFile. This can result in a bypass of all BlackICE protection mechanisms because its internal components can be replaced with fake copies. The situation is even easier for the attacker because the component control fails to recognize fake components in BlackICE processes.
cccf062711f391ac57c883f94f44d73929b8862d2542aff36335459be2a9a18d
It was discovered that ViewVC is neither sending a charset HTTP header nor specifying a charset in the HTML body. Therefore it is possible to trick several browsers into decoding ViewVC pages UTF-7. This allows attackers to inject arbitrary UTF-7 encoded Java-Script code into the output.
430599acdacbbce3f42f21d0ef7c7cd3b6d41994b0d52b2919781634934a8348
bbsNew versions 2.0.1 and prior remote file inclusion exploit.
6b36d41e14d3831be2bb8a623317f3e5a14d503f17be0d5792c1e91a9360d605
Back-end 0.4.5 and prior remote file inclusion exploit.
0b5963fd8d998ec1e6dead8121cee9e85c2a8454f0461196030f24ad35a2c15e
MOStlyCE version 4.54 suffers from a remote file inclusion vulnerability in htmltemplate.php.
640b8337175bfa2718c5fa1bc13939dab5a7b58eaf3143908f16b248d834006c
WebYep 1.1.9 suffers from remote file inclusion in WYURL.php.
8a7dfcf2e18a441f9e8028449f9f4bd3bf87137c6b693af459e6387b05193078