phpMUR suffers from a cross site scripting vulnerability.
82f4cc9a99107138fbbffd8cfbc8689961ae78f46e1cabe25aed7f6c8252995f
iDefense Security Advisory 05.10.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Apple Inc.'s Darwin Streaming Proxy allows attackers to execute arbitrary code with the privileges of running service, usually root. Due to insufficient sanity checking, a stack-based buffer overflow could occur while trying to extract commands from the request buffer. The "is_command" function, located in proxy.c, lacks bounds checking when filling the 'cmd' and 'server' buffers. Additionally, a heap-based buffer overflow could occur while processing the "trackID" values contained within a "SETUP" request. If a request with more than 32 values is encountered, memory corruption will occur. iDefense has confirmed the existence of these vulnerabilities in Darwin Streaming Server 5.5.4 and Darwin Streaming Proxy 4.1. It is suspected that earlier versions are also vulnerable.
f78fee0d8b63de9cc27fccb559c04b01ce3724d7bc2dcedabc6b197b5c472d26
iDefense Security Advisory 05.10.07 - Remote exploitation of a buffer overflow vulnerability within Novell Inc.'s NetMail allows attackers to execute arbitrary code with the privileges of the service. This vulnerability specifically exists within the SSL version of the "NMDMC.EXE" service. The application does not perform sufficient input validation when copying data into a fixed size stack buffer. When processing a specially crafted request made to this service, a stack-based buffer overflow occurs leading to corruption of program control registers saved on the stack. iDefense has confirmed the existence of this vulnerability within version 3.52e_FTF2 of Novell Inc's NetMail. Older versions are suspected to be vulnerable.
7c4224fd04fdf501163a3652b70255e6a67bedbbac0803f93921ededa636574a
iDefense Security Advisory 05.10.07 - Local exploitation of a design error vulnerability in the srsexec binary optionally included in Sun Microsystems Inc., Solaris 10 allows attackers to gain access to sensitive information, such as the root password hash. The vulnerability specifically exists because of a failure to drop permissions or check the permissions on the file specified for the target file. If a user specified verify only mode (-v) as well as debug mode (-d), and specified a protected file such as /etc/shadow, srsexec will display the first line of /etc/shadow in the debug messages. iDefense has confirmed the existence of this vulnerability in Solaris 10 with the SUNWsrspx package installed.
b0cb09576fffd6a9ae951ce05d4db56aeefe07c697fb437b66ae44d3dee246bc
iDefense Security Advisory 05.09.07 - Local exploitation of a buffer overflow vulnerability in Computer Associates International Inc.'s (CA) eTrust Antivirus allows attackers to execute arbitrary code with SYSTEM privileges. The Task Service component of eTrust Antivirus, InoTask.exe, is used to schedule and execute tasks such as scanning the system for virii. The service uses a shared file mapping to share information about scheduled tasks. The file mapping has a NULL security descriptor, which allows any user to modify its contents. By modifying a string inside of this mapping an attacker can trigger a stack based overflow in the InoTask process. iDefense confirmed that CA eTrust Antivirus r8 on Windows is vulnerable.
23745af47fac9dfdd602231dff89be840467e8837cb44af4d3af559b2314a15f
SquirrelMail versions 1.4.8-4.fc6 and below are susceptible to a cross site request forgery vulnerability.
c6523cb6f9240785bc1be6778c5fb6692dfcce73d99be8855036977ff696f739
Gentoo Linux Security Advisory GLSA 200705-13 - iDefense Labs has discovered multiple integer overflows in ImageMagick in the functions ReadDCMImage() and ReadXWDImage(), that are used to process DCM and XWD files. Versions less than 6.3.3 are affected.
4b00eb3f21d36bc2732e635d2ac4b591b01b0967a343cf468344db2da2c66f6c
Gentoo Linux Security Advisory GLSA 200705-12 - An error involving insecure search_path settings in the SECURITY DEFINER functions has been reported in PostgreSQL. Versions less than 8.0.13 are affected.
34d2224268a137d54c76ded99e6d07e4106235b06f0ffb7104ba62c314f4fab4
Secunia Research has discovered a vulnerability in Internet Explorer 7, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of HTML objects as a CMarkup object is used in certain cases after it has been freed. This can be exploited to corrupt memory via a specially crafted web page. Successful exploitation allows execution of arbitrary code.
bd9fbc1b569234a863aa82f6487b629aac76b61d799bbed6b1f29904dafd3d50
Secunia Research has discovered a vulnerability in BearShare, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the NCTAudioFile2.AudioFile ActiveX control when handling the "SetFormatLikeSample()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (about 4124 bytes) as argument to the affected method. BearShare version 6.0.2.26789 is affected.
dbc7db2e6f1936fe435111cb1d2036c76efcb80ed20555b401a15cf6773cc0de
Mandriva Linux Security Advisory - A vulnerability in vim 7.0's modeline processing capabilities was discovered where a user with modelines enabled could open a text file containing a carefully crafted modeline, executing arbitrary commands as the user running vim.
47d095c34a87489ebce6d5d79410de588957dfaacc3076c387a39116aeb7f7af
Secunia Security Advisory - Jean-Sebastien Guay-Leroux has reported a vulnerability in Avira AntiVir, which can be exploited by malicious people to cause a DoS (Denial of Service).
da50ab86ce4c28ff3c0e18911b16adf6d6b0ea1eeb873f572992422da09f8f49
Secunia Security Advisory - A vulnerability has been reported in various Symantec products, which can be exploited by malicious people to bypass certain security restrictions.
b0f9362a524212c9b1a32e526fa2c19913c66ae2cf6a1faab57c02a340239ab3
Secunia Security Advisory - Mandriva has issued an update for vim. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
1f2281298790917ce7a292de287d54086babaf645f834e83ab094cef9cd8fd04
Secunia Security Advisory - Neil Kettle has reported a vulnerability in MySQL, which can be exploited by malicious users to cause a DoS (Denial of Service).
6e6cab633bbb04e3a23a4e02a15079c946b89c3abf76d607b40c9b8621ca8e30
Secunia Security Advisory - Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious users and malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
be2408133a3192ff8aee88008ddc52d03ff724523208681a9ad94831cd610761
Secunia Security Advisory - Some vulnerabilities have been reported in SquirrelMail, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
b36fe0dcea33acbca03469dfce1bb833bc3ad17672306ab8a19f4dda57a6756a
Secunia Security Advisory - A vulnerability has been reported in SurgeMail, which can be exploited by malicious users to bypass certain security restrictions.
4f7b778a71b48cbcc28bf2f8d1ddf2423512bc5afb3c9db47fdd77155e738f46
Secunia Security Advisory - Mahmood_ali has discovered a vulnerability in phpMyPortal, which can be exploited by malicious people to compromise a vulnerable system.
1f110097df3687aacc89a4655da9d2c7d1164310c0e0ff0d30ce436f71fb37cc
Secunia Security Advisory - Avaya has acknowledged some vulnerabilities in Avaya CMS and IR, which can be exploited by malicious, local users to disclose sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.
d6d91002ec9f478e5ed462a32077cb69cc07333798a54446f80526f65925937c
Secunia Security Advisory - Silentz has discovered some vulnerabilities in TutorialCMS, which can be exploited by malicious people to conduct SQL injection attacks.
64a655447960d2e2522b72ea80e4276a79ae7b7e100ef50479afeb507222d1c1
Secunia Security Advisory - Silentz has discovered a vulnerability in SimpleNews, which can be exploited by malicious people to conduct SQL injection attacks.
d1a9b4e20f8af2ecace27167673c8f4f97b144f19ff5adaa14254a66deafae96
Secunia Security Advisory - Some vulnerabilities have been reported in AForum, which can be exploited by malicious people to compromise a vulnerable system.
7c24808eaf3162bc3bedab1e22e2f4261a5598b93248e38cc30d057c7ca8ccbf
Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes some vulnerabilities, where one has an unknown impact and others can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges, and by malicious people to cause a DoS.
a42415ddfe087e5f58d26dd20cd551067fd6215b8892080496010a30aebd2394