Secunia Security Advisory - A vulnerability has been reported in feynmf, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
9a336d995af6ee59fcdb00497d17b9fb2bf0e7bddd916ab01fdd32c3cd5202dc
Secunia Security Advisory - Tim Brown has discovered a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.
30454bbb7a5cb6044804aefcd1eeb3ff8762d12e8b0cf0f561d0d60d1e60d195
Secunia Security Advisory - A security issue has been reported in Invensys Wonderware InTouch, which potentially can be exploited by malicious users to compromise a vulnerable system.
d863e1700e4cce1e17662b881e23d8fbedbbb1c0ff6a2a82e3ffa38c96323a93
MyTV/x versions 3.6.6 and 4.0.8 appears to drop an end user into the Apple menu with root privileges when hitting the power button during the login sequence.
b7817855a6ba52d4b4ba4fc915572af792b6c1edd52a48ec308332831a21ffe6
Aanval is a web based Snort intrusion detection console. Currently supporting Snort and syslog, Aanval provides dynamic monitoring, comprehensive reporting and powerful alerting capabilities. Several primary features are account hierarchy, data-archiving, real-time data displays, auto signature updating, sensor management tools, easy upgrading, advanced searching, artificial intelligence, timezone control, charts/graphs, query saving and more.
fbfbd672e14779d980ba250a3dd0d9556788ecf477afb3622d1f994ef99a597a
Debian Security Advisory 1409-2 - The previous security update for samba introduced regressions in the handling of the depreciated filesystem smbfs. This update fixes the regression(s) whilst still fixing the security problems. Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.
d70a3a64fa245941097ed490e8c67aafe93f38b1d67eee03a77465a45d074491
Bytehoard version 2.1 suffers from multiple privilege escalation vulnerabilities.
76ec22bd5cba14906cedfcdbf388d38bfdaccf95fa9ba129b10f97538e13e7e5
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
d835f86ef14e74728a943d02048b0b554bbdb72dc63348e0cbe2616f89718f20
A classic directory traversal condition exists within the Sentinel Protection Server. By sending in an HTTP GET request with a path of a file proceeded by and escaped traversal sequence, an attacker can leverage an arbitrary file access condition on the affected system. Sentinel Protection Server version 7.1 is affected.
dffb03dd9181a15df67067f309c62e9515445ba6b21dab2a0a783789bdd11745
GWExtranet version 3.0 suffers from privilege escalation, cross site scripting, and remote file inclusion vulnerabilities.
e4e6f04686018bd807f8a44fdd931ee88df6f4750e03343d250fcc3694893cd7
Citrix NetScaler version 8.0 suffers from a weakly encrypted cookie vulnerability in the web management interface.
d8a56f4916a2c3e12e3b2734f56249642178a6c288d3db176f89945ce6179991
Yahoo! suffered from a cross site scripting vulnerability using UTF-7. This has been fixed already.
2e06f080021ff60bcf8b9cb7489435c704164dac4045d1cfd13d9742c972bf6b
Gentoo Linux Security Advisory GLSA 200711-34 - Multiple issues were found in the teTeX 2 codebase that CSTeX builds upon (GLSA 200709-17, GLSA 200711-26). CSTeX also includes vulnerable code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12, GLSA 200711-22) and from T1Lib (GLSA 200710-12). Versions less than 2.0.2-r2 are affected.
7b67b1016489ce2dc2c4b4acef3dea3f9d5c71b680d05fc40370606884914e36
Multiple stack overflows exist in the RichFX nprfxins.dll ActiveX control.
7293c8e710192d767af558070b26ba8ca41ebcd71e9167814f04c7c31b237c42
It appears that RealNetworks RealPlayer suffers from more stack overflow vulnerabilities in ierpplug.dll.
b3454ab95ff30b7f8777d5ed1fd582faa01978dbcdd22bde69db3e013481f88e
Gouae DWD Realty suffers from a SQL injection vulnerability.
59a595ba72893c69adca0d626e20eed63094237b87e568c1e8c07e1d551e8b7c
Softbiz Freelancers script version 1 suffers from cross site scripting and SQL injection vulnerabilities.
af22f828b4b730813e8b5f90c91c8b4f66ec2d5305b50880b819ae73ae8e6a8a
Gentoo Linux Security Advisory GLSA 200711-33 - Josh Burley reported that nss_ldap does not properly handle the LDAP connections due to a race condition that can be triggered by multi-threaded applications using nss_ldap, which might lead to requested data being returned to a wrong process. Versions less than 258 are affected.
9a9655e788342eb536edcb56980ac13a9d36bf70e3ec7a75becab68b2b67b33c
PHP versions 5.2.4 and below suffer from a htaccess safemode and open_basedir bypass vulnerability via mail.force_extra_parameters.
5cb1872002031e72e4addf8a9712d045e489374143dd9a086c89e49cc9fa814a
Debian Security Advisory 1412-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
ed2f83414ff3e14f7e07289bdb5c782888e2376074d021bac979dca15c1c977f
Debian Security Advisory 1411-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
84a2a39811848c21a5aae5f866f5aa0f30a44e456a13a848ee406e79cc4ef16f
Debian Security Advisory 1410-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
497756665c6f5c4cf52f9041b07c5a41ff282dfdfee0e1ec5700bd636e0ba660
Simple exploit that demonstrates a script insertion vulnerability in wwwstats.
29014ac2d821ffd45216932fc69be04913f562187be248a4fb5138e2905af733
eNYeMon is a Microsoft Windows packet sniffer. It captures all kind of packets and it is possible to use filters by IP, port and data. It also exports into plain text and html format. Binary executable and source code included.
15ee31aa1eedd1434ada6df0f731571b3231905f3af6d3b6a6d6b819d330f31e
Dora Emlak script version 2.0 suffers from a remote SQL injection vulnerability.
0b5ff226a3fd166d9261956191fecd18c0f673fdd45546fdb27ec4d5e30d466f