WordPress version 2.3.2 suffers from cross site scripting vulnerabilities.
f827868cc76261d3e945407858a7c2b3e50bdd12755103302ce169b6d4903df8
Horde version 3.1.6 suffers from an arbitrary file inclusion vulnerability. Details and a patch are provided.
a842f07e46976d40c5f1e8b780daf2730e7e34448fb9ce8cb28fbab68b8603e2
A 'honeypot' is designed to detect server-side attacks. In contrast, a 'honeyclient' is designed to detect client-side attacks. Specifically, a honeyclient is a dedicated host that drives specially instrumented applications to access remote servers to see if those servers are behaving in a malicious manner (by compromising the client). Honeyclients can proactively detect exploits against client applications without known signatures. This framework uses a client-server model with SOAP messaging as the primary communication method, and uses the free version of VMware Server as a means of virtualizing the client environment.
28b7f72d48f6112d1291d0bde99e0432433d367cbdc828b68cc4140753202de2
d3vscan is a network manager that is able to uniquely identify and graphically plot network and bluetooth devices to provide a higher degree of understanding of a particular network. It is also simple enough to be used by an average end user.
0cb0f038abaade6674714b1f16cde8ecba91e9165bffc2995646448c023c6a0b
zKup CMS versions 2.0 through 2.3 remote upload exploit.
dcfad30ef5f9732410d4b523119265c11f5bba011963821f7ba55177e78ace15
zKup CMS versions 2.0 through 2.3 remote add administrator exploit.
b77702a719e97f16193c2e54deb2b2cc0093a980da6c451c26f995c352323540
Ubuntu Security Notice 582-2 - USN-582-1 fixed several vulnerabilities in Thunderbird. The upstream fixes were incomplete, and after performing certain actions Thunderbird would crash due to memory errors. This update fixes the problem.
fab13e0223aabbf6ace0e2087124c53fee125106a1dea684d9fcfafa86b17a7e
Exploit for the SQL injection vulnerability that exists in the PHP-Nuke KutubiSitte module.
f57876ccaa4f33bf5172eee40133b229a5ed876aba5fb7b6c4863c51376e3297
Mandriva Linux Security Advisory - Ulf Harnhammar of Secunia Research discovered a format string flaw in how Evolution displayed encrypted mail content. If a user were to open a carefully crafted email message, arbitrary code could be executed with the permissions of the user running Evolution.
52eda058258bdcb9d43638c57fc974b386b40ef9d7b0bbeae526792bdb969b82
Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.12.
9ff0744156668166c4e03c21ca64c0864dd42bc9e497d903ea8be0be2de146f0
Mandriva Linux Security Advisory - Multiple cross-site scripting (XSS) vulnerabilities were found in Mailman prior to version 2.1.10b1, which allow remote attackers to inject arbitrary web script or HTML via editing templates and the list's info attribute in the web administrator interface.
08596d178f7e9b3559baa848c658c8a5875329ac953831026e23138a0508c818
Technical Cyber Security Alert TA08-066A - Sun has released alerts to address multiple vulnerabilities affecting the Sun Java Runtime Environment. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
faa861707f350d790ef1f0335ff09175a0d29e5b9193960b5cb787213b4ece36
Debian Security Advisory 1513-1 - It was discovered that lighttpd, a fast webserver with minimal memory footprint, would display the source to CGI scripts if their execution failed in some circumstances.
f7fe985a8ab110c423e6e8877760ac37885365e91c828a99252635532d0e3978
MicroWorld eScan Server versions 9.0.742.98 and below suffer from a directory traversal vulnerability.
6d95a7c9edbf7aa2a27e1272316954e97f4abcb4df685611864023bfd5734e92
The PHP-Nuke KutubiSitte module suffers from a SQL injection vulnerability in the kid variable.
7af20f55a2f0de319ef9e2d6dbeb999ff9a3b8dddff0a22aff9a69b584f69c85
Backdoored version of OpenSSH version 4.7 that logs user credentials to a file. includes.h holds the password and logfile location.
2b6417dc87fe20babd2dd1d7c3cdd41f32cf29c0513971cd19305e012993259e
Backdoored version of OpenSSH version 4.2 that logs user credentials to a file. includes.h holds the password and logfile location.
dc3a927b9892c9202e3d2b41778e4eaf6e572e2da25ccdcb36ecd18de2829d31
The Checkpoint VPN-1 UTM Edge suffers from a cross site scripting vulnerability. Details provided.
d3fc5f4d681e57956fc9dd850febad7de761b3f1d8e7dd426ea6d1a607529fb6
SUSE Security Announcement - The current security update of cups fixes a double-free bug in the function process_browse_data() that can lead to a remote denial-of-service by crashing cupsd or possibly to a remote code execution. The bug can only be exploited if cupsd listens to 631/udp by crafted UDP Browse packets. Additionally two remote denial-of-service bugs were fixed. The first one can be triggered via crafted IPP packets to use a pointer after it was freed and the second issue is a memory-leak caused by a large number of requests to add and remove shared printers.
1d33e9dc71eee1a911d8e2a1a177892a773eb3fb7cf993243327770428c9fe79
Ruby versions 1.8.6 and below suffer from a directory traversal vulnerability.
9f973809eb55cc820516d1393f62a862d0a8b28e34f6960c7fc79f70c8274379
Debian Security Advisory 1503-2 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
602da77c5b44f4181dfa36960a7570c87107eb6246c70e7a244984342052d16e
Yap Blog version 1.1 suffers from a remote file inclusion vulnerability.
985d8d96a645bb021bc12350167f9ed3c7d9a68da17db6be831eb329f745a85a
This code demonstrates a new type of finite automation implementation that significantly reduces the memory footprint of existing transition tables allowing it to fit in shellcode and other security programs.
5ce9d6cebe824dba809bc209b6bfc8e4b253fba8f63004a201888970a387b573
A couple more JPEG ICC parsing bugs were fixed in the latest JDK updates. Link to a malicious JPEG included.
7733f14ba82041871e9e880fa5b320f8d44d631e00cf2e0e340c225595e2abe3
Gentoo Linux Security Advisory GLSA 200803-12 - Ulf Harnhammar from Secunia Research discovered a format string error in the emf_multipart_encrypted() function in the file mail/em-format.c when reading certain data (e.g. the Version: field) from an encrypted e-mail. Versions less than 2.12.3-r1 are affected.
33a92899b1ce0b36840cf539ae269f980d49133cc7962c917e2bc7db908681d3