iDefense Security Advisory 04.02.08 - Remote exploitation of a buffer overflow vulnerability in Borland Software Corp.'s CaliberRM enterprise software requirements management system could allow attackers to execute arbitrary code with SYSTEM level privileges. iDefense confirmed that the trial version of Borland CaliberRM 2006 (file version 9.0.809.000) is vulnerable. The actual vulnerable component is StarTeam Multicast Service 6.4. Other Borland products containing StarTeam Multicast Service component, such as Borland StarTeam, may also be affected.
159b775b557eef960fa0dbc9a097aadf2c2e86589748b24658d30310f1915c46
The Call For Papers for POC2008 has been released. The 3rd POC "POC2008" is an international hacking and security conference by the Korean hacking and security community.
932686cd836df52c4fa57e9874dbe4c95e374a9094888806e5f5fcf90d496782
Local account bruteforcing utility using the su command and a python module called pexpect.
a1ba2fa01159ed86d8320897547372bd2ca79ab03897ee3ab185a84d94ad292f
FTPNullSearch is a FTP scanner that can scan a range of IPs looking for servers that allow anonymous logins. Written for Linux.
a91386c0c329e353023f79d969c12450058c95171a3888661eccbe4d0319d520
PHP Photo Gallery version 1.0 suffers from a remote SQL injection vulnerability.
6d57f2194e7439d4efdb1ae68a2cacdba7b6f117a12c936aa0321fcf92ff511d
Comdev News Publisher suffers from a remote SQL injection vulnerability.
63e2b109d4c7d608aff4065e9e5f383c0ae7d31a0ee79e79ae35f7d3c23f2aaf
sabros.us version 1.75 suffers from a remote file disclosure vulnerability in thumbnails.php.
d9109f8ddda1da24926a15d8c751f6c7e4658db1675461c7dffd8b1322304c53
Software Zone suffers from a remote SQL injection vulnerability.
01f51568e5e2e52add5dcdf460142921065b14cd257b57fbe472db3e1bd20a7f
Core Security Technologies Advisory - Orbit Downloader is vulnerable to a buffer overflow attack which can be exploited to execute arbitrary code. Versions 2.6.3 and 2.6.4 are verified vulnerable.
5d3f26cc60b2acbc37303d798ced9e82dfcc36f67de4fa6c23dad8b588c86a14
Blogator-script version 0.98 suffers from a remote file inclusion vulnerability.
1bcc8d033a4d8351d9fb02fce8c59219fbad029e8f5f9e1fc72c9c8942e74c83
Affiliate Directory suffers from a remote SQL injection vulnerability in directory.php.
cc4920601269d60411e78372eaaef679872232aa47a7c34681f9fdb823d403ed
Technical Cyber Security Alert TA08-094A - Apple QuickTime contains multiple vulnerabilities as described in the Apple Knowledgebase article HT1241. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
1da76b6ff09c28b93a2c9aae13aae772d04f39f4df875741caffeb4f5ed76b84
Cisco Security Advisory - Several products in the Cisco Unified Communications family of products contain a command execution vulnerability in the Disaster Recovery Framework (DRF) feature. A remote, unauthenticated user could exploit this vulnerability to execute arbitrary commands that may allow full administrative access to affected systems. There is a workaround for this vulnerability.
cab91d6185c7c4d7d703736fc2bb7e8b6c2c4f58e9a001803b1dbd9cf616a406
XPOZE Pro versions 3.05 and below remote SQL injection exploit.
1e6928a3827bb26276b7b5d7066a4dde93d2aae961e2ebc03e0dd531102e3b5c
It appears that Secure Computing Webwasher versions 6.6.3 and below suffer form a denial of service vulnerability.
3a9136bc5f0fbf3e6e8690afbc0ac29d6f2b1e875d4926c026830c99e84da391
The Joomla com_lms component suffers from a SQL injection vulnerability.
e35664abe9b055a846b17c7e948902c20e3dd3399a09d819e244cf76e51d37b3
Virtuozzo from Parallels suffers from cross site request forgery vulnerabilities.
ebaad3d635c352d3c9f1ac5fc2240d69b74469fbafa8caa44dfa42135de15d11
The KwsPHP ConcoursPhoto module suffers from a remote SQL injection vulnerability.
ce0c7c0cc57ad144fe209a7c02eca7b951a537295dc6393912039ad312fd5aa8
The KwsPHP jeuxflash module suffers from a remote SQL injection vulnerability.
ed134c4e79ba6e5c89d3fee15702889bcf3e9d9f15700798039bd7199b612ffe
The KwsPHP Archives module suffers from a remote SQL injection vulnerability.
87e27dd1d8883deefc3c3a2931a69ed3b8c7783f527e292173b771ee61989f00
The KwsPHP Galerie module suffers from a remote SQL injection vulnerability.
cc5fba6990c3e0eff38996478f0bdda997a8ffc57317020effab22da5921be9b
Debian Security Advisory 1537-1 - Alin Rad Pop (Secunia) discovered a number of vulnerabilities in xpdf, a set of tools for display and conversion of Portable Document Format (PDF) files.
a2b802b314090bc3787a75eb0ebdd17fcb5b1e6f2c714ca4a4c46aa2b2d26bd4
kses-based HTML filters for projects like WordPress, Moodle, Drupal, eGroupWare, Dokeos, PHP-Nuke, Geeklog, etc, have been found vulnerable to cross site scripting and code execution vulnerabilities.
9d5fb634f4e89873c5a836813b8c36aef28c608fca8b1d46aa2298d5d4586c72
Secunia Security Advisory - Duong Thanh has reported a vulnerability in Blackboard Academic Suite, which can be exploited by malicious people to conduct cross-site scripting attacks.
cdf76cc0486d186228d0d033601d72b1699ef6e7fc4238e4299aa2479da17c79
Secunia Security Advisory - SUSE has issued an update for Sun Java. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), to bypass certain security restrictions, or to compromise a vulnerable system.
0200dfa3475dd3311ffd3c19959ea373292d6af9c231fe52e21d5083eb5e2023