iDefense Security Advisory 04.08.08 - Remote exploitation of a heap based buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code with the privileges of the current user. iDefense has confirmed the existence of this vulnerability in Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, and Windows Vista.
7f0b5f5daff1e693ba3c2e9e4c1d40241602f4f0f1bd639eeb6348752f914329
iDefense Security Advisory 04.08.08 - Remote exploitation of an integer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code with the privileges of the current user. iDefense has confirmed the existence of this vulnerability in Windows 2000 SP4 and Windows XP SP2.
03d39e0c171617bc6bed7fb6be3e14daf1be8b9c372dfa5615c0ba6aa4d0858e
iDefense Security Advisory 04.08.08 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Microsoft Help 2.5 ActiveX control allows an attacker to execute arbitrary code with the privileges of the logged-on user. iDefense has confirmed this vulnerability in version 2.05.50727.42 of hxvz.dll, which is installed with Visual Studio 2005.
588d2439063be1e77858d28dd76b3cadb193e7df46f39974193b547dca836bc3
Debian Security Advisory 1541-1 - Several remote vulnerabilities have been discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol.
69fcb84d4bc7e2013a90dd93eeb88420c908914cb89a94ea8e2e1fb1bcf462e0
A stored cross site scripting vulnerability exists in Microsoft Windows SharePoint Services 2.0 where a malicious user can bypass sanitization and inject javascript into a web page they are editing.
de54a6cb63b016abf59cab3f7964511738229fd8484eb8c2dfc2ed77e80b45ce
Secunia Security Advisory - A vulnerability has been reported in HP Integrity Servers, which can be exploited by malicious people to cause a DoS (Denial of Service).
ac10191ae9237fbfc91778786de04eda5cd71d860bb0818f5aaaedb491e935bf
A vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Flash Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when the Flash player attempts to access embedded Actionscript objects that have not been properly instantiated. In order for exploitation to occur, an attacker would have to modify a DeclareFunction2 Actionscript tag within an SWF file. Exploitation of this vulnerability can result in arbitrary code execution under the context of the currently logged in user.
8fae64bb0f5479c2daddc21ca71de52bb43fc79e1f3b459d6f50ca7911ac798b
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a user must open a malicious file or visit a malicious web page. The specific flaw exists within the parsing of malformed WMF files. A vulnerability exists in the GDI function CreateDIBPatternBrushPt used when processing WMF files. Due to a mis-calculation of user data a heap chunk can be under-allocated and later used resulting in a heap overflow. Successful exploitation can result in system compromise under the credentials of the currently logged in user.
34953549b26a5db96fbab3faafd2fc61b496bf2b5c73f1439c8a3505da7e6bab
Koobi Pro version 6.25 showimages suffers from a remote SQL injection vulnerability.
dbe9a577c176c6733ab118a2f79d9f60fd66a34b78e553e829a898cb20121b8f
Koobi versions 4.4 and 5.4 gallery suffer from a remote SQL injection vulnerability.
d273901d4e8e3d398e839549f2e1eea397f2b628066a932e27813a516126d11f
Koobi Pro version 6.25 gallery suffers from a remote SQL injection vulnerability.
535de6b7a28e8b3ebc3a08be0a4c6ca4bdcac390ae324b07b1d5e5e4df19dd0a
Koobi Pro version 6.25 shop suffers from a remote SQL injection vulnerability.
0318d2fbfa244b67286bff483191bf224955f6de12f1f9d119f656c981927e88
Koobi Pro version 6.25 links suffers from a remote SQL injection vulnerability.
81419c599a02453caf60bd6a70822f217b64f9de41b86be7a5140a54299fbf82
Secunia Security Advisory - A vulnerability has been discovered in LinPHA, which can be exploited by malicious people to disclose sensitive information.
852ce2a4dfb824329860e4a15c1bfdf0a873449ca1421790eb2bced946f92d77
Technical Cyber Security Alert TA08-099A - Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for April 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
376425dd8c50ca785b4ad78bfa54a40de33fb20f150f041556a95cec6cb2f69d
This paper shows that Windows DNS stub resolver queries are predictable - i.e. that the source UDP port and DNS transaction ID can be effectively predicted. A predictability algorithm is described that, in optimal conditions, provides very few guesses for the "next" query, thereby overcoming whatever protection offered by the transaction ID mechanism. This enables a much more effective DNS client poisoning than the currently known attacks against Windows DNS stub resolver.
fcbad979678328d35c5f23e8e94a9efb78263e2ea3c4b81d3d339f74542d6222
Prediction Football version 1.x suffers from a remote SQL injection vulnerability.
cb46a6b360d756b5229d374de741c78696ba4f5b59935f126b6bd63b4363006a
SuperNET Shop version 1.0 suffers from remote SQL injection vulnerabilities.
ca687d66d86d1a652b6bf8a757d6dbdac0144ae3b0c81c8c5322727978be35ba
HP Security Bulletin - A potential security vulnerability has been identified with HP Storage Essentials Software. The vulnerability could be exploited remotely to gain unauthorized access to data.
749937f0ffae4265cf178936cff36ff8664271068bf1ae3cb7f7b656d71a46b3
Syslog Fuzzer is a small perl script tool that is useful for testing some attack vectors against syslog servers. It has support for buffer/integer overflows and format string vulnerabilities.
fb34a3d4e18d1e8af3658c6272e7e8976431669d015724f634b37da32a293743
Secunia Security Advisory - Debian has issued an update for lighttpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
cf9be9aa435c0ce38284eae017c2b7bf2b00434d3fcb1e950e6bbdd5a27ca5a3
HP Security Bulletin - A potential security vulnerability has been identified in the embedded management console in certain HP Integrity Servers iLO-2 Management Processors (iLO-2 MP). The vulnerability could be remotely exploited to cause a Denial of Service (DoS).
94fd502f8d58eee4c8273c42d8c9ac1d7a1b07a05fac9c8a1068772818fc61ef
Swiki version 1.5 suffers from cross site scripting vulnerabilities.
9ab010fffeaf6a43e91740ca213df427dbb5e10d74dc70052a56e02070d5a49c
LokiCMS versions 0.3.3 and below remote command execution exploit.
97625b027c63c4c535bf7a6c88ec0da3b8c3fc2cfc16f9760076f9cfed76a8c2
Flaber versions 1.1 RC1 and below remote command execution exploit.
7878cc53832b9211a66f0f91903546f496d3434029ea77542e3836118ab4678f