HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Netscape Directory Server (NDS). The vulnerability could be used locally to gain extended privileges.
1879da0710943192044e2f18914a3dd0ae38c1d8a42f9aaf667ce33eae6d963f
Debian Security Advisory 1554-2 - Roundup, an issue tracking system, fails to properly escape HTML input, allowing an attacker to inject client-side code (typically JavaScript) into a document that may be viewed in the victim's browser.
0ef704e318012ae33ddede7c481143695b8612593320b046f15e1c3de646d7f9
Debian Security Advisory 1569-2 - The original update for cacti unfortunately introduced a regression. Updated packages have been created to address this. It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible.
a25d71e2a484bbe0525e22985604072f8a0b56a19f2fc79a50227fb2af5045fc
Secunia Security Advisory - Luigi Auriemma has reported a vulnerability in Call of Duty 4: Modern Warfare, which can be exploited by malicious people to cause a DoS (Denial of Service).
7243480b3baa8b62396906b62af69eedd3b31ce793377b9281f60cd82f815fbf
Secunia Security Advisory - M.Hasran Addahroni has reported a vulnerability in Online Rental Property Script, which can be exploited by malicious people to conduct SQL injection attacks.
c318be10c6642490ee1fe023db3ece6356f2bab2af0ada6d72256cefb86b268b
Gentoo Linux Security Advisory GLSA 200805-02 - Cezary Tomczak reported that an undefined UploadDir variable exposes an information disclosure vulnerability when running on shared hosts. Versions less than 2.11.5.2 are affected.
a7d40e1888da5a69f15cd07b8c0f478c5091ed90492e7327880195c9e015ba80
Gentoo Linux Security Advisory GLSA 200805-01 - Multiple vulnerabilities in the Horde Application Framework may lead to the execution of arbitrary files, information disclosure, and allow a remote attacker to bypass security restrictions. Versions less than 3.1.7 are affected.
d9152e8f56ffed55e1beac9851e375c68b2119c4ebc5503130416fe05e5cd88c
Core Security Technologies Advisory - A vulnerability was found in Wonderware SuiteLink Service ('slssvc.exe') that could allow an un-authenticated remote attacker with the ability to connect to the SuiteLink service TCP port to shutdown the service abnormally by sending a malformed packet. Exploitation of the vulnerability for remote code execution has not been proven, but it has not been eliminated as a potential scenario.
cc0017282284a81e4c1b8b21a4c4538842f8dc45ce9d672ef98b6df5d880f5e1
Novell eDirectory versions below 8.7.3 SP 10 and versions below 8.8.2 suffer from a denial of service related vulnerability. Details are provided.
eeea4524358956b07a0e7eeded52faf98ec81fc4f410f5baddfeed09f6a64217
Novell eDirectory versions 8.7.x through 8.8.1 suffer from an arbitrary access vulnerability due to client-side access control when using the SOAP interface.
d8c1e0d178bbdf6fe231b6d7a8501982ac654b9dcb8aa71c053c93e60e6ed971
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
af567b701506a3cac7903a08e599312cc2f8d3b4301bdd6b6e32ccd0fde77a84
DeluxeBB versions 1.2 and below exploit that demonstrates blind SQL injection, PHP injection, and more.
ec2c7830951eadc30a465f5cba249cdb1f4709d9b9dd65e2de5467ec2b27a7cb
Plash is a sandbox for running GNU/Linux programs with minimum privileges. It is suitable for running both command line and GUI programs. It can dynamically grant Gtk-based GUI applications access rights to individual files that you want to open or edit. This happens transparently through the Open/Save file chooser dialog box, by replacing GtkFileChooserDialog. Plash virtualizes the file namespace and provides per-process/per-sandbox namespaces. It can grant processes read-only or read-write access to specific files and directories, mapped at any point in the filesystem namespace. It does not require modifications to the Linux kernel.
e986dfa2e5251a43e5386ae47ea6cb0866c8cef264b2bd75e03a75c9a2f57030
Power Editor version 2.0 suffers from remote file disclosure and edit vulnerabilities.
091b21d7094470978d31bb9d33dd8c0dbcf4ef0a014b3f178bbc14516f1c7cdf
Miniweb version 2.0 suffers from a SQL injection vulnerability in index.php.
f9de24c92645c8b81c8e568c0f7420f08934e3338c1adbe76550a8a96b6ec027
Secunia Security Advisory - InjEctOr has reported some vulnerabilities in cpLinks, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
d6b51c0d19b64ce4c1889147eae82b353cd45859f2cda36378e94017deacba7f
Secunia Security Advisory - HP-UX has issued an update for Apache with PHP. This fixes some vulnerabilities, which can be exploited by malicious users and malicious people to bypass certain security restrictions, gain escalated privileges, or cause a DoS (Denial of Service).
cebf124f12400e152516bbe36293b1a25fdba9c897870137554c6d5b8d274f30
Secunia Security Advisory - Cod3rZ has reported a vulnerability in ITCms, which can be exploited by malicious people to compromise a vulnerable system.
acdc87c80479bff37eb5c213ab4a5cbc11a0bfe22851b951e0debaf5889af31e
Secunia Security Advisory - A vulnerability has been reported in the powermail extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks.
8f73cc7f08f61c7b06d86f6defa6952b646852647d1302f45def1c8f40169b30
Secunia Security Advisory - Khashayar Fereidani has discovered a vulnerability in LifeType, which can be exploited by malicious people to conduct cross-site scripting attacks.
733cf3ca5689b29e9cb196a26167d7c6f4345dc991533104f99c4de930d07104