HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache with PHP. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to gain extended privileges.
d2fd4b44ee57dd3af461a9759dea17febfe05480c61e661d1f8658421113fd53
HP Security Bulletin - A potential security vulnerability has been identified HP-UX running the useradd(1M) command. The vulnerability could be exploited locally to allow unauthorized access to directories or files.
e59571f2ff30cc98eb6750cfdbea17f5717f61b9beb4a3ee728e282c98df6bed
Secunia Security Advisory - Secunia Research has discovered a vulnerability in Foxit Reader, which can be exploited by malicious people to compromise a user's system.
830ca8fc187f2fa1f7e5513ec9beb3c141c230f56183802dcfe478ef4aca9a53
Secunia Security Advisory - Tan Chew Keong has reported a vulnerability in the FireFTP extension for Firefox, which can be exploited by malicious people to compromise a user's system.
5dd02c1bcf4c9cf354b51d8ff234e25803f98441b152377eee75b1bcee5c410e
Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service).
62c171d42aa88b19f9258546c26f81d574fb0aaea6328422d16ad15cc2663906
Secunia Security Advisory - A vulnerability has been reported in Stunnel, which can be exploited by malicious, local users to gain escalated privileges.
497e1086f03345c4ca14422869747f381a61804d51333d6ce4f145e0bce37319
Secunia Security Advisory - Adam Zabrocki has discovered a vulnerability in Mtr, which potentially can be exploited by malicious people to compromise a user's system.
6d8018f88ede61aae2739484b26fac37f14278f09a4e9edeffbcfc1806abc951
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
bb587d8e96bac78b086e12450434df6d5d72c587415ae18e670c875b5e37676b
Mtr suffers from a local and remote stack overflow vulnerability.
b5aaeddc9d0203578469fd018747dc56aa4cb6f38fd0d0cff0a0cf01e4b890b2
Ubuntu Security Notice 612-7 - USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1. This update provides the corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL in Ubuntu 6.06 is not vulnerable, this update will block weak keys generated on systems that may have been affected themselves. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates.
b8a3d7140bb40c836f0c4783f297dddf48e4e0cd26ed7af88c52cbf6f4b50bf1
Debian Security Advisory 1580-1 - It was discovered that phpGedView, an application to provide online access to genealogical data, allowed remote attackers to gain administrator privileges due to a programming error.
6cb34a2f0fef9fd9f75be1b339a75f76988d21d100d00c006ae8565a6f11805e
Secunia Research has discovered a vulnerability in Foxit Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the "util.printf()" JavaScript function. This can be exploited to cause a stack-based buffer overflow via a specially crafted PDF file. Successful exploitation allows execution of arbitrary code. Foxit Reader 2.3 build 2825 is affected.
fd57e4bfb41939ad032f32cc8e3df6d5f80854b91d50488e0adfd932f788576e
WinPCAP denial of service proof of concept exploit.
1432e8c079069a6ab716069ef7c345128f3cabec56bcb1328e175a03684a451e
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates ARCserve Backup. Authentication is not required exploit this vulnerability. The specific flaw exists within the caloggerd log daemon during the processing of log messages that contain directory traversal modifiers. A lack of sanity checking on the provided path allows attackers to append arbitrary data to a file of their choosing and can easily result in a full system compromise.
87cfdcbb6613e14cedaf10c5b3083bd9012df90c3f6873619469e64a0001b4c8
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of CA BrightStor ARCserve Backup for Linux. User interaction is not required to exploit this vulnerability. The specific flaw exists due to improper bounds checking in the xdr_rwsstring() library function. By sending a long parameter into a daemon using this function to process strings, a stack based buffer overflow occurs, leading to execution of arbitrary code.
5beac44d9fa93dd531a5772fb664510c95b8fb10a85ab02246b9e9235be2a914
CA ARCserve Backup contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability, CVE-2008-2241, is due to insufficient path verification by the logging service, caloggerd. An attacker can append data to arbitrary files, which can lead to system compromise. The second vulnerability, CVE-2008-2242, is due to insufficient bounds checking by multiple xdr functions. An attacker can cause an overflow and execute arbitrary code.
4e72f135e85d378c8daae3e615f25746727f11c302917fbfcb8e7d99f84d149b
Mandriva Linux Security Advisory - field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop.
0fc7725ade229d2bccc465866192b4e127fdc91e731b4bf191ffb65ab2c5a779
DoS Attacks Using SQL Wildcards - This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers.
966761136e5dd0fc10bac9d6b273966d20386567a7bdca93ac2c13e0d89fc0e9
Wordpress versions 2.5.1 and below offer the ability to execute arbitrary php code via the administrative functionality. This is a bit obvious to anyone who has used Wordpress installations, but I guess it is useful to note.
b8c00a899b80f40e3c05f1ff4633dd5608f6424a366be2dcb8c711639fbd1703
Insomnia Security Vulnerability Advisory - Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request to this port that will result in the encrypted domain credentials being returned. Versions 6.8.x and 6.9.x are affected.
234df1762e5efb593ef96dd70a17ec44fe21692085b54ea3770decbd5d36aeb3
Insomnia Security Vulnerability Advisory - Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request that will result in the exploitation of a SQL Injection vulnerability. This leads to database access under the context of the Deployment server, which typically then allows, command execution under the context of the SQL Server. Versions 6.8.x and 6.9.x are affected.
326d2fd0343a50acde785461329cd29f99ec31a55cf0fdeda6e4172d09fb8bbf
Bcoos versions 1.0.13 and below suffer from an arbitrary file read vulnerability via highlight.php.
e7ab34aed9514809805b0f909f04ffd546118b7e9e4be88fdd7ef809e613ad38
Microsoft Word versions 2003 and 2007 are susceptible to crash and cross site scripting vulnerabilities via malicious javascript execution.
9450a478f4400a7b5a60736110807c1fa7a8a05c22051c2435fab168d53fed6e
It appears that there is a remote compromise vulnerability in cPanel in relation to reseller accounts.
4745ad393ead10f2841702f3721f0bdf5e6d2f6186ef29c5113b5d64f637e24f
Debian Security Advisory 1579-1 - A vulnerability was discovered in the GIF reader implementation in netpbm-free, a suite of image manipulation utilities. Insufficient input data validation could allow a maliciously-crafted GIF file to overrun a stack buffer, potentially permitting the execution of arbitrary code.
b8ee4026f4a54007afd888ed6348ed7f0fc7c9728c856c873aa19b2bfae4987a