Secunia Security Advisory - Some vulnerabilities have been reported in Trillian, which can be exploited by malicious people to compromise a user's system.
ae38d7ea7febd97bff46ccfbd229a071ac6d53a12d300699540ae3d437b136ae
Secunia Security Advisory - Red Hat has issued an update for setroubleshoot. This fixes two security issues, which can be exploited by malicious, local users to conduct script insertion attacks and to perform certain actions with escalated privileges.
d28120733c771149894189614380fb10fe8a855ff15243e91cb2212bc0698aff
Secunia Security Advisory - Red Hat has issued an update for dovecot. This fixes a weakness and a security issue, which can be exploited by malicious users to bypass certain security restrictions.
b2c3cc75ad8dcdd0145e47216725672e02a3bc8e6f0b3593bf09c3848125a7aa
Secunia Security Advisory - Red Hat has issued an update for mysql. This fixes some security issues and vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service), bypass certain security restrictions, and gain escalated privileges.
c0421023293c75ae791415120934d2e3cf3d4c3ce4e26226ac6d2ba650f69855
Secunia Security Advisory - A vulnerability has been reported in PCPIN Chat, which can be exploited by malicious people to conduct cross-site scripting attacks.
a82bd6c1ac78f14ca3933f70605f2572811a990afc1d04f5e1bb9184606fdc6d
Debian Security Advisory 1588-1 - Johannes Bauer discovered an integer overflow condition in the hrtimer subsystem on 64-bit systems. This can be exploited by local users to trigger a denial of service (DoS) by causing the kernel to execute an infinite loop. Jan Kratochvil reported a local denial of service condition that permits local users on systems running the amd64 flavor kernel to cause a system crash. Paul Harks discovered a memory leak in the Simple Internet Transition (SIT) code used for IPv6 over IPv4 tunnels. This can be exploited by remote users to cause a denial of service condition. David Miller and Jan Lieskovsky discovered issues with the virtual address range checking of mmaped regions on the sparc architecture that may be exploited by local users to cause a denial of service.
7d370613a9637a5c92997661524dbca3c8c5f98f4be417a3dc5f5aa9a147b85c
HP Security Bulletin - A potential security vulnerability has been identified HP-UX running the useradd(1M) command. The vulnerability could be exploited locally to allow unauthorized access to directories or files.
fabe48a5968d90a3679f2d3ed465834be43c8c6cd071959bf8788762c32d220a
CKGold Shopping Cart version 2.5 suffers from a remote SQL injection vulnerability in item.php.
5e4922967eefb9f5b28e2ebc03418def142399f03974833596ae7af9041893a2
RevokeBB version 1.0 RC11 suffers from a remote SQL injection vulnerability.
fb6f0b3937438057cf60975d72f55a9281369ecf0cbe4b709de893e2a773e822
Gentoo Linux Security Advisory GLSA 200805-21 - Philipp Gortan reported that the xml-rpc server in Roundup does not check property permissions (CVE-2008-1475). Furthermore, Roland Meister discovered multiple vulnerabilities caused by unspecified errors, some of which may be related to cross-site scripting (CVE-2008-1474). Versions less than 1.4.4-r1 are affected.
39ae83bf9673c0b6e7ed914ca54a6bdb2a9e16d294460c89757b65f44081cc7b
PHP 5.2.6 sleep() local memory exhaustion exploit.
4dd8ed46a3bc2ba3bfdc26e4c03594bf2971e2b04708aaed650930d36967362a
strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
92d281963d9e235d0fe37e621d5fd33734c5b3b09d1e3961836e035fa454be1c
sqlninja is a small tool to exploit SQL injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable database server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a database Server when a SQL injection vulnerability has been discovered. It is written in perl and runs on Unix-like boxes.
48b7d75f816a3c6179dc709399e74dcd9a38412988214346216298cd265d1f0c
Debian Security Advisory 1587-1 - Adam Zabrocki discovered that under certain circumstances mtr, a full screen ncurses and X11 traceroute tool, could be tricked into executing arbitrary code via overly long reverse DNS records.
5186c84f13a7d6b4ce1dd045ce14f9d415f82dc1c42b0407ebee613c3d317e44
Class System version 2.3 suffers from SQL injection and shell upload vulnerabilities.
c68640da53d73085a2fd56aed3ccb57ae05d185e8b33ed871f990a9e993fbd6b
phpFix version 2 suffers from multiple SQL injection vulnerabilities.
bbbc32abc053579b8fc7d28a68da6ee4321a64532464db8e0b500a820ebf4dd0
Repair Online version 1.2 suffers from a create administrator vulnerability.
413fc05e343542aaf3b0a67ed164fb30cee01a7454e8c0d82e09e613411d790d
Excuse Online suffers from a remote SQL injection vulnerability.
c84ad6c4dd23b559510779e93b1dc9cb1edb603e3a47c46fa2c94ddacb789c3f
Campus Bulletin Board version 3.4 suffers from SQL injection and cross site scripting vulnerabilities.
c513f650a27572e394bd4390d65f2b1e348cfa309b892bde0aafc5974074677f
CMS MAXSITE versions 1.10 and below suffer from a remote SQL injection vulnerability.
083cb5994c6fe8c19a01f866cc1dada0428532be5747fcc0f3b069ef8369b1ea
Xomol CMS version 1 suffers from login bypass and local file inclusion vulnerabilities.
4c94d3033eb7747499160f24a5c38f4d2b9fe39cd2ec6f662c9b4cb7d341a640
plusPHP URL Shortening Software version 1.6 suffers from a remote file inclusion vulnerability.
3e2a4184dcd229482a02751406418b67b38eddb83a76e9e62991e6f5da194593
Security Objectives Advisory - Lenovo System Update allows arbitrary update executables to be downloaded and installed from a rogue server. The Client DLL does not perform certificate chain verification when initiating an SSL connection with the server. Version 3.13.0005 Build date 2008-1-3 is affected. Other versions may also be affected.
0df79f7829c7b5806e5a76c63b92bd7d03b09979e8aebc1d558d8756681a2807
Mini-CWB versions 2.1.1 and below suffer form a remote cross site scripting vulnerability.
d79c78d03d1411698c2295ed318b649d889462bd0605322e79c0be285b6add76
Zina version 1.0rc3 suffers from remote directory traversal and cross site scripting vulnerabilities.
04bed8149320184286564ff2e13982cdc126affe79cac71e81c5e7a424cd1429