Secunia Security Advisory - CWH Underground has discovered some vulnerabilities in SyndeoCMS, which can be exploited by malicious people to conduct cross-site scripting attacks, and by malicious users to disclose sensitive information.
0ea05263b64f0131209ec6b5949b7199c04cbb40be171545c6ba0314f101d637
Core Security Technologies Advisory - A vulnerability was found in CitectSCADA that could allow a remote un-authenticated attacker to force an abnormal termination of the vulnerable software (Denial of Service) or to execute arbitrary code on vulnerable systems to gain complete control of the software. To accomplish such goal the would-be attacker must be able to connect to the vulnerable service on a TCP high-port.
19bd45b897c6982edbb11d71c9c88e4b43443d02180be90c94917a52bf3de427
TYPO3 versions 3.x, 4.0 through 4.0.7, 4.1 through 4.1.6, and 4.2 suffer from arbitrary code execution and code execution vulnerabilities.
3f08cf2d0f07df1e0f68d53d3396712614ffc248496d81a50541f0e4c85b5ff8
PHPEasyData version 1.5.4 suffers from cross site scripting and SQL injection vulnerabilities.
038bd7360986bb346c3f7b2dd8c05b2150b3de7bc4a0cd1c2780a84fa278f64f
Flat Calendar version 1.1 allows for administrator bypass when scripts are accessed directly.
5e7708384102bfc84936c466d0e26d24d6d1d332d55c960f0b50de582e550878
Secunia Research has discovered a vulnerability in uTorrent and BitTorrent, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the handling of HTTP requests and can be exploited to crash the application by sending an HTTP request containing a malformed "Range" header string. Successful exploitation requires that the Web UI interface is enabled (not default). uTorrent version 1.7.7 and BitTorrent version 6.0.1 are both affected.
d2a8e55f8cf66424df0d99429639964b9e96d1badbf13b3bdfef9410bb5a8d01
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Apache with PHP. This vulnerability could be exploited remotely to execute arbitrary code.
0b8a596fa9731d9045feee363c97d041ef17ec11d3673fdb9838a72908303695
Secunia Security Advisory - Secunia Research has discovered a vulnerability in uTorrent, which can be exploited by malicious people to cause a DoS (Denial of Service).
3f322062f9e2cf8ef117b3a6087faaffcbd68adacfde78c12be31fb984beb43b
Secunia Security Advisory - Secunia Research has discovered a vulnerability in BitTorrent, which can be exploited by malicious people to cause a DoS (Denial of Service).
5a89ea0c35e78c4223931809ee466e35c122a365b6cff6acb7e35f32e0858df8
IPTBB version 0.5.6 arbitrary add administrator exploit.
1605caeffa7574dfd66c1b80f96a27bfb09f4579ddca2b0d31dc2a419c573b99
eFiction version 3.0 suffers from a remote SQL injection vulnerability in toplists.php.
2a6ab15370a2e59ec1b0522a016d1da52c7505c4b4b739b726802f536af9be92
FOG Forum version 0.8.1 suffers from multiple local file inclusion vulnerabilities.
55c02e350cb188d82a67c286bcaa494d633cee9126cc4b8d16898761ed83a52a
Tor-ramdisk is an i686 uClibc-based micro Linux distribution (3.1 MB) whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP.
21cc7f9fb71407bf6976be4443cf9f4d9e94a20dc4d3f112412fdc787ef2c820
Technical Cyber Security Alert TA08-162B - Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Windows Server, and Internet Explorer as part of the Microsoft Security Bulletin Summary for June 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
810d1228fe5faf883e06ea41904a059ac3560025652472f0d1ef3b2d46e29a34
Technical Cyber Security Alert TA08-162C - Apple QuickTime contains multiple vulnerabilities as described in the Apple Knowledgebase article HT1991. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
ebd772d340e41c60ebb2a0f469a73896978e3671c80a7b972ddc74236fc877d8
Mandriva Linux Security Advisory - Evolution did not properly validate timezone data when processing iCalendar attachments. If a user disabled the Itip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service or potentially execute arbitrary code with the user's privileges. Evolution also did not properly validate the DESCRIPTION field when processing iCalendar attachments. If a user were tricked into accepting a crafted iCalendar attachment and replied to it from the calendar window, an attacker could cause a denial of service or potentially execute arbitrary code with the user's privileges. In addition, Matej Cepl found that Evolution did not properly validate date fields when processing iCalendar attachments, which could lead to a denial of service if the user viewed a crafted iCalendar attachment with the Itip Formatter plugin disabled.
c8887f2382bbf2f38ca613a39ff385f4667c6d738032adf9747301ae840ae724
The Piugame CMS suffers from cross site scripting and SQL injection vulnerabilities.
a662539dfe5a72e1c6eafd1fe99c22f21e49af167efdbe97e762982dcc786021
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of SAMI files. When handling the properties of a "Class Name" variable a lack of bounds checking can result in a stack overflow. Successful exploitation can lead to remote code execution under the credentials of the logged in user.
fcb95873ba9ffebfd3333b19f05f50d450840159b4c30a94f390646ec0e72774
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the substringData() method when called on a DOM object that has been manipulated in a special way. The attack results in an exploitable heap buffer allowing for code execution under the context of the current user.
199a27adda6f9b915cf6856311e07418574bbd6af52f57dd0a8956c4404ef6a1
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file.
bcd127620a65d689b5a899b714c2eb878a2ad2d75e5b861343ac2474827a014a
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
06cd3185b8d89ac305b2a42f16927bd2994ff584a3d2b9076e6a70fdad15886d
Experts version 1.0.0 suffers from a remote SQL injection vulnerability in answer.php.
adda4cf42abcf26f61c9712e3fe67cec9faa7c3183e5347db1ea4f3315cbf7fa
TNT Forum version 0.9.4 suffers from local file inclusion vulnerabilities.
447c619fa83747d04a35ffa97e4c442db8577489571a4711ddda6b1d2628df30
Syndeo CMS version 2.6.0 suffers from local file inclusion and cross site scripting vulnerabilities.
a51d76a828429f390aaacd9b4cb7e81c77a4d15b4f4293acc46fbb0b9447ae0c
iDefense Security Advisory 06.10.08 - Remote exploitation of multiple heap overflow vulnerabilities in the FreeType2 library, as included in various vendors' operating systems, could allow an attacker to execute arbitrary code with the privileges of the affected application. iDefense has confirmed the existence of these vulnerabilities in FreeType2 version 2.3.5. Previous versions may also be affected.
9a4ef45fbc6785b0af6fa5c6bf4ca83872c3fb8be357ebe78481f18cc310c0fd