The Call for Papers for the MEITSEC 2008 to be held in Dubai is now open. MEITSEC 2008 will be held at the Etisalat Academy from November 16th through November 20th, 2008.
e7848355e6c1cd27190a24189823e56bbce55eb405c68a410b72037f604f9660
Technical Cyber Security Alert TA08-189A - Microsoft has released Security Advisory (955179) to describe attacks on a vulnerability in the Microsoft Office Snapshot Viewer ActiveX control. Because no fix is currently available for this vulnerability, please see the Security Advisory and US-CERT Vulnerability Note VU#837785 for workarounds.
3397ca6655493aef10aa96c5c3922c0c896f9e2385119040cd8fcdfbcc7ae6e1
The Poppler PDF rendering library versions 0.8.4 and below suffers from a memory management bug which can allows for arbitrary code execution.
0f357fc416cd3be3d0207302a38ee42eb9121ef982844b3425f2e54b4376193c
Neutrino version 0.8.4 Atomic Edition remote code execution exploit that uploads a basic shell.
8418d30f8b589648903e8fbfc03787e9a75225e5cf119843f2415600cbf5dc00
Artur Erceg suffers from a SQL injection vulnerability.
ae29e9f3608662745f2ebaa816f809614d6a6a01448897fb3b73bb5835af5850
Gentoo Linux Security Advisory GLSA 200807-03 - Tavis Ormandy of the Google Security team reported a heap-based buffer overflow when compiling regular expression patterns containing Internal Option Settings such as (?i). Versions less than 7.7-r1 are affected.
90bc807b7b7aa390aeb1924d5012ed79223d057910f8883feb451614ef283d31
Triton CMS Pro remote blind SQL injection exploit that discloses the username and password hash.
bedded7ab98cad477c122d721b7603ac37e07990ef112d17fbba371523a220cc
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
7aa98796671dfe3db5a20e25669404c4e4461d2a6c77de352edf99f2c989e500
V-Webmail version 1.6.4 suffers from a remote file inclusion vulnerability.
30dc271e0bfaccdbf92d3d7767417cc117cba17fad430525490f8e3cb2caf6fc
1024 CMS versions 1.4.3 and 1.4.4 RFC suffer from multiple local and remote file inclusion vulnerabilities.
377dd8b29f5fdc247e564b2308941f865d5a19b5c30977fc88c9e0dd97318354
Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.
95bf85f54b41a50308767171e078bf378360f1209faaa56ebca454574246b7d7
Dnmalloc is an allocator that keeps heap management data separate from the heap itself. As a result, dnmalloc is not vulnerable to corruption of the heap management information by heap buffer overflows or double free errors.
6cd120675a488eb23c50989ebf56f50cba42ab50539daebfc4b8d50a3cb287aa
WebXell Editor version 0.1.3 suffers from an arbitrary file upload vulnerability.
1204747a11d5e1c88f11f97dd996add502a8c2695bc165aad78dd19be60ffbcc
Fuzzylime CMS version 3.01a local file inclusion exploit.
e2aad372ae77170ff2524f0a6b551cc685ee9b4c2175cebba687dd1306366be3
SmartPPC Pay Per Click script suffers from a blind SQL injection vulnerability.
4d14b9e4581c3111ff75e2c186a1f74cc971fb52f4dde5326a09f687c61ab413
ContentNow version 1.4.1 suffers from upload and cross site scripting vulnerabilities.
8e6c880052ac80e0ec1eb9b2a4dc678694643d95d6b9e621d60c4581f151d155
XPOZE Pro version 3.06 suffers from a remote SQL injection vulnerability.
dbb1501c1f1b97e191e8e5c20fb043c8428a6f001f142ca10cd9e247b10fdf06
Debian Security Advisory 1602-1 - Tavis Ormandy discovered that PCRE, the Perl-Compatible Regular Expression library, may encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading to arbitrary code execution.
d81e46e2f256747f79a7c880be762f69cc8cd3ff336ed8da330037303001f5d4
mboard suffers from a remote file inclusion vulnerability in mboard.php.
6560d4d22f4a8da5dfe2af355768f3a295d142088c92cc2b4f3af49765395371
Fuzzylime CMS version 3.01 remote command execution exploit.
3d85b9984f51dfcd3a674f8743266fd329fbe6b9d80f2f453a38897c114c4c99
ImperialBB versions 2.3.5 and below remote file upload exploit.
46ad3d03c9061ea9cd646c8b0d29927907db9203a1f7ccd5cfdbbf0216e86949
The PHP-Nuke module 4ndvddb version 0.91 suffers from a SQL injection vulnerability.
b0c06604812c33ab0b2f2bdcfb94dd9f4aec1528e8a1f63e1336932d5dcc608f
Direct Web Rendering (DWR) version 2.0.1 suffers from a cross site scripting vulnerability.
f28ec0ceb8f160cab1326b00711ead1f5eeaf1365e622032d55cf49a026321ed
Whitepaper discussing site wide cross site scripting which is a technique to make injected code stay resident in the user's browser even after he leaves the vulnerable URL.
6258e00949f5b6cb8f9e23f69428ac64474db6d9a58918e12106fc921cb6ab39
The wireless client, WeFi version 3.2.1.4.1, is susceptible to local vulnerabilities due to improper coding.
7759b06a4ec6983779892e8034d7f29a2c577015988adae26db5588a88d67f14