Paul Byrne of NGSSoftware has discovered a critical vulnerability in Apple Quicktime's implementation of the Indeo Codec which may allow an attacker to execute arbitrary code on a user's system via playing a malformed movie file in Quicktime containing video encoded in the Indeo Codec. Quicktime versions prior to 7.5.5 are affected.
1e4af91263ae0ea2d7ba9af4661833e97f87c3dcaa0e6ed74c1bd24395a7dd0f
The Baidu Hi IM client software suffers from a denial of service vulnerability.
602ed68ee92ed8b8f32f9dba4972fcf56eefc1660be589e5f567db054316a527
Secunia Security Advisory - -tmh- has reported a vulnerability in Powies PSCRIPT Forum (pForum), which can be exploited by malicious people to conduct SQL injection attacks.
c8c4dac39b3304c8d26c9afbf8dd5c114f3843b7552bb545b876a971a755ff8e
Secunia Security Advisory - A vulnerability with an unknown impact has been reported in WebSphere Application Server.
17258c936442d5a86d24bf179c7d44ab57a6c0d15a911733eaea04e0dd1d74c3
Secunia Security Advisory - Nortel has acknowledged a vulnerability in Nortel Switched Firewall products, which can be exploited by malicious people to spoof authenticated SNMPv3 packets.
f7a365b96c331957dede4a28d1b728c3b2cf7c2be0f7667a2ce58214591788dd
Microsoft Windows is prone to a kernel-related denial of service condition due to the way srv.sys handles malformed WRITE_ANDX SMB packets. Metasploit exploit code included.
78155c1242238f3c779e439c47050b7f13096125447eda1e52928ce1ec4671a2
CzarNews versions 1.20 and below account suffer from an account hijacking SQL injection vulnerability.
4baa47dba1702932b161e55aca926e561634095a8ed2100fbed3e8ba561a2fbf
CzarNews versions 1.20 and below remote SQL injection exploit that uses the cookie.
a08d30f9cca62fa703007f4253f93e7cde93c6773686c6cdb552258358f80985
Secunia Security Advisory - Debian has issued an update for git-core. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
d2b815c6c9e47e82275cb7fa50b9e65b09da6a5588542f8659cdd54d1afebb40
Secunia Security Advisory - FIREH4CK3R has reported a vulnerability in vbLOGIX Tutorials Script, which can be exploited by malicious people to conduct SQL injection attacks.
bc23c0f11c50ed1b5aaa7b3ecb21d928e037d3d117653b439412edbc6cda45ce
pGalerie version 1.0 suffers from a remote SQL injection vulnerability.
a98285bf538234498cd2feca8454bf3d647697b5c965d971174eabb5ed913eb8
Web 4U Ghana suffers from a remote SQL injection vulnerability.
3e434c5004ea8c8bdcce29883cd6b4b96cbef3c332317a00b26f2c81eba20bef
A Website For All suffers from remote SQL injection vulnerabilities and also has a default password.
362a962ce37215af19ccc067264ef73c4c6d714a44fd09af6e866ab58f824837
Debian Security Advisory 1637-1 - Multiple vulnerabilities have been identified in git-core, the core of the git distributed revision control system. Improper path length limitations in git's diff and grep functions, in combination with maliciously crafted repositories or changes, could enable a stack buffer overflow and potentially the execution of arbitrary code.
107d015f5c3f226f1271496bb2f92ab8af98ac16ee6130409d4eeebad97e1d3d
Cpanel versions 11.x and below suffer from a local file inclusion vulnerability that allows for system compromise.
a346cfea7b8c77e8707b4cabc15b3d531da2d6c2de2c48fece10ae7d469d9fd5
Horde and Turbo Contact Manager version H3 2.2.1 suffers from cross site scripting and remote java file inclusion vulnerabilities.
e15ba10d01b7ecdcb51c287c32468066c6d357891e6a43b262a75ffe922c7dd5
Paper discussing playing with sockets and port scanning.
f9134ec126125421e60f4c9c1f70af6ba3edf37e35a4be73059e00cd65bf26d0
New Downline Builder suffers from a remote SQL injection vulnerability in tr.php.
518cd84f591473058a6f694a50fc7abe02b9a96b97582fb3712e83a1a9709c64
Downline Goldmine Builder suffers from a remote SQL injection vulnerability in tr.php.
0672a903c5cdce7415314474dc47d939a4c53c4311ed126238257f64377e399f
Category Addon suffers from a remote SQL injection vulnerability in tr.php.
21f2f4cf5e1c727dcdf48c75806da8eb103062477e5ee898f7217af5236ace45