Pro Chat Rooms version 3.0.2 suffers from cross site scripting and cross site request forgery vulnerabilities.
5fd0b6e75aa088fe708a2b2c8e8751ba1c16646c57fa5f98d6e37045b8940139
Living Local version 1.1 suffers from remote file upload and cross site scripting vulnerabilities.
f3868c1baae9ae6c1c3efacf15f2474c8bcd417c69b48fe3544e56714bfcab3d
Webmaster Marketplace suffers from a remote SQL injection vulnerability in member.php.
0c0a07b3f53fa0581ee7c2da6b98f6f768276ae0a2d8effa328e88b08c8fdeae
HTMPL version 1.11 suffers from a remote command execution vulnerability in htmpl_admin.cgi.
cb5b934e888731b0f2ebf5ef79d0bcd011de5efcf7dd671d777282e671fae2d7
Linux kernel versions 2.6.27.8 and below ATMSVC local denial of service exploit.net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table.
1ac5511bb7124a05d8d0461db2da89076c5d7276da1e422a0eed18b95223456a
eZ Publish versions below 3.9.5 / 3.10.1 / 4.0.1 privilege escalation exploit.
fca2f4728ec76cac85ca4284335bbbd8fbb63e685876a5c64b99479dbe77be7b
Facebook has been susceptible to reported cross site scripting vulnerabilities since August. It is stunning that they have not fixed this in this timeframe.
09ef1b5b6fb8ae84c27eadb08f71c7a69a2f6439925ed7f54ebbcc876832eb8c
Gentoo Linux Security Advisory GLSA 200812-10 - A directory traversal vulnerability has been discovered in Archive::Tar. Jonathan Smith of rPath reported that Archive::Tar does not check for .. in file names. Versions less than 1.40 are affected.
2735121b1c06247892212422bdf8aa548600433ede2ff2886dae9ba5c4119526
Gentoo Linux Security Advisory GLSA 200812-09 - Smart cards formatted using OpenSC do not sufficiently protect the PIN, allowing attackers to reset it. Chaskiel M Grundman reported that OpenSC uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4. Versions less than 0.11.6 are affected.
c6ee2a4b61e4dbad6fbde8d1cdb450da973718cd1afa12d10b3c625df252fae9
Debian Security Advisory 1684 - Two vulnerabilities have been found in lcms, a library and set of commandline utilities for image color management.
2952c9357931b7c0048b563bbb72f0deffa1e8c321418f8151a582a9af5cc3d7
Secunia Security Advisory - G4N0K has reported a vulnerability in DL PayCart, which can be exploited by malicious people to bypass certain security restrictions.
7261b20121dbb96cc0790f3d0b560eb5e6e8d1ad1967c4bf63067edbb91a01b4
Secunia Security Advisory - G4N0K has reported a vulnerability in Bonza Cart, which can be exploited by malicious people to bypass certain security restrictions.
6f383178bdf23eb2dd9c1257ad160a71df5f37878c1049f0eebb9fdfa487ff42
Secunia Security Advisory - Debian has issued an update for lcms. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
f4afde51eec894dfd5076ebef0f0fe2220da890c7c03478eb9b3e9157843c90c
Secunia Security Advisory - Nenad Vijatov has discovered a vulnerability in MDaemon, which can be exploited by malicious people to conduct script insertion attacks.
a59b699497b1f49a6cc64fa2c6ffc9bb6da5ef1786d5d3a6c4016d199d2f303a
Secunia Security Advisory - Avaya has acknowledged some vulnerabilities in Messaging Storage Server, which potentially can be exploited by malicious people to compromise a vulnerable system.
adf1fa2d6ab55ce57d1ebc1874cc3d12c66f127bd1f853d7598c24aede8f1d4d
Secunia Security Advisory - SuB-ZeRo has reported a vulnerability in Peel, which can be exploited by malicious people to conduct SQL injection attacks.
b801cac2aa87252060fce0eb8ebcd253f8f4db0a459985ddf2cabc72ed20d135
Secunia Security Advisory - Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service).
669e56cffcd9952077215855c7c79c0d8ad700c504471bfceabd3c01b43fdff7
Ubuntu Security Notice USN-678-2 - USN-678-1 fixed a vulnerability in GnuTLS. The upstream patch introduced a regression when validating certain certificate chains that would report valid certificates as untrusted. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.
cd5cd20b3a4bed05c5258f164bc821d426a546541e352c7b1df7b0f42f117abf
Ubuntu Security Notice USN-689-1 - Alfredo Ortega discovered a flaw in Vinagre's use of format strings. A remote attacker could exploit this vulnerability if they tricked a user into connecting to a malicious VNC server, or opening a specially crafted URI with Vinagre. In Ubuntu 8.04, it was possible to execute arbitrary code with user privileges. In Ubuntu 8.10, Vinagre would simply abort, leading to a denial of service.
687179c7ff2f3d8c3d0ba8d1cea02e0fb56b192c40b7427f449f28a024e4acef
Technical Cyber Security Alert TA08-344A - Microsoft has released updates that address vulnerabilities in Microsoft Windows, Internet Explorer, Word, Excel, SharePoint Server, Visual Basic 6 and related components.
8883648b6f3e2c04e5be8f8603bfa8bc5bbdb6d8312fc76f60ab0b137ed930d2