FreeBSD Security Advisory - The ftpd server splits long commands into several requests. This may result in the server executing a command which is hidden inside another very long command. This could, with a specifically crafted command, be used in a cross-site request forgery attack.
2e6c5b82c449c824228fcb5c04163a13250ea1166e252761a367a4dc98ca8ae5
FreeBSD Security Advisory - Some function pointers for netgraph and bluetooth sockets are not properly initialized. A local user can cause the FreeBSD kernel to execute arbitrary code. This could be used by an attacker directly; or it could be used to gain root privilege or to escape from a jail.
68d6c56fdb87d6522cd80e38e97f33feb669cc5e02d6b6c06001e4a3bc436269
phpLD version 3.3 suffers from a remote blind SQL injection vulnerability.
b8d5ad2be0ad3b0eafd2ce9db7db38581bb0e2a0a0f276e817665641d09f14ef
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
6bad1825bd45ef8bf1e89e87f023e29b3ea29e67cfd0f9625ddb382f30bb8dc8
YourPlace versions 1.0.2 and below suffer from database disclosure and remote command execution vulnerabilities.Full exploit included.
bf6bd47311181eb315c8d4128b3b41645bc0bbaf15264b218123b220c36b26a9
Debian Security Advisory 1688-2 - The update of courier-authlib in DSA 1688-1 caused a regression with setups that do not use mail addresses for authentification. This update fixes this regression.
f1c674abc89edfd6995906bf6df08c575d2f8acbbe6f8d1eb03b079f71356346
Mandriva Linux Security Advisory 2008-241 - Multiple symlink attacks affect MailScanner Corporate 4.0.
0cca270a4a200073bacc1d788acece81468fc917a891f61fdbd3fc62d768f537
The COMTREND CT-536/HG-536+ wireless router suffers from cross site scripting and denial of service vulnerabilities.
e8ded362a9983498004f611e7c08bf91296aaa17ce46c202c71ca17637298313
Wordpress suffers from an unauthenticated forced upgrade vulnerability.
049f31a474dbed4dfbfa791b5e68172ea3a6c3e9b523e251a85274eba9a59934
Core Security Technologies Advisory - The VNC server of Qemu and KVM virtualization solutions are vulnerable to a remote denial of service condition, when specially crafted packets are received by the host VNC server causing an infinite loop. kvm-79 and below and Qemu versions 0.9.1 and below are vulnerable.Proof of concept denial of service exploit included.
01bd71a91a20f1a4de30de7941ac9062a84bce1186954b18716f1e73c0183e1d
Secunia Research has discovered a vulnerability in Trend Micro HouseCall, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an implementation error within the HouseCall ActiveX control (Housecall_ActiveX.dll). This can be exploited to e.g. download and load an arbitrary library file by specifying a custom update server. Successful exploitation allows execution of arbitrary code. Trend Micro HouseCall ActiveX Control versions 6.51.0.1028 and 6.6.0.1278 are affected.
9e66c81942f275bd4c568096bc7e97c86af7fb3bae3a6bbeb0c68e9f7a7968a2
RoundCube Webmail versions 0.2b and below remote code execution exploit.
f510b021ba4086a9fe8abba8d5295afa395890c7b73d7ad0f34567a43f3aa689
RoundCube Webmail versions 0.2-3 Beta and below suffer from a remote code execution vulnerability.
6f1e717d91ae7845d24e204d2ad541c1ad9795b646ca4e880f3445f8d655db66
Ubuntu Security Notice USN-698-2 - It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.
4e244374ea539938e1f6f7982c0d57401709ea018fc2a14023fe9f1283920975
Ubuntu Security Notice USN-698-1 - It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.
d9dfe7061cd9c715a0607cd9560ce84412a88d2dbe4f4a431ec91723cd520c8c
Ubuntu Security Notice USN-697-1 - It was discovered that Imlib2 did not correctly handle certain malformed XPM and PNG images. If a user were tricked into opening a specially crafted image with an application that uses Imlib2, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges.
d653df98d6170f274789b6210547268ba1a992b3243a8145e834c36ac982ae95
Ubuntu Security Notice USN-699-1 - It was discovered that Blender did not correctly handle certain malformed Radiance RGBE images. If a user were tricked into opening a .blend file containing a specially crafted Radiance RGBE image, an attacker could execute arbitrary code with the user's privileges. It was discovered that Blender did not properly sanitize the Python search path. A local attacker could execute arbitrary code by inserting a specially crafted Python file in the Blender working directory.
5cadcbf1d0c25ea0b4eeaefe61aba2f5aa7ba23cdc4e042bdbe6731fc0bbb9e2
Calendar Script version 1.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6fd54988a50b59ee196e214d2b0252177cc809aea052d0837a4b268586ab144d
RSS Simple News remote SQL injection exploit that leverages news.php.
bb756d3e04a9000709bf12c1b00932f18cf7b6763796d665342dbfc1782cf102
CUPS versions below 1.3.8-4 privilege escalation exploit.
fcaa2f0c97580164e7c63808d96436a666a8c9465fb6a71edc363e7961c2dc20
CoolPlayer version 2.19 skin file local buffer overflow exploit written in Python.
a1338c28f1cc7234a7ce053f6b8e41eb7baf28d0b63bd79c306bc9720db1e6a7
RedPeach CMS suffers from a remote SQL injection vulnerability.
4b0fef939f97b5f1b20e989bacee56cea4076e2dece817bbec620cc1a5f12c9f
SolarCMS version 0.53.8 remote cookie disclosure exploit.
4ce54630bc31a4088939b8873f37d694991328643e2bd8c2372d26d2d7011501
The Joomla Volunteer component version 2.0 suffers from a remote SQL injection vulnerability.
3615c71eb0caa276850e993f425808d02e80f161ae7670a965806a037b33fec2
Pligg version 9.9.5b upload shell and SQL injection exploit that leverages check_url.php.
c63cc0e77524a408b8b6a10e33d4da38d7d8d100056530404ad1218aa091bbd8