25 products from dMx READY all suffer from a remote database disclose vulnerability. Version 1.1 of Testimonials Manager, Site Engine Manager, Secure Login Manager, Secure Document Library, Registration Manager, Portfolio Manager, Polling Booth Manager, Photo Gallery Manager, PayPal Store Manager, Online Contest Manager, News Manager, Member Directory Manager, Mailing List Manager, Account List Manager, Billboard Manager, Catalog Manager, Classified Listings Manager, Contact Us Manager, Document Library Manager, Event Listing Manager, Faqs Manager, Job Listing Manager, Landing Page Manager, and Links Manager are all affected. Members Area Manager version 1.2 is also affected. DMXReady has stated that the following release addresses this security issue.
df486b4f263d494c527f0748fd3320759a556c925cc4697ca07841d882730977
PWP Wiki Processor 1-5-1 suffers from a remote shell upload vulnerability.
83a7f6dac45df85481372ae895e5757e05aecbecdd7c000855ce907d244a11fa
Excel Viewer OCX version 3.2 arbitrary file download and overwrite exploit.
21c20712b13cc0aafe8584748354985796a09c4fdd4be07e3b6c9a78fc389323
Realtor 747 version 4.11 suffers from a remote file inclusion vulnerability in define.php.
54a5e488d3d8ab34894543abe228dcaf53254229ee294d037ae9da1c4bb0cef4
Gentoo Linux Security Advisory GLSA 200901-08 - Multiple vulnerabilities have been reported in Online-Bookmarks. Versions less than 0.6.28 are affected.
291be486814345377f4516d26b5d77146c3743894bf617849c8d7160a0b0d998
The Joomla Portfol component suffers from a remote SQL injection vulnerability.
e14b7f15681ede07a072d0be5cc443299f5dc13e94dfcd39b4d5bc4ccfa5701b
Debian Security Advisory 1703-1 - It was discovered that BIND, an implementation of the DNS protocol suite, does not properly check the result of an OpenSSL function which is used to verify DSA cryptographic signatures. As a result, incorrect DNS resource records in zones protected by DNSSEC could be accepted as genuine.
2870f20bb99066f6892b5f6fa5169dbaaf0c0c11caa6558bdfeb5f57ca91f20e
Wordpress plugin WP-Forum version 1.7.8 suffers from a remote SQL injection vulnerability in forum_feed.php.
59b95836af54cf323cec67e10d4a75e3ddc488f6dc3663094f1660039f189a97
Debian Security Advisory 1702-1 - It has been discovered that NTP, an implementation of the Network Time Protocol, does not properly check the result of an OpenSSL function for verifying cryptographic signatures, which may ultimately lead to the acceptance of unauthenticated time information. (Note that cryptographic authentication of time servers is often not enabled in the first place.)
da30bda0f6254fc59ac6cfd41f4e732342fec33fac7d90562e8150b9449d09d3
Simple Machines Forum Destroyer version 0.1 that performs multiple malicious acts.
571c46e28eeed37f560de46ede3b84cc7932ce975f95677b6f5e13c306ebc67c
Debian Security Advisory 1701-1 - It was discovered that OpenSSL does not properly verify DSA signatures on X.509 certificates due to an API misuse, potentially leading to the acceptance of incorrect X.509 certificates as genuine (CVE-2008-5077).
82596423956ee15a8376f75613cf4b6a394787f41372c89ee99020f4389b471c
Proof of concept heap overflow exploit for Triologic Media Player 7 that creates a malicious .m3u file.
c0bca48398cfa9030b3e7438393431fed74cf74f7f12c95159f0e54b380f83db
Short whitepaper discussing the basics of ARP spoofing.
56f3378dd01789a74ddf49e5ff62368ae70ce2e7c90c4aef079ee4fb53ef02b7
Whitepaper entitled Short Review Of Modern Vulnerability Research.
50f3d7b703ae7599064134dd9771cdf630e1cfeb90294a067782e794b36e361e
Whitepaper discussing anonymous navigation of the Internet. Written in Spanish.
0b41da26eab88d13fad3fbc57615b994397df2dcf6b72b8b1ea628f55bd15e1d
Gentoo Linux Security Advisory GLSA 200901-07:02 - Multiple vulnerabilities in MPlayer may lead to the execution of arbitrary code or a Denial of Service. Versions less than 1.0_rc2_p28058-r1 are affected.
a0d17e5282ee3f678c9d2f0857185c3ffd590e9cd23b30ec57e917b7dd662cb4
HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to create a Denial of Service (DoS).
c97f302cc2e1218201ba03418fa7066a3111c58abd5ae5cbf808dd294d809c85
Ubuntu Security Notice USN-707-1 - It was discovered that CUPS didn't properly handle adding a large number of RSS subscriptions. A local user could exploit this and cause CUPS to crash, leading to a denial of service. This issue only applied to Ubuntu 7.10, 8.04 LTS and 8.10. It was discovered that CUPS did not authenticate users when adding and cancelling RSS subscriptions. An unprivileged local user could bypass intended restrictions and add a large number of RSS subscriptions. This issue only applied to Ubuntu 7.10 and 8.04 LTS. It was discovered that the PNG filter in CUPS did not properly handle certain malformed images. If a user or automated system were tricked into opening a crafted PNG image file, a remote attacker could cause a denial of service or execute arbitrary code with user privileges. In Ubuntu 7.10, 8.04 LTS, and 8.10, attackers would be isolated by the AppArmor CUPS profile. It was discovered that the example pstopdf CUPS filter created log files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS.
a74367854a58a1911ddaa489d9fd8218667d9571e9707336bebfe1ff63c0d9c3
Photobase version 1.2 suffers from a local file inclusion vulnerability.
da7323de95f44258f494317be4115529489d8d4e08c4dea0eaee5c57ce114b51
SyScan 09 Call For Papers - The Symposium on Security for Asia Network aims to be a very different security conference from the rest of the security conferences that the information security community in Asia has come to be so familiar and frustrated with. SyScan is a non-product, non-vendor biased security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia. This year SyScan will be held in Singapore, Shanghai, Taipei, and Hong Kong.
e1ca1b1275ff1fd471ee95f39b99988e7bdb740df332b2077b9cda5d57d1a00d
Visuplay CMS suffers from a remote SQL injection vulnerability in news_article.php.
26e8a8a80fa8c769b0fd4828b1331b5c7eb265a3cf81664e81039f5dc2f51629
The Aethra SV 1042 ADSL/VOIP router suffers from a local password retrieval vulnerability.
976d182fc143e63de58d9115d3e6324a208d6c56c7b880013bebf560b4fa6866
The Ovidentia portal generator suffers from cross site scripting vulnerabilities.
f5fdff9b27486dd9e03b03a1cdd8cdd6f4d5957803430461270a1bc7755283b7
Interspire Shopping Cart versions 4.0.1 and below suffer from a remote authentication bypass vulnerability.
94975000acca58a49393a3f3d1842b09ca8ecd7cef44b79521ff5233267014a5
Silentum Upload version 1.40 remote file deletion exploit.
098f53a317c79b74ca7317aac3e3675febd3f9fe398fadfd2b64a316a2a6c08c