Secunia Security Advisory - darkjoker has reported a vulnerability in Pizzis CMS, which can be exploited by malicious people to conduct SQL injection attacks.
37471abeec03e68a07b34f276da3ba23234b2c908ea22b8833767e6cee3c895b
Secunia Security Advisory - Some vulnerabilities have been discovered in Openfire, which can be exploited by malicious people to conduct cross-site scripting attacks, and by malicious users to conduct script insertion attacks and disclose sensitive information.
e3d23eedae5c7ae267580354b0a456a9097e04cdaa4525e87f055679ca05f808
Secunia Security Advisory - Fujitsu has acknowledged a vulnerability in Interstage HTTP Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
1f5dc7c337c975ea5cfc39d82f44d0c1e8d4d1ffc61ba6305593c0832c1c0ca4
Secunia Security Advisory - Gentoo has issued an update for dbus. This fixes a weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
a849dadb2fb452ed3168ea3779b729b0ecb700cac81e7a8a4d81e30eb5ac8f98
Secunia Security Advisory - Debian has issued an update for zaptel. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.
30c752a94f075ddb4d3a1abd1c211a54a7c16b12feebb229af63fd43eed7e9da
Secunia Security Advisory - Gentoo has issued an update for pdnsd. This fixes some vulnerabilities, which can be exploited by malicious people to poison the DNS cache and cause a DoS (Denial of Service).
3eac3faa6258b411d548dff10ee1160cfc2eab42bf5d5fd27e9050be06250c5b
Secunia Security Advisory - A vulnerability has been reported in Photobase, which can be exploited by malicious people to disclose potentially sensitive information.
9348e5da35783fb6bbb77de5fe5c229f7aad91a9255fcb0d5b6455cf315b0084
Secunia Security Advisory - A security issue has been reported in BluePex IE-2000, which can be exploited by malicious people to hijack user sessions.
8a9e43f191aedc6bc6bb2b9ce28a283ec7704016c5094d81999696ac73baf9a8
Secunia Security Advisory - A vulnerability has been discovered in FTTSS A Free Text-To-Speech System, which can be exploited by malicious people to compromise a user's system.
3843b1d8350642dd3c7f8bf8a0c7dd13f1babc71ec41967802eb1124fff65dda
Secunia Security Advisory - A vulnerability has been reported in SocialEngine, which can be exploited by malicious people to conduct SQL injection attacks.
22049b7b4de389f8682465fb4e4b2664ed08dc42a97ee0292957b29ea1fbcece
Secunia Security Advisory - EcHoLL has reported a vulnerability in the JA Showcase component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
c3d60ff3f7ea3381eaa85204a558a74ddfe3cf131e44839b1b8a5d2a10e90a33
Secunia Security Advisory - Tobias Klein has reported a vulnerability in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
2db7b98fc05a03611570846806a84efcd591cce461ce1118e35e1dd2523ee4a4
Secunia Security Advisory - Sun has acknowledged some vulnerabilities Adobe Reader included in Solaris, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a user's system.
f90d6e0cdf368948ebc5c054f7fbb5082dc56adb84597b02f93057cf848641a1
Secunia Security Advisory - Debian has issued an update for gforge. This fixes a vulnerability, which can be exploited by malicious users to conduct SQL injection attacks.
7c285dd3f3356416ac9ca757fd42fc638f1ed9f7edae859e5a3c8884d1e2b148
Secunia Security Advisory - Gentoo has issued an update for ndiswrapper. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
38184c796e1f03637dd4a16d179fc6cc7bb163a5fcd04e4be0d87a74dacd93f9
Secunia Security Advisory - Gentoo has acknowledged a vulnerability in tremulous and tremulous-bin, which can be exploited by malicious people to compromise a user's system.
ab563d4234b63e3eb800a268569746dd51ce31b423a8d205441ca3f57d22dfb4
Secunia Security Advisory - Gentoo has issued an update for streamripper. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
9e95568d3c0af69745390ab8c924e092c4ba404af1c258691d9cf8a220646fc1
Technical Cyber Security Alert TA09-013A - Microsoft has released updates that address vulnerabilities in Microsoft Windows and Windows Server.
e75326eac91ff0879a316cad42c59c87ad8221678d44f6c8d8efb5e387f6d5e0
NGSSoftware Insight Security Research Advisory - Oracle has just released a fix for a flaw that, when exploited, allows a low privileged authenticated database user to gain MDSYS privileges. This can be abused by an attacker to perform actions as the MDSYS user. MDSYS.SDO_TOPO_DROP_FTBL is one of the triggers that forms part of the Oracle Spatial Application. It is vulnerable to SQL injection. When a user drops a table the trigger fires. The name of the table is embedded in a dynamic SQL query which is then executed by the trigger. Note that the Oracle advisory states that the attacker requires the DROP TABLE and CREATE PROCEDURE privileges. This is not the case and only CREATE SESSION privileges are required.
5121c42e5d2e8b18156a9dd21c0939cd3a695ecc1539eda09d741e19ef556402
Denial of service exploit that leverages the Cisco VLAN trunking protocol vulnerability.
819cd6e950c24628ffc5d8355a9c1b17a359e46aad41605824a5377480470d44
iDefense Security Advisory 01.13.09 - Remote exploitation of an input validation vulnerability in the authentication component of Oracle Corp.'s Secure Backup Administration Server could allow an unauthenticated attacker to execute arbitrary commands in the context of the running server. The vulnerability is in a function of common.php which is called from the login.php page. The script fails to sanitize the input when verifying the user has permission to use the service. Oracle Corp.'s Secure Backup version 10.1.0.3 for Linux has been confirmed vulnerable. Other versions and other platforms may also be affected.
676f52505a06f7b79799cd7fe2ffc5fade5bf578746eeec70f727c0fa7100f6f
iDefense Security Advisory 01.13.09 - Remote exploitation of two command injection vulnerabilities in the authentication component of Oracle Corp.'s Secure Backup Administration Server could allow an unauthenticated attacker to execute arbitrary commands in the context of the running server. In both cases, the vulnerabilities exist in PHP scripts that authenticate a user attempting to use the service. The first vulnerability is in "php/login.php". By making a login request with a specially crafted cookie value, an attacker can execute arbitrary code on the server. The second vulnerability is in "php/common.php". This function is called from the "login.php" page. A variable is used to specify a command to be run. An attacker can supply any shell command for this variable and it will be executed in the context of the web server process. Oracle Corp.'s Secure Backup version 10.2.0.2 for Linux, and Secure Backup version 10.2.0.2 for Windows have been confirmed vulnerable. Other versions and other platforms may also be affected.
1697cdfe744c84a5745ef437ce40fd26636f5d419badf01a27127a22ffea6cf5
iDefense Security Advisory 01.12.09 - Local exploitation of an arbitrary file rewrite vulnerability in Oracle Corp.'s Oracle Database 10g Release 2 database product allows attackers to gain elevated privileges. The vulnerability exists in a function that allows a user with an authenticated session to create any file or rewrite any files to which the database account has access. iDefense has confirmed the existence of this vulnerability in Oracle Database 10g Release 2 version 10.2.0.3.0 on 32-bit Linux platform and Windows platform. Previous versions may also be affected. Oracle Database 11g Release 1 version 11.1.0.6.0 is not affected by this vulnerability.
610c95b870b142b03e112907707ba9657094278aaa69f7396c8de41722da6c51
Zero Day Initiative Advisory 09-002 - This vulnerability allows remote attackers to trigger a denial of service condition on vulnerable installations of Microsoft Windows; remote code execution is also theoretically possible. User interaction is not required to exploit this vulnerability. The specific flaw exists in the processing of SMB requests. By specifying malformed values during an NT Trans2 request an attacker can cause the target system to kernel panic thereby requiring a reboot of the system. Further manipulation can theoretically result in remote unauthenticated code execution.
26370c7c5def0bb511ca074bc5b3a9bc06779774b405ad92a16dfd92dbb31ccd
Zero Day Initiative Advisory 09-001 - This vulnerability allows remote attackers to trigger a denial of service condition on vulnerable installations of Microsoft Windows; remote code execution is also theoretically possible. User interaction is not required to exploit this vulnerability. The specific flaw exists in the processing of SMB requests. By specifying malformed values during an NT Trans request an attacker can cause the target system to kernel panic thereby requiring a reboot of the system. Further manipulation can theoretically result in remote unauthenticated code execution.
43e2a4c33a4beac06827e2f438c4df66966c7b9811afacb11bf1a79bf43a19c5