Technical Cyber Security Alert TA09-020A - Disabling AutoRun on Microsoft Windows systems can help prevent the spread of malicious code. However, Microsoft's guidelines for disabling AutoRun are not fully effective, which could be considered a vulnerability.
c47068e2df37a3ca1b19e9cdc0bb96b416950b41a92133a2740111ec322a9d3e
Joomla component BazaarBuilder Shopping Cart version 5.0 remote SQL injection exploit.
83cb345db0a718bd8a9b458015dd56cfed1e0b671ba4ae0bbc17cce7580b22c3
Call for papers for the 16th ACM Conference on Computer and Communications Security (CCS) 2009. It will be held from November 9th through the 13th at the Hyatt Regency in Chicago, IL, USA.
eb040e7400ffcad5e0fc87bacef6af773721344ee3cfcb9c9851698729f59548
Joomla pcchess component blind remote SQL injection exploit.
c66a525113753084f9ad9d2a2edc1ce5869b11d122a526c3680a16334e5e3f80
Browser3D version 3.5 local buffer overflow exploit that spawns calc.exe.
65a84bac3a4200766df80471f06a0c9919c9929ffa4a549f3d00230e38ef195f
Secunia Security Advisory - Julien Cayssol has reported a vulnerability in RoundCube Webmail, which can be exploited by malicious people to conduct script insertion attacks.
c624a654afdd06714b80e09d734a0ec27e6dad3f90eba7d34ec3c907668b3c2f
Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, and potentially gain escalated privileges, and by malicious people to cause a DoS and potentially compromise a vulnerable system.
d2f12cff3e23ab70c3e6b2ddcdd09488256733f8fae35c3c226302d2d03a86c8
Secunia Security Advisory - Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and session fixation attacks, and compromise a vulnerable system.
a59775329f772591c47f3cd06542376ed8547544f4a106a63a2e17d7a96bbf58
Secunia Security Advisory - rPath has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
60f1b5023f372a1663c7e3349ec5fc024493f0a41fe36461a322146694dc6b67
Secunia Security Advisory - rPath has issued an update for ntp. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
181a81fe217d45f6389cbacbb5c15495ee1c792473dd10e1f26cd49c59ec2df8
Secunia Security Advisory - Osirys has discovered a vulnerability in FhImage, which can be exploited by malicious users to compromise a vulnerable system.
bb84ca48e6516568c30fbc3b8ad2c1e4ec5820adeca7a06af9b00275f065f8f4
Secunia Security Advisory - A vulnerability has been reported in various Horde products, which can potentially be exploited to conduct cross-site scripting attacks.
bde2a885b3373b91e679a06fb8af0550825ab0fed53b5d0247b4eeb5c9129489
Secunia Security Advisory - rPath has issued an update for perl. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
e1eacf04282c48be85251f20428d654f4542636d253d7474b0c784bf892bd6a2
Secunia Security Advisory - SirGod has discovered a vulnerability in Max.Blog, which can be exploited by malicious people to bypass certain security restrictions.
b731b0f8e99f057b22f36f884964baff16348ba24b95f7262ce40043091e756c
Secunia Security Advisory - Houssamix has discovered two vulnerabilities in SmartVMD ActiveX Control, which can be exploited by malicious people to overwrite and delete arbitrary files.
8f39ccdcdc80870bef99bb1a28fa9b47c4ebccf6ae484e2f7eb2bd3b21ce9f7f
Secunia Security Advisory - cOndemned has discovered a vulnerability in Dodo's Quiz Script, which can be exploited by malicious people to disclose sensitive information.
1a3b5ce3950633b3de20c3a103856f0cb75537e62c3e9021a36488bd743b9056
Secunia Security Advisory - sasquatch has reported some vulnerabilities in MoinMoin, which can be exploited by malicious people to conduct cross-site scripting attacks.
5c01bbbd279f40ea5915f6c66dfaf65acd709dc19d5ef071a4bceb5cbd03e878
Secunia Security Advisory - A vulnerability has been reported in multiple AJ Classifieds products, which can be exploited by malicious users to compromise a vulnerable system.
222c80b3a8fa798d529dbe70562e0905b03beb3ad3168d46aac494ab9a81222e
Secunia Security Advisory - Snakespc has reported a vulnerability in AJ Auction Pro, which can be exploited by malicious people to conduct SQL injection attacks.
2d4085562cf2fd2c40226ee8664b14fa441170e9df49b7473b40c84176d2f822
Gentoo Linux Security Advisory GLSA 200901-13 - Multiple vulnerabilities have been discovered in Pidgin, allowing for remote arbitrary code execution, denial of service and service spoofing. Versions less than 2.5.1 are affected.
5c8641ff9d8829a4bc791d6ebd5e292ed9e0f6181c8a3aa77d4706bac8585743
The MoinMoin Wiki engine suffers from a cross site scripting vulnerability.
71612f0939dd02312ba6da7b58038a198f21ab2976cca17dfa45b396d4d849db
HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to allow execution of arbitrary code.
9d87cfd224d657bec6e6e622629bf5c8c90e14e9ef5db3d8c3fc7bdca55c1fe9
Secunia Research has discovered a vulnerability in OpenSG, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a boundary error within the "HDRImageFileType::checkHDR()" function in Source/System/Image/ OSGHDRImageFileType.cpp, which can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted Radiance RGBE (*.hdr) file. Successful exploitation allows execution of arbitrary code.
0a0ddef036ae7c83eee5bfb6b1e7145ac35c00fbf80dfe9fc0b15b4281e02ef4
Secunia Research has discovered a vulnerability in EasyHDR Pro, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when reading Radiance RGBE (*.hdr) files. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted Radiance RGBE file. Successful exploitation allows execution of arbitrary code.
502aa20f90bf8ac76a51febb63dc82bde4517976821a113057dc8906935e7a1f
Secunia Research has discovered a vulnerability in Trend Micro Network Security Component (NSC) modules as bundled with various products. This can be exploited by malicious, local users to manipulate firewall settings regardless of configured security settings. Trend Micro Internet Security includes a management interface for users to configure e.g. the firewall settings. To prevent any user from changing the settings, password restriction can be enabled. However, the password check is implemented in the configuration GUI and not in the Trend Micro Personal Firewall service (TmPfw.exe). This can be exploited to manipulate the firewall settings regardless of whether password restriction is enabled by sending specially crafted packets to the service listening on port 40000/TCP.
14e5723a30a912815698371b3902fd0234aef39e72139380016e2e560c406856