Secunia Security Advisory - Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious, local users to disclose sensitive information and potentially gain escalated privileges, and by malicious people to bypass certain security restrictions, disclose potentially sensitive information, and compromise a user's system.
4c03a343dc37fc02680d9e728b0a3094d7f5f988718e58943b2623b3fc181bee
Secunia Security Advisory - Secunia Research has discovered a vulnerability in Orbit Downloader, which can be exploited by malicious people to compromise a user's system.
61239f76c159614bbb48c91bea6c0d632fb2177e1993d4dd9be115b87e3fb679
Secunia Security Advisory - Some vulnerabilities have been reported in Adobe RoboHelp Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
c6ba6048f03db55303083186793279ef0cbb717c8c12cb5ecac41b961b5048e9
Secunia Security Advisory - A vulnerability with an unknown impact has been reported in CATIA V5.
d53874ae9510b390c8625157ab5d4f6e3fe057a638c4b87c4f454faa3c4f5833
Secunia Security Advisory - A vulnerability has been reported in Adobe RoboHelp, which can be exploited by malicious people to conduct cross-site scripting attacks.
28a681e29fc925bc8ae56cdbacdfbe2f7c2db97a9e9e1b5db28f08e6550e3ca9
Secunia Security Advisory - A vulnerability has been reported in the piCal module for XOOPS, which can be exploited by malicious people to conduct cross-site scripting attacks.
afa0ae1c2d241b6c789dfdf7011bcc6332afd21c21ead8e611e6e46edefc4770
Secunia Security Advisory - HP has acknowledged a vulnerability and a security issue in HP OpenView Network Node Manager, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).
48561ee5ad817725ecc8837ef3aa53c00f7bbdd2dfe8956a5a1ea218890c756e
Secunia Security Advisory - A vulnerability has been reported in ZNC, which can be exploited by malicious users to bypass certain security restrictions and compromise a vulnerable system.
456091068437a69839755d920d21797e7b7235252750232830f1f67e6bba3825
Secunia Security Advisory - Fedora has issued an update for trickle. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
d441906c95bd417e7ca7a04ade29fc642601c1b6d012e2c8dc6a52f01b120647
Secunia Security Advisory - A vulnerability has been reported in OpenGoo, which can be exploited by malicious users to bypass certain security restrictions.
9b6820e67d3d9a0c25e832af17016af51b0b1f51c4b6ce88ec441e3810e3d938
Secunia Security Advisory - IBM has acknowledged a vulnerability with an unknown impact in IBM Websphere Application Server for z/OS.
f1b337efff9c99b5d6c3eb3f6881f7ff2ee5690f71c6b79ceb3827af5ac690e5
Secunia Security Advisory - Secunia Research has discovered a vulnerability in SHOUTcast, which can be exploited by malicious people to compromise a vulnerable system.
bbc44e6ee8456cfab520fb7e7521501b53cef5d9cc88332d5e96ed9708e56460
Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in ksquirrel-libs, which can be exploited by malicious people to compromise an application using the library.
04ad92ffaeff69cd629ab2ba58e2377190f1a6edc6177ee24f24e3024d4b6d2a
Secunia Security Advisory - A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.
ab3d35b1b4cc8217f3939767cb09935bf62e4c2ef8af165bfbd77d1b4f8daf03
iDefense Security Advisory 02.24.09 - Remote exploitation of a invalid object reference vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. During the processing of a Shockwave Flash file, a particular object can be created, along with multiple references that point to the object. The object can be destroyed and its associated references removed. However a reference can incorrectly remain pointing to the object. The invalid object resides in uninitialized memory, which the attacker may control to gain arbitrary execution control. iDefense has confirmed the existence of this vulnerability in latest version of Flash Player, version 9.0.124.0. Previous versions may also be affected.
780e892128d7d79681ecb9f2b0c8adb3af7430a9be41d1863f245d1dd740cf75
Mandriva Linux Security Advisory 2009-054 - Cross-site scripting (XSS) vulnerability in Nagios allows remote attackers to inject arbitrary web script or HTML via unknown vectors. The updated packages have been upgraded to the latest version of nagios to prevent this.
544c4685dc0a733c59dfbcf1a766af69dc7f1253439bcb798e1e8d1ca4292635
Mandriva Linux Security Advisory 2009-053 - Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. Additionally many of the bundled plugins has been upgraded. The localization has also been upgraded. Basically this is a syncronization with the latest squirrelmail package found in Mandriva Cooker. The rpm changelog will reveal all the changes. The updated packages have been upgraded to the latest version of squirrelmail to prevent this.
f10d6407afc5ea153fd0b88200f19c313fb2c56e5f2651a605edc858330a1d0c
Mandriva Linux Security Advisory 2009-052 - The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka php executed in templates
320925f85c4d23b112e37e7cf0cd11335ace328e819692e57ca631de75eb3fca
pPIM version 1.0 suffers from a large amount of security issues including cross site scripting, SQL injection, authentication bypass, password disclosure, and code execution vulnerabilities.
867a21afa0b3a477d7216572f04d5013ccf1cc6079e5ee2726b45c0da1e4458a
Netragard, L.L.C Advisory - The Cambium Group Content Management System (CAMAS) Failed most Open Web Application Security Project ("OWASP") criterion during testing.
6dc9216857c8b8a7de3efc27c3d5195a6260f1f1903675c0dbdb8d568555f4bb
VMware Security Advisory - Update for VirtualCenter updates the Tomcat package to version 5.5.27 which addresses multiple security issues that existed in the previous version of Apache Tomcat.
c355b6e2f3962839d0823d64d74f68d14bbda56c666d5663b4c909775faa2654
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
53c34cba5b945d668a3b9f520f2e7a4716f9cb0a7f48ffe15851454032cc03bb
dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts.
a6f9a40c9bbde3778c9c523f59e469d3dabfeadfc17dc95a8b955cf93d81a15f
Whitepaper called Wi-Foo Ninjitsu Exploitation. It touches on methods of cracking keys, tools involved, and how to break basic simple defenses.
f73687ecb0c453b0161adb863066bbad00c22a65d1479f219fa5be0605bb517b
Mandriva Linux Security Advisory 2009-049-1 - A vulnerability have been discovered and corrected in PyCrypto ARC2 module 2.0.1, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length. The updated packages have been patched to prevent this. The previous update package was not signed.
b18c87b6823d40961d07979b10ab0567db6472ac2c3f2d3d3378d1cb70a26ca7