Kiwicon '09 Call For Papers - This year Kiwicon will be held from November 28th through 29th, 2009.
a1b80a48f307d2f41844c793e4aa75d2285dbceb749436ac8b32d0882aa8e003
Ubuntu Security Notice USN-816-1 - Moxie Marlinspike discovered that fetchmail did not properly handle certificates with NULL characters in the certificate name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
f84db5283372ab8ae42ba4dff0f41857f47a11217c3e188b9ac25bc8e7124c00
SAP NetWeaver Application Server version 7.0 suffers from a cross site scripting vulnerability.
610f63e221cf5f949da2e1908a76e98d823e3e6ea118b70ae0b3851af53f78bf
Solo Artist websites suffer from a remote SQL injection vulnerability.
091da3a309c6e3d2c31d335ce30251e3a502860a8ac1f4f060090592ac9a9c62
Microsoft Wordpad on Windows XP SP3 memory exhaustion exploit.
841a5199863cf199f595ac60421069edd4b38c15d2488e722bd45fadae96fd56
Shorty version 0.7.1 Beta suffers from an insecure cooking handling vulnerability that allows for authentication bypass.
c8a4a0c14c920cf3542bc100815086b75f34ae49a560971714b7134aaf48864f
Positive Technologies Research Team has discovered a privilege escalation vulnerability in Windows Message Queuing service (MSMQ). The IOCTL handler in mqac.sys does not properly validate buffer data associated with the Irp object, which allows local users to crash the system or execute arbitrary code with SYSTEM privileges.
8ffd0feedce3b0229ddad304c6664e17c7f172827df31047e4e31a0d9b51cb9a
Plume CMS version 1.2.3 suffers from multiple remote SQL injection vulnerabilities.
5bab71211c2f6a9682fddb09d837104f9ba905d676baa82f8739cd6ac897894f
Debian Security Advisory 1860-1 - Several vulnerabilities have been discovered in Ruby.
11affe671bc325d35bbacdaba1cc0dff84af2b4d7f43397ff4731fd74ebce484
Chavoosh CMS suffers from a remote SQL injection vulnerability.
5d8b0d5eabab77269e7db713b44de77861e2b73ac20e3557c77c7855831cb827
Gallarific Photo Gallery versions 1.0 and below suffer from arbitrary delete and edit vulnerabilities.
9427a5192b7c90ffca967f07d2b87723cd28ea3ba3f68619ba9b72b7ce598bbe
Mandriva Linux Security Advisory 2009-201 - socket.c in fetchmail before 6.3.11 does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. This update provides a solution to this vulnerability.
62d87310d1b7c54e45458614ca4c8fb88bc2d0ec7cd3071189a4242f8e2c8506
Mandriva Linux Security Advisory 2009-200 - Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework. Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. This update provides a solution to these vulnerabilities.
7e6657952e115da5b19bd1bde6b82731faf8087d3e384fe835d033a219a639b3
Gazelle CMS version 1.0 suffers from password reset, local file inclusion, cross site scripting, and remote command execution vulnerabilities.
eba2b3c41ae5e77c75a8f1c5bf03e2abb521b03ade02a8a05b9981a69224a252
2Wire Gateways suffer from a remote password reset vulnerability that allows for authentication bypass. Versions 2071 Gateway, 1800HW, and 1701HG are vulnerable.
bcf03cf41785e1546ced74abf07c45219887bda85fd037204944016c0203f0b3
Safari 4 versions prior to 4.0.3 suffer from a Top Sites hijacking vulnerability. Proof of concept code is included.
f0bc8d79203a653e1efd471cc613e69ab50203cd696d1fc4f46afd708760d5fb
JibberBook suffers from comment information disclosure and html injection vulnerabilities.
98ab48bd1dff2c59cfeeb6cbec8d5fb2e76d6cbef008a405220e5798e9ad7760
HP Security Bulletin - A potential security vulnerability has been identified in Samba running on the Internet Express for Tru64 UNIX. The vulnerability could be exploited remotely to disclose information on the Samba server.
5fdbf41b12769d64a1911ec21ebaef9f9088fe5065040d53d43411b9563677b3
The Mu Dynamics Research team has found several vulnerabilities stemming from unsafe use of the sscanf C standard library function. Asterisk versions 1.6.1 through 1.6.1.2 are affected.
4b4ca564af6eb635dec77a8869f1db6582e448ddc90620d17fb84789c0b6f227
Easy Music Player version 1.0.0.2 universal local buffer overflow exploit.
789a6d932e4542932b3551b62d1cbd4b1743afa756cefe98ac1097968ea10c1d