Debian Linux Security Advisory 2048-1 - Dan Rosenberg discovered that in dvipng, a utility that converts DVI files to PNG graphics, several array index errors allow context-dependent attackers, via a specially crafted DVI file, to cause a denial of service (crash of the application), and possibly arbitrary code execution.
b33cc64d4d349d0e62b276519f5d16f67fba2874d40653bf72218ee1e1a25199
Month Of PHP Security - The new phar extension in PHP 5.3 contains a format string vulnerability in the internal phar_stream_flush() function. PHP versions 5.3 through 5.3.2 are affected.
cc1e47d1b6a80eea813c4763d3c9be481928ee3189643eb432e88d686f3f68ac
Month Of PHP Security - An SQL Injection vulnerability was discovered in Cacti that allows to retrieve all data from the database. In Cacti installations with publicly viewable graphs this vulnerability is a pre-auth SQL injection vulnerability. Cacti versions 0.8.7e and below are affected.
996b7ff568192b5ed3be02ed2b958a472762b79721476e09acd4e723d3ad26c1
Month Of PHP Security - PHP uses the stream context during stream destruction, although it was already freed in the request shutdown before. PHP versions 5.2 through 5.2.13 and 5.3 through 5.3.2 are affected.
0dc931eb69c4ca111054feed1abc34e7434870a231fc6d4a8d722c895e3496da
Month Of PHP Security - PHP's fnmatch() function can be used to crash PHP through a stack exhaustion attack. PHP versions 5.2 through 5.2.13 and 5.3 through 5.3.2 are affected.
c13db5e41e6f631508f139cc4d97402b79a4a37c441571f27ad59bca30b2d145
Infoware suffers from a remote SQL injection vulnerability.
e285278f7a976b0525e9dc748e7b7ac507d92e1d874f72355d840ac68107d7b6
e107 remote code execution exploit.
d2271344d5cf5d94efc3503cc0a64e4494a69d740cc7827ec217430cd57fcdf4
Whitepaper called Backtrack 4 - Updating the Nmap 5.0 fingerprint database.
8ddf7ddfb4891a96b72e24b2fce2070da7fe636618462eb21cd09ff02a13e382
Recipes Website versions 1.0 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.
0c712dfbfbd7065e6f22818352b7d27a4ca4ab1d0aee4ef24bbe96f0d742ca79
Media Player Classic version 1.3.1774.0 suffers from a buffer overflow vulnerability.
881310f9173ff90b3b260bf14d76bc7612462ced55c5b9f99975e6ba2e0acce9
The Joomla DS-Syndicate component suffers from path disclosure and remote SQL injection vulnerabilities.
5db0a329dc0668235b6af25f3d9aea9bd62937dcfa9959b68f53ad5319e27aba
Debian Linux Security Advisory 2049-1 - It has been discovered that barnowl, a curses-based tty Jabber, IRC, AIM and Zephyr client, is prone to a buffer overflow via its "CC:" handling, which could lead to the execution of arbitrary code.
984f94ce04ccfad0ca01f8b88b9fda289c46faaf855a077b59241dc8b0f72816
Blaze Apps versions 1.4.0.051909 and below suffer from cross site scripting and remote SQL injection vulnerabilities.
e50cfb5a7c55363e883da8fcb53405daff31fc0955813d7e4cdec96d61685bb1
MMA Creative Design suffers from a remote SQL injection vulnerability.
1c1e0882e83f712e602b1c7d621337f47ef090ffb47b24b2e932d31649043467
70kft Design suffers from a cross site scripting vulnerability.
15138a9048c75b141b7dc9007e8555dc096d996ab51590fbe17423f86e89a3d1
Runt-Communications Design suffers from a remote SQL injection vulnerability.
2538eeee77b6b75ecbdc4d9f9b38b8a746897e0f7a1a08230d402c3a2e6861fa
Viper Corp presents an interview with Jeremy Brown.
2c18765846f39d3197c24c5dfa0833dad58c54a5be6df55528f9242e9afee9d6
BBMedia Design's suffers from a remote SQL injection vulnerability.
9bf5626807bd7bce7c7e35523fcee31b0429d425bddfe6a7cb45ed1013c6e7dd
Goffgrafix Design's suffers from a remote SQL injection vulnerability.
3ad17569254718de1d05839204fc65b6b5bd2211c48d30bf08ef6710fe31de58
Kingsoft WebShield KAVSafe.sys versions 2010.4.14.609(2010.5.23) and below suffer from a kernel mode local privilege escalation vulnerability.
17fca34022bf7c6b745aa66d33307d17c847110bb4ff1afb04b49e92d86e465d
The MKPortal Speed Connection module suffers from a cross site scripting vulnerability.
9f498ea5b74041bbaafb7fcd6b9ca218445d8d7b9055abb6e090bbb265dcc3b5
Webperformance Ecommerce suffers from a remote SQL injection vulnerability.
75e0a7987f220ea160ea242b543d4696fe3bb2a0cd7dc016a0832fd92b08f7f2
JV2 Folder Gallery version 3.1.1 suffers from local file inclusion vulnerabilities.
66650f60c534d9b3e3afa0c92d2e3d151a7801abf9cb2d8367eb3a2bd9e7a99b
eCreo suffers from a remote SQL injection vulnerability.
e893c38d7cb6141349bb65b89d49bed4417b67e72fa5ce887c805d4796a87688
This Metasploit module exploits a stack buffer overflow in the ANSMTP.dll/AOSMTP.dll ActiveX Control provided by CommuniCrypt Mail 1.16. By sending a overly long string to the "AddAttachments()" method, an attacker may be able to execute arbitrary code.
65f4583b340496aacd44bcd7b4987ace8fe604c038312ce81965057381f89f0f