Whitepaper called Introduction to Cross Site Request Forgery. Written in Persian.
acc26b2546c9db860528e7369f90e357f092c1dc969f3867a61a5d32f0eea508
NCP Solutions version 3.1 suffers from a remote SQL injection vulnerability.
e1be2ba343567e9223a36652208a307bc0c707b2e265c2b6d114663c923e7689
LUCille Script version 2.3 suffers from a remote SQL injection vulnerability.
cfdea51a614cd8b387e029b4a258a7be8b518315002c32bd065f1b65893e1efc
PacSec 2010 Call For Papers - The conference will be held November 10th through the 11th in Tokyo, Japan.
3893b22e5a2ddd35925e0931ae3c03724707764b0ce2c2bf922e514683c9a4fc
Secunia Security Advisory - VMware has acknowledged a vulnerability in various VMware ESX products, which can be exploited by malicious people to potentially compromise a user's system.
98288895449500a19db8f7ee1e1e731ac18e7eb4a9ec2ca78375f32822279b43
Secunia Security Advisory - VMware has issued an update for VMware ESXi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
8ba03f7468622ad4a2ad81c963df4edf043df2b0add274d0c1c064c62556e6e6
Secunia Security Advisory - VMware has acknowledged a security issue in VMware vMA, which can be exploited by malicious, local users to potentially gain escalated privileges.
8f5018b833acb56f430ac9805d2ae7154b3df46d08d7dd5f1e7059d5cc0fd873
Secunia Security Advisory - VMware has acknowledged a vulnerability in VMware vMA, which can be exploited by malicious people to potentially compromise a user's system.
14f0529d79b641358834f8714d17f19f3d5a9406bb6a3355b1767704326a236f
Secunia Security Advisory - VMware has acknowledged a vulnerability in VMware vMA, which can be exploited by malicious people to cause a DoS (Denial of Service).
697ebb9c4454d3763a2ad39ff8603927741b7be24ef40661af1960f7b0f6a250
Secunia Security Advisory - VMware has acknowledged some vulnerabilities in VMware vMA, which can be exploited by malicious, local users to disclose certain system information, overwrite arbitrary files, bypass certain security restrictions, cause a DoS (Denial of Service) and gain escalated privileges, and by malicious people to cause a DoS.
d696a6d82dc2d3300fc2b1ea532e644644475309765f2182f4c4665132271680
Secunia Security Advisory - John Leitch has discovered a vulnerability in Home FTP Server, which can be exploited by malicious people to conduct cross-site request forgery attacks.
892d4f78a222efeed8f9209e75e3d46095191978206540e48c09b2212e1d8ae8
Home FTP Server version 1.10.2.143 suffers from a directory traversal vulnerability.
2f06167fdaf06832de2d57613482d2f70c245cc8a54490e2dce55331794214d6
The Joomla MediQnA component suffers from a local file inclusion vulnerability.
f1fd1e83c30ec62f15640c3fe8320ec21d9f762d088688d6c6ef96b898ddd999
Mandriva Linux Security Advisory 2010-110 - The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length. Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling. This update provides clamav 0.96.1 which is not vulnerable to these issues.
8265db2be8f314e34b496a700d50e5bbb34294ef05e4b5aa3d2947737ecefc69
Whitepaper called Cross Site URL Hijacking by using Error Object in Mozilla Firefox.
993115eaca328415779f0ad41ec21241e1acdc72bd095710c3cc2939a0d118f5
NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
72a518658d17a8e88988867f00b4bfd8e5da11e3ca2bcff97091c5f435a13b7e
Ubuntu Security Notice 945-1 - It was discovered that ClamAV did not properly reallocate memory when processing certain PDF files. A remote attacker could send a specially crafted PDF and crash ClamAV. An out of bounds memory access flaw was discovered in ClamAV. A remote attacker could send a specially crafted Portable Executable (PE) file and crash ClamAV. This issue only affected Ubuntu 10.04 LTS.
cc7d52c9fd696386c5ee3ad281de63e4fe60807ff4ac7374646f205fcc5e26d7
Nginx web server versions 0.6.36 and below suffers from a path traversal vulnerability.
c8c2faee0dfc75f1004b96cc34f362329297ccf297f8d880789ce34e25330c4c
Hampshire Trading Standards Script version 1.0 suffers from a remote SQL injection vulnerability.
bf5accb6ef4abd93273fda1984d76e43f10600b9f9d496fa5590c82eaef7ea88
Mandriva Linux Security Advisory 2010-109 - gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. This update fixes this issue.
fd37a0333074f22843b9284dc068deae15fe1b07943400355e8d7a51c292c24d
Whitepaper called Improve File Uploaders' Protections. It focuses on Windows-based web applications.
803f2abcacda9201f41388593ce11f07255874a6d23932ff67d843faf023b0fe
FreeBSD Security Advisory - The NFS client subsystem fails to correctly validate the length of a parameter provided by the user when a filesystem is mounted.
70736852d69a5ba3339928319cc037983dc3817d723837db593e3435317fcb66
FreeBSD Security Advisory - The jail utility does not change the current working directory while imprisoning. The current working directory can be accessed by its descendants.
b2bcf78251c6486bcf6a16cbff4254da82066d5d6d8dfee5d7e784cbe34d6018
Game ID version 1.0 suffers from a remote SQL injection vulnerability.
7e617a391cecdcf87c213607ed72b4dac49d2f608a91bd563b6d7eafc7c7c757
Whitepaper called Finding vulnerabilities in YaFtp version 1.0.14.
df7b6114136d60935a464739865eac6e7866ddee528d58b47d356fb5c6881b15