Secunia Security Advisory - VMware has acknowledged a security issue in VMware vMA, which can be exploited by malicious, local users to potentially gain escalated privileges.
8f5018b833acb56f430ac9805d2ae7154b3df46d08d7dd5f1e7059d5cc0fd873
Secunia Security Advisory - VMware has acknowledged a vulnerability in VMware vMA, which can be exploited by malicious people to potentially compromise a user's system.
14f0529d79b641358834f8714d17f19f3d5a9406bb6a3355b1767704326a236f
Secunia Security Advisory - VMware has acknowledged a vulnerability in VMware vMA, which can be exploited by malicious people to cause a DoS (Denial of Service).
697ebb9c4454d3763a2ad39ff8603927741b7be24ef40661af1960f7b0f6a250
Secunia Security Advisory - VMware has acknowledged some vulnerabilities in VMware vMA, which can be exploited by malicious, local users to disclose certain system information, overwrite arbitrary files, bypass certain security restrictions, cause a DoS (Denial of Service) and gain escalated privileges, and by malicious people to cause a DoS.
d696a6d82dc2d3300fc2b1ea532e644644475309765f2182f4c4665132271680
Secunia Security Advisory - John Leitch has discovered a vulnerability in Home FTP Server, which can be exploited by malicious people to conduct cross-site request forgery attacks.
892d4f78a222efeed8f9209e75e3d46095191978206540e48c09b2212e1d8ae8
Home FTP Server version 1.10.2.143 suffers from a directory traversal vulnerability.
2f06167fdaf06832de2d57613482d2f70c245cc8a54490e2dce55331794214d6
The Joomla MediQnA component suffers from a local file inclusion vulnerability.
f1fd1e83c30ec62f15640c3fe8320ec21d9f762d088688d6c6ef96b898ddd999
Mandriva Linux Security Advisory 2010-110 - The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length. Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling. This update provides clamav 0.96.1 which is not vulnerable to these issues.
8265db2be8f314e34b496a700d50e5bbb34294ef05e4b5aa3d2947737ecefc69
Whitepaper called Cross Site URL Hijacking by using Error Object in Mozilla Firefox.
993115eaca328415779f0ad41ec21241e1acdc72bd095710c3cc2939a0d118f5
NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
72a518658d17a8e88988867f00b4bfd8e5da11e3ca2bcff97091c5f435a13b7e
Ubuntu Security Notice 945-1 - It was discovered that ClamAV did not properly reallocate memory when processing certain PDF files. A remote attacker could send a specially crafted PDF and crash ClamAV. An out of bounds memory access flaw was discovered in ClamAV. A remote attacker could send a specially crafted Portable Executable (PE) file and crash ClamAV. This issue only affected Ubuntu 10.04 LTS.
cc7d52c9fd696386c5ee3ad281de63e4fe60807ff4ac7374646f205fcc5e26d7
Nginx web server versions 0.6.36 and below suffers from a path traversal vulnerability.
c8c2faee0dfc75f1004b96cc34f362329297ccf297f8d880789ce34e25330c4c
Hampshire Trading Standards Script version 1.0 suffers from a remote SQL injection vulnerability.
bf5accb6ef4abd93273fda1984d76e43f10600b9f9d496fa5590c82eaef7ea88
Mandriva Linux Security Advisory 2010-109 - gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. This update fixes this issue.
fd37a0333074f22843b9284dc068deae15fe1b07943400355e8d7a51c292c24d
Whitepaper called Improve File Uploaders' Protections. It focuses on Windows-based web applications.
803f2abcacda9201f41388593ce11f07255874a6d23932ff67d843faf023b0fe
FreeBSD Security Advisory - The NFS client subsystem fails to correctly validate the length of a parameter provided by the user when a filesystem is mounted.
70736852d69a5ba3339928319cc037983dc3817d723837db593e3435317fcb66
FreeBSD Security Advisory - The jail utility does not change the current working directory while imprisoning. The current working directory can be accessed by its descendants.
b2bcf78251c6486bcf6a16cbff4254da82066d5d6d8dfee5d7e784cbe34d6018
Game ID version 1.0 suffers from a remote SQL injection vulnerability.
7e617a391cecdcf87c213607ed72b4dac49d2f608a91bd563b6d7eafc7c7c757
Whitepaper called Finding vulnerabilities in YaFtp version 1.0.14.
df7b6114136d60935a464739865eac6e7866ddee528d58b47d356fb5c6881b15
PPhlogger version 2.2.5 suffers from a remote command execution vulnerability.
2c7bcbb9af03ec5b07e6d5fd76175cb282bcc673f7dfed5c734c7636475ab55c
FreeBSD version 8.0 ftpd off-by-one proof of concept exploit.
a17d270d62782bdb0279584ea2dad8c8fe353c35767657f09ffda201da15d4f5
FreeBSD Security Advisory - A programming error in the OPIE library could allow an off-by-one buffer overflow to write a single zero byte beyond the end of an on-stack buffer.
131cb41ee3226c91716b15316e0d2870cb7092520923a4ace9a5c051500f74a1
Toronja CMS suffers from a remote SQL injection vulnerability.
34b152273c98f38125d61654baca295f4d75fa8ca70a3c6e90716ce0ac145e20
GlobalWebTek Design suffers from a remote SQL injection vulnerability.
0747a87831a2495367a82497ae885cb7a53aa31cf1093904ba42e92da40b6792
Realtor Website System E-Commerce suffers from a remote SQL injection vulnerability.
66261d56f25fc0c21c19aa2f2a10dcdc01a4db5549ba2394a4961579e194a0ec