Secunia Security Advisory - chap0 has discovered a vulnerability in D.R. Software Audio Converter, which can be exploited by malicious people to compromise a user's system.
1b2034dcadbccb609909154e80159356bb3ff7a0a15edc92ad1c511a7f2bc682
Secunia Security Advisory - Red Hat has issued an update for openoffice.org. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
ff5879a61de8fe664e3c67a77afde42c4a1147966d7c5aa6707e61ecf9b19869
Secunia Security Advisory - Fedora has issued an update for mysql. This fixes multiple vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions or potentially compromise a vulnerable system and by malicious people to cause a DoS (Denial of Service).
ef2bda1caae1b6838e8ca80b6c6f701006040eb887b9a7124937f1ff2b6c805a
Secunia Security Advisory - A security issue has been discovered in Apple Safari, which can be exploited by malicious people to potentially disclose sensitive information.
d862dc23de7af38e588e9ab0eb91145389ba1ef390c58e33825ed08a05236093
Scannedonly is a samba VFS module that ensures that only files that have been scanned for viruses are visible and accessible to the end user. Scannedonly was developed because of scalability problems with samba-vscan. Scannedonly comes in two parts: a Samba VFS module and (one or more) daemons. The daemon scans files and marks them when they are known to be clean. The samba module simply filters out files that aren't marked clean.
89e9edf66437efedf5fad8134fc523e4293b7917f1b8346840c540c6dbdfa9ff
Zero Day Initiative Advisory 10-106 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovutil.dll module which is loaded by the ovwebsnmpsrv.exe process which in turn can be reached remotely through the jovgraph.exe CGI program. By supplying overly large values to variables passed through an HTTP request a sprintf can be made to overflow a static buffer. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver.
6349a1bd3060c2050d441e1c279af5abec002cec2544760f646399fe43d792a9
Zero Day Initiative Advisory 10-105 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovwebsnmpsrv.exe process which can be reached remotely through the jovgraph.exe CGI program. When the ovwebsnmpsrv.exe process is started a function responsible for parsing command line arguments does not properly handle unrecognized options. By supplying an overly large unrecognized option through an HTTP request the error handling functionality can be made to overflow a static buffer while creating the error message. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver.
0c1a2b2d17574aa829d3fc97e050a16f7382be3ff7d6ac10bd8e37e2a78b3a82
Zero Day Initiative Advisory 10-104 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious document. The specific flaw exists in the parsing of SXVIEW records in an Excel spreadsheet. Due to the lack of checking when parsing structure items for the record it is possible to write arbitrary data to a user controlled address. Successful exploitation can lead to remote code execution under the credentials of the currently logged in user.
cbe099f36c8295d33c315678818cb80cb44f715a67c84a74ea53fbbd66066c17
TMAC is a simple bash program for randomly changing the MAC address of a Network Interface Card (NIC) on Linux .
4f6a66e27eed698a39d4a2960997b14b9c4eacfb20c36f5e8bd98b842239e67e
Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an uninitialised variable being used as size argument when copying data during parsing of certain record types. This can be exploited to corrupt memory via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Microsoft Excel 2002 is affected.
c7fcd27a138d8c91931ffa1bad82d555dfeda766e681520b3975edc5474fedb9
Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to insufficient input validation when parsing a certain record type. This may lead to a variety of errors, including corruption of data on the stack. Successful exploitation may allow execution of arbitrary code. Microsoft Excel 2002 is affected.
3317b05f07d3375ba69a0a88550df747e13c68c010f5503c80c416ee969ba63a
Image Store version 1.0 suffers from a shell upload vulnerability.
09d450eae2b58afceb32dedcc4f49d9bc14e506c6bf195b61e9b6e04fce0d820
Mandriva Linux Security Advisory 2010-112 - Multiple vulnerabilities was discovered and fixed in glibc. The updated packages have been patched to correct these issues.
1539ef48affa2bdd4ff1fbcb10baca165eb4383531035668c0ec1d1d3f31e4c6
Technical Cyber Security Alert 2010-159B - Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Office, Microsoft SharePoint Services, and Microsoft .NET Framework.
7ad057dce9e2f190780239863458217708dedd0454505abe9ed7694a314e3fd2
The Linksys WAP54Gv3 has a debug interface allowing for the execution of root privileged shell commands. Hardcoded credentials, that cannot be changed by user, can be used for accessing the debug interface.
fdf38433a8997957918a85f42b989155a632e3f26c1a3e0c4b124196a974e81a
HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code under the context of the user running the web server.
67cc3884d88a4fd6c68a1313fd79231d9a98d7e3061f3a85a03061cda3779f04
Core Security Technologies Advisory - CubeCart PHP Free and Commercial Shopping Cart suffers from a remote SQL injection vulnerability.
94116a9626ca38c007de10d783111163c26361648b8b5ad6d2ed15e85a12245c
Zero Day Initiative Advisory 10-103 - This particular vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Excel. User interaction is required in that a target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of DBQueryExt records in an Excel spreadsheet. Due to the lack of checking when parsing particular fields within the structure, it is possible to get a user-controlled pointer to be called. Successful exploitation can lead to remote code execution under the credentials of the currently logged in user.
6c1b37a29277ec5a096d645185821a76f4bcb2acb9f0399846219279154102e4
Zero Day Initiative Advisory 10-102 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page. The specific flaw exists within IE's support for the CStyleSheet object. When a style sheet array is created it contains a reference to it's root container. If the stylesheet was created as part of an element not in a markup the root container can be freed when that element is destroyed. When the application attempts to use the stylesheet after this, an invalid pointer is utilized. This can be leveraged by attackers to execute arbitrary code under the context of the user running the browser.
2b47976bc648da7eafab2b47a2a1c90e4de158f77e44a02724f02ee855b903e0
PHPList version 2.8.11 suffers from a remote SQL injection vulnerability.
0e9de7054d38234df16b6d2d493567f6c566c3c0c9e63c8242473e6b5baff14c
Phreebooks version 2.0 suffers from a cross site scripting vulnerability.
39b119cc6d0555e3eea4e7a39e9dd4986e12adaa39380b4219d824bf21a32b61
Phreebooks version 2.0 suffers from a local file inclusion vulnerability.
ac0b39dc56f65ddd39167573a3cfd15a5c730ef39e2e76c333868f165627463e
Phreebooks version 2.0 suffers from a directory traversal vulnerability.
4a6f328a9fbe8fe24fa52a29a3dbbed62ea06b3339283a2e5f5fde6dd00d720d
Zero Day Initiative Advisory 10-101 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support of the run-in display property. On insertion of a specific element with the "run-in" display property, the application will create a duplicate reference of a child element used to support that attribute. Upon destruction of the parent container, the application will then call the destructor for this child element multiple times. Successful exploitation can lead to code execution under the context of the application.
9342f3bf4b7690aedf36bbb08aa68195117842acf9998983e5af8cdc3bec36bf
iRealty PHP Real Estate Script suffers from a remote SQL injection vulnerability.
2ec18846577eb1806976c7a0e4085f4638e60640db209d2161a089926c7a1faf