Secunia Security Advisory - John Leitch has discovered a vulnerability in the Vodpod Video Gallery plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
051cd549cef7a05c964ea63af0ab44697a4c1d621aaeba0d4987f0dba70bc7cd
Secunia Security Advisory - Some vulnerabilities have been reported in Cisco Intelligent Contact Manager Setup Manager, which can be exploited by malicious people to compromise a vulnerable system.
08f8e03141348c1cbdfaec5aa6ae8a38ee3e46750e3cc43b05f794c3f4a38279
Secunia Security Advisory - A vulnerability has been reported in Novell ZENworks Handheld Management, which can be exploited by malicious people to compromise a vulnerable system.
d255f283901bef06dff181f6e6f3b24911e95b89daa1b6e61530e4c3e96eedc8
Secunia Security Advisory - Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
d467e0a8bcb680d22cadd6c39e319c22a2a6c3365d445a52b60fe6cec5439941
Secunia Security Advisory - John Leitch has discovered a security issue in the DB Toolkit plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
1f5aab1ea01d45b4f0710d0adad054625fa46e9426769b12b991c2172b954be4
DeluxeBB versions 1.3 and below remote information disclosure exploit.
39b87b4fb943d3ac274fad0d68ed1f22d928fd80c87570b1ecf6fb18525b0af3
Zero Day Initiative Advisory 10-243 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When the code encounters a TZNAME variable it allocates up to 0xFFFF bytes for the variable's value. It then proceeds to copy the value into the fixed-length buffer without checking if it will fit. By specifying a large enough string in the e-mail, an attacker can overflow the buffer and execute arbitrary code under the context of the SYSTEM user.
cf2b8c1eee1a4fba2455796399aba75a36ea4a100654d7ff0cee9383f67f47c8
Core Security Technologies Advisory - The Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of the CharStrings INDEX structure. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Mac OS X v10.5.x to view or download a PDF document containing a embedded malicious CFF font.
68f4efdb58f840ab80355a23048b12dea182facc85054b76571b1964d5254a0e
WeBid version 0.8.5P1 suffers from a local file inclusion vulnerability.
5bc0d49ec850e74c752eee1d6ab9e07d79d914d2a7decdf09e963cddad3f65c3
WeBid version 0.8.5P1 suffers from a cross site scripting vulnerability.
f0ff17211f2f42b8ea38d8389d38335766bf84651af3a0a89477ffa0754f600f
The Hackito Ergo Sum 2011 Call For Papers has been announced. It will be held from April 7th to the 9th, 2011 in Paris, France. HES2011 will be a bigger event with even more talks, focusing on hardcore computer and network security, insecurity, vulnerability analysis, reverse engineering, research and hacking, and will try to keep the high quality content.
3a31eaa1a7e5a71ea5cdfb8dd7302060a3f7b5f54ecf368cc3e210593d0d91e4
Mandriva Linux Security Advisory 2010-155 - MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service. Additionally many security issues noted in the 5.1.49 release notes have been addressed with this advisory as well.
a524f186d307832209245b071d7daa4a471c629263fcd6fbfbd50ae724e67063
Zero Day Initiative Advisory 10-242 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise Internet Agent. Authentication is not required to exploit this vulnerability. The flaw exists within the IMAP server component which listens by default on TCP port 143. When handling an IMAP LIST command with a large parameter the process attempts to free the same memory twice. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the IMAP server.
8b3616827ef624bddd373c340926e11f477a73ae12a6be8397a3813eddbcc3dc
Zero Day Initiative Advisory 10-241 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwia.exe module responsible for parsing e-mail messages received by the server. When the code encounters a Content-Type header it proceeds to parse out the numbers within its contents. The process does not properly check for signed integers and if it encounters one, it loops excessively while writing to the stack. This can be abused by a remote attacker to execute arbitrary code under the context of the SYSTEM user.
701c3c81c0adea6cbcff461a0e580d8b36f476d7aa30ec65c427dde7e963d52e
osTicket (Open Source Support Ticket System) suffers from a local file inclusion vulnerability.
3797f8f72deb5008eacc5270ae34a4b3d06f0deb3a795a8e932645e5592353e2
Whitepaper called Bypass Cross Site Scripting Filters.
98c54230f673a494f3e75cc0498f1ac15a1c3d915dc49325d4d8a69e7a1150c9
Seo Panel version 2.1.0 suffers from a file disclosure vulnerability.
e9cb9ff3fe6d43db7750582807b27f23a216be0ec5249db3d990a282940a61f4
Nevercenter Silo version 2.1.1 suffers from an insecure library loading vulnerability.
a8efe6fae5684a04b324c1c5767de49ec3e6db985ea14cf607c89df68bc2a109
There are multiple JSON hijacking vulnerabilities in Spree e-commerce and as a result, an attacker can steal confidential information such as: product costs, price and quantities and users email, encrypted passwords, tokens, OpenID identifier, phone and address as well as orders count and values by period.
129fcbe0112190916cc1826e1e039917100d9c116fdf4c0f538a86a5ca357a91
WordPress Database Interface Toolkit version 0.1.7 shell upload exploit.
e4df5996e48942d71f56bd825fdb96d3f3440d9bb868b5f67874a9a64e1a4720
WordPress SEO Tools by SEO Automatic version 3.0 suffers from a local file inclusion vulnerability.
bab6ce96a2e22b4b4b250d991550bb85f2fe4d13922cc55fac0bb96d9f5d8b30
WordPress jRSS Widget version 1.1.1 suffers from a local file inclusion vulnerability.
03d89c24ef473b925996d94e22ff0c00945e9766ea481380a99e4dc1e21f8055
WordPress Vodpod Video Gallery version 3.1.5 suffers from a cross site scripting vulnerability.
0e14073e4f5fd1df8a00560c1568756bd32ae2e41573a960d65b958eee9f427d
WordPress Survery and Quiz Tool version 1.2.1 suffers from a cross site scripting vulnerability.
1dc424c16ca8c8a6794ac98e586404cdd5bdb63bbbaa59235441734d6d8ef79b
WordPress Feed List version 2.61.01 suffers from a cross site scripting vulnerability.
d84dcfc5e1082526511f3082194886e8dc819c85d60c653c1a4d30f713a15c40