Secunia Security Advisory - HP has issued an update for Kerberos in OpenVMS. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
5f518788656b8c278ed1f6efb70d22d0abb1909323c7d4df46ddc8fdd9ae1a5e
Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft Office PowerPoint, which can be exploited by malicious people to compromise a user's system.
581763160f403c7cb77cebe5ca37e912f870dde8af8fb40d993187c2a655f4a2
Secunia Security Advisory - A vulnerability has been reported in Microsoft Office for Mac, which can be exploited by malicious people to compromise a user's system.
63dc0d27bd41ead9b550b7ba4dda7b6a6f118aeee44d4e8f9c5f816e3a158774
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
ab39d4d1501aae1192a88ba3ad33b10905069d516200ebde86bc88d123bede57
Secunia Security Advisory - HP has issued an update for Secure Web Server in OpenVMS. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges and by malicious people to conduct cross-site scripting attacks, manipulate certain data, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system.
a6a2658ece9e58267f30c1acb621699314a7e3a42c1c240c0c443ab0caed682c
Zero Day Initiative Advisory 11-157 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Firefox handles user defined functions of a nsTreeSelection element. When executing the function invalidateSelection it is possible to free the nsTreeSelection object that the function operates on. Any further operations on the freed object can result in remote code execution.
766e4f1bea6c57dd6abff97f2c936258d3c2a92aab1a04dbdb224fc0df554a53
Zero Day Initiative Advisory 11-156 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase M-Business Anywhere. Authentication is not required to exploit this vulnerability. The specific flaw exists within agsync.dll, which listens for SOAP and sync (HTTP) requests on ports 80 and 443 (HTTPS). When handling a supplied username parameter the process fails to verify the string length. This user-supplied data is then copied to a static sized buffer on the heap. A remote attacker could use this flaw to inject arbitrary code into the agd.exe process, which runs by default under the SYSTEM context.
b53828c6edcdfd2192b06d6d280ef057b3483af55ad1c2aa33de7d13444ce4fe
KeyFax Response Management System version 3.2.2.6 suffers from cross site scripting and information disclosure vulnerabilities.
a61a149c3434df8b6fdb5b0b31cf5a857eaa9a52d5b3e26a7f96a758867acfd8
peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it's possible to see all the objects in the document showing the suspicious elements, supports all the most used filters and encodings, it can parse different versions of a file, object streams and encrypted files. With the installation of Spidermonkey and Libemu it provides Javascript and shellcode analysis wrappers too. It's also able to create new PDF files and to modify existent ones.
d33183f26435322007fe6f34df27b06941c7bd1ea2307d6311f0d0bca46042eb
Zero Day Initiative Advisory 11-155 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase MBusiness Anywhere. Authentication is not required to exploit this vulnerability. The flaw exists within the agd.exe component which listens by default on TCP port 80 and 443. When calling agd!encodeUsername the process creates a 100 byte buffer on the heap. The process then blindly copies user supplied data into that fixed-length buffer without verifying that the size of the destination buffer is adequately sized. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
8d52dac8f61fda31f32be72c774a67dc768b8f5c94d3397fc6617b6985a43db0
The Postfix SMTP server has a memory corruption error when the Cyrus SASL library is used with authentication mechanisms other than PLAIN and LOGIN (the ANONYMOUS mechanism is unaffected but should not be enabled for different reasons).
701d670361d261d971bf5cb536af214e19dc67b4b2410370bfd209a2bf95cc86
HP Security Bulletin HPSBOV02683 SSRT090208 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.
a7638da01e18d2a3d9c6e84728556bb08fdb00082b9c904826eb85aa31a5870d
HP Security Bulletin HPSBOV02670 SSRT100475 - Potential vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses. Revision 1 of this advisory.
1580382bbf55fde0f91e439f0d90c3aff5767f568e5cc0fa24c41bb05a7b36a4
The Joomla Hello component suffers from a remote SQL injection vulnerability.
e405f95a160d67a8855eaec197928ff6c5e345599a15c3e4ffe6a91cca4ab733
ZAPms version 1.22 (19.04.2011) suffers from a remote SQL injection vulnerability.
b38e59e6828623fff4a93f37127a464434074f640eab744c31bdb0d797c4c2dc
Nuke Evolution Xtreme version 2.0.x suffers from a remote SQL injection vulnerability.
2e61d497ea6f217955c9f47f9961e0d86036698229b83020a806ffe0ba41f1c5