Secure Reality Pty Ltd. Security Advisory #7 - MarkVision is a printer administration package from Lexmark. Versions previous to v4.4 contain local root buffer overflow vulnerabilities. Fix available here.
3e763f2a074ead41c407459903496036ba90d70aba5782927022137c103963ec
Secure Reality Pty Ltd. Security Advisory #6 - phpGroupWare is a multi-user web based groupware suite written in PHP. Versions below 0.9.7 under Unix make insecure calls to the include() function of PHP which can allow the inclusion of remote files, and thereby the execution of arbitrary commands on the remote web server with the permissions of the web server user, usually 'nobody'. Fix available here.
6726f2b4b34f81a4e34dba7e545c1d74926ef384ea62801eb1b9a0aae10a731a
Secure Reality Pty Ltd. Security Advisory #5 - All 3.x versions of MailMan Webmail below v3.0.26 contain remote command execution vulnerabilities. The code contains several insecure calls to open() containing user specified data. These calls can be used to execute commands on the remote server with the permissions of the user that runs CGI scripts, usually the web server user which is in most cases 'nobody'. Fix available here.
b4dcc0b0843d1cb7fc27df32abe4794efcdd89522f9d488aea343af2e5078e74
Secure Reality Pty Ltd. Security Advisory #1 - PHP's handling of uploads permits a remote attacker to manipulate PHP applications into opening arbitrary files on the server with the permission level of the user running the server. Almost any PHP program which provides upload capability is vulnerable.
aeaf6e2aa7063b4ff85dd2c6645bd2a6aa56552e8a26b759f5817c1bbd0a2039