Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in Webroot Desktop Firewall, which can be exploited by malicious, local users to gain escalated privileges or bypass certain security restrictions.
9f53939db942acae7d3c9f70213ae298eb4855057ca9ad097844a58c1fa0bdeb
Secunia Security Advisory - Secunia Research has discovered a vulnerability in various HAURI anti-virus products, which can be exploited by malicious people to compromise a vulnerable system.
fd54b3fe7a89bedebaa6c55605875e577b537df6e435a49255fc2b743de6ae18
Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in PHP-Fusion, which can be exploited by malicious people to conduct SQL injection attacks.
98432a2a29430319759cf8df521047634b50c0a802ea0b69ca8da54e183eea58
Secunia Security Advisory - Laszlo Toth has discovered a security issue in Windows XP, which can be exploited by malicious, local users to gain access to certain sensitive information.
d620fa514513f2e4bc103e123f953fcb8e1317ba0aaccb513dba99a19da5dbd3
Secunia Security Advisory - Tom Ferris has discovered a weakness in Firefox, which can be exploited by malicious people to cause a DoS (Denial of Service).
e12638a11c49d2f265912c0893562589db2aeadae6dfa59654c3dbfe03e5b6b8
Secunia Security Advisory - A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.
e56716359e69675f452db39ec4c64492388bdb2537f50dc575801d005a72b28e
Secunia Security Advisory - Some vulnerabilities have been reported in Hiki, which can be exploited by malicious people to conduct cross-site scripting attacks.
73b5e61253a0144d0a6faa55a5eaa34790b4e4b6f3802cb734ee1236a3726e30
Secunia Security Advisory - Donnie Werner has reported two vulnerabilities in Tellme, which can be exploited by malicious people to conduct cross-site scripting attacks or disclose certain system information.
bde9d26e3d13f47a71e9aeef77f773a053b0025b1df42b825a3a36ebca6039ca
Secunia Security Advisory - Defa has reported a vulnerability in the Additional Images module for osCommerce, which can be exploited by malicious people to conduct SQL injection attacks.
5aca21c173c629a002b37ca8a2292970a7a692f18c0425187696eb8b8755743c
Secunia Security Advisory - Debian has issued an update for mason. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
07d8077db2bd076bafe97049f9bff1cb7e4807ef07d355bdaeb4fd72b950b34c
dietsniff is a tiny tool for analyzing traffic on a network. It is not intended to replace well-known tools like tcpdump or ethereal. It is intended for the case when a small and especially static sniffer is required. Accordingly, it is also by far not that powerful, and is also bound to Linux as a platform.
35abce5f6f8ce8d5a6c0a4d6da390156fc91e9fca47e9de4c53bc0bacd76da82
ProZilla versions 1.3.7.4 and below ftpsearch results handling client-side buffer overflow exploit.
38a4ad22cee290ee9af6ec0eb1a39417ce825b8b8606b04d60e0ab093c3a4c8e
TellMe versions 1.2 and below are susceptible to cross site scripting attacks.
e0d8d19326916e2fc873564e971c288d15bf3ace0da18692fdb232e9bac8d1fb
Secunia Research has discovered a vulnerability in ALZip, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to multiple boundary errors when reading the filename of a compressed file from ALZ, ARJ, ZIP, UUE or XXE archives. This can be exploited to cause a stack-based buffer overflow (ALZ), or a heap-based buffer overflow (ARJ / ZIP / UUE / XXE). Successful exploitation allows execution of arbitrary code when a malicious ALZ / ARJ archive is opened, or when a ZIP / UUE / XXE archive is extracted.
bffe2f2d11e5e5ac7d2a13dfed0e4b832c4f3cf66166441b3fe900aaf6803f3a
Whitepaper entitled 'Data-Mining With SQL Injection and Inference'. Paper is based on a talk given earlier this year at Blackhat Europe. It divides SQL injection data theft attacks into three classes - inband, out-of-band and inference. The first, in-band, uses the existing connection to get data out; the second, out-of-band, uses another channel, e.g. smtp by using builtin database mail functions; and lastly inference.
fcb6268f83b03e6bae5da741f0a4a4a70ef1f3e89a8ac16c3c1c47f83e4853f6
Whitepaper entitled 'Buffer Underruns, DEP, ASLR, and improving the Exploitation Prevention Mechanisms (XPMs) on the Windows platform'.
6a2fef57985b54e3b9a2d601af88045009dd270ff00aa613302b46f9fe35639b
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
07289220d1f6fa9897099dfaab158ed855928fe5e76bc56335f332f9b174d48d
Gentoo Linux Security Advisory GLSA 200510-04 - Frank Lichtenheld has discovered that the sort_offline() function in texindex insecurely creates temporary files with predictable filenames. Versions less than 4.8-r1 are affected.
ba9606996859837bda720027002667013bde2a1559e4cc702034a297af5299d0
Debian Security Advisory DSA 844-1 - A vulnerability in mod_auth_shadow, an Apache module that lets users perform HTTP authentication against /etc/shadow, has been discovered. The module runs for all locations that use the 'require group' directive which would bypass access restrictions controlled by another authorization mechanism, such as AuthGroupFile file, if the username is listed in the password file and in the gshadow file in the proper group and the supplied password matches against the one in the shadow file.
8181012eb3961d9159ac9f63277e30706b54df18f9e5c3b044c36c8b69f3972f
Debian Security Advisory DSA 843-1 - Two vulnerabilities have been discovered in the ARC archive program under Unix. Eric Romang discovered that the ARC archive program under Unix creates a temporary file with insecure permissions which may lead to an attacker stealing sensitive information. Joey Schulze discovered that the temporary file was created in an insecure fashion as well, leaving it open to a classic symlink attack.
eb2cbddd736529606b33b4da39783e988ab08f14b95f9c3258caf3b846daff7c
iDEFENSE Security Advisory 10.04.05-2 - Remote exploitation of a buffer overflow vulnerability in Symantec AntiVirus Scan Engine can allow remote attackers to execute arbitrary code. iDEFENSE Labs has confirmed the existence of this vulnerability in Symantec AntiVirus Scan Engine 4.0. The vendor has confirmed that the vulnerability also effects products utilizing Symantec AntiVirus Scan Engine 4.3, however Scan Engine 4.1 is not affected.
108341654e1a935e4d2076d655403559fe000d75561a5a6e6110ae15c2361826
iDEFENSE Security Advisory 10.04.05-1 - Remote exploitation of a buffer overflow vulnerability in the University of Washington's IMAP Server (UW-IMAP) allows attackers to execute arbitrary code. iDEFENSE has confirmed the existence of this vulnerability in Washington University imap-2004c1.
7d725edae7244a458754d80ce51bdd887cb05f856c6affc066bdd5364905672b
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Mozilla, where the vulnerability could be exploited to allow a remote, unauthorized user to execute privileged code or to create a Denial of Service (DoS).
6630a06078216319d840bb039f6ddcc1e54966ad7749cb96f94b5d3656cf51a7
HP Security Bulletin - Potential security vulnerabilities have been identified with Mozilla versions prior to 1.7.11.00 running on HP-UX, where the vulnerabilities could be exploited to allow a remote, unauthorized user to execute privileged code.
ad7cccf808fa40ec9991ff17c03c443867075efb36508a582f3f165ca92817b3
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Mozilla, where a heap overflow could be exploited to allow a remote, unauthorized user to execute privileged code.
447c5def70dcb2ede956183b5047d65de70429a61059fdbdc740977e079b05e2