Secunia Security Advisory - Some vulnerabilities have been reported in Basic Analysis and Security Engine, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. 1) Some input isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This is related to: SA17314 2) Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
664f4183e341414680039000ca16f722a475f0ffec0bf7afc2d0da5708e997ac
Secunia Security Advisory - Jason Hoover has discovered a vulnerability in MigrationTools, which can be exploited by malicious, local users to disclose potentially sensitive information or to perform certain actions on a vulnerable system with escalated privileges. The vulnerability is caused due to the nis.$$.ldif temporary files being created insecurely in /tmp. This can be exploited via symlink attacks to overwrite arbitrary files with the privileges of the user running the migrate_all_online.sh script. The temporary files are world-readable are not deleted if ldapadd fails. This may disclose sensitive information such as users' password hashes. The vulnerability has been confirmed in version 46. Other versions may also be affected.
e69d45af74d3a29e2bf6c6fc22f2faa33798154c127002aacab0f6e615a37381
Secunia Security Advisory - Abducter has discovered some vulnerabilities in Pearl Forums, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information. 1) Input passed to the forumsId and topicId parameters in index.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed to the mode parameter in index.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources. Successful exploitation requires that magic_quotes_gpc is disabled. The vulnerabilities have been confirmed in version 2.4 and has also been reported in version 2.0. Other versions may also be affected.
241875297444cd4a4e33999e1bb7785220e8336ff7bf7fd393d80a6a4fbdf7a1
Secunia Security Advisory - Gentoo has issued an update for sylpheed. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. For more information: SA17492
cdb8f2eccf9cfb71a3ef7508edd9b7c15472b44541aaf1413831aa7eec00668d
Secunia Security Advisory - A vulnerability has been reported in pnmtopng, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system. The vulnerability is caused due to a boundary error when writing RGBA-palette PNG files. This can be exploited to crash pnmtopng and may allow arbitrary code execution via a specially crafted input file with exactly 256 colours. Successful exploitation requires that pnmtopng is used with the -alpha command line, and e.g. pnmtopng is used in a CGI application that allows remote users to submit image files for processing, or by tricking a user to use pnmtopng with a malicious .pnm file. The vulnerability has been reported in versions prior to 2.39. Note: Several potential malloc allocation overflow bugs have also been fixed.
2a67b238c8a336d7c27f90f087853e6afc3d41ee8449d22c4fc25797fc1d329d
Secunia Security Advisory - HACKERS PAL has discovered some vulnerabilities in Wizz Forum, which can be exploited by malicious people to conduct SQL injection attacks. 1) Input passed to the AuthID parameter in ForumAuthDetails.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed to the TopicID parameter in ForumTopicDetails.php and ForumReply.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of vulnerability #1 requires that magic_quotes_gpc is disabled. The vulnerabilities have been confirmed in version 1.20. Other versions may also be affected.
78b70584e20ab1498ea68110af703a34393d0e32a9e92fa00de339a4f7f69ccf
Secunia Security Advisory - Gentoo has acknowledged some vulnerabilities in scorched3d, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA17423
0903e4da365f0003ecbef50166cc7f6ce985cdbae58e738b2ba56b4f3fcb13af
Secunia Security Advisory - Amin Tora has reported a weakness in Cisco ASA (Adaptive Security Appliances), which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to the ASA failover testing algorithm failing to properly identify that the active firewall has failed. The standby firewall performs failover tests by sending ARP requests for the active firewall's IP addresses. This can be exploited to prevent the standby firewall from activating via spoofed ARP responses. The failover may also fail to happen if there is another device with the same IP address as the active firewall on the same network subnet. The weakness has been reported in ASA running 7.0(0), 7.0(2), and 7.0(4).
0d1639aba1d7aa19dffa7ea920fe1f0db9aca7d53b5fcd19be30ba0ce4f44bfd
Secunia Security Advisory - Debian has issued an update for acidlab. This fixes some vulnerabilities, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. For more information: SA17552
90950bec3cf0fb9158e1998b26b9e7400458c85db8c9d9b3b1020b04523c1f58
Secunia Security Advisory - trueend5 has discovered a vulnerability in Ekinboard, which can be exploited by malicious people to conduct script insertion attacks. Input passed in the forum Topic Title isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious forum post is viewed. The vulnerability has been confirmed in version 1.0.3. Other versions may also be affected.
9f175fae1b7bcc9ac28a1cea058301860ef36d24d3ca4373cd78c8d0baeb6c08
Secunia Security Advisory - rgod has discovered a vulnerability in Xoops, which can be exploited by malicious people to disclose sensitive information. Input passed to the xoopsConfig[language] parameter in class/xoopseditor/textarea/editor_registry.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources. Successful exploitation requires that register_globals is enabled and that magic_quotes_gpc is disabled. The vulnerability has been confirmed in version 2.2.3. Other versions may also be affected.
0d1ce427fb9dd7b5356b6b4e430e01193f4c202fa0861044cff60de0b098bcaf
Secunia Security Advisory - rUnViRuS has reported a vulnerability in PollVote, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the pollname parameter in pollvote.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.
a419c38bdb77b87c805d1e386772ae891318f4334d357c12cda260dc5264bbd7
Secunia Security Advisory - rgod has reported a vulnerability in the WF-Downloads module for Xoops, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the list parameter in viewcat.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that magic_quotes_gpc is disabled. The vulnerability has been reported in version 2.05. Other versions may also be affected.
f2e0d9b82eebb522e0559aa40f0b7ec7813d14b8f6af2e5366a94a7b97ffbfb1
Secunia Security Advisory - syini666 has reported some vulnerabilities in MyBulletinBoard, which can be exploited by malicious people to cause a DoS (Denial of Service), manipulate certain information, and conduct script insertion attacks. 1) Input passed to the subject field when creating a new thread isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed in the main page. 2) Some input passed in the Reputation system isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed in the user configuration panel. 3) The problem is that users can delete or move other users' private messages (PM). Successful exploitation requires knowledge of the ID number. 4) An unspecified error can be exploited to cause a Denial of Service on a vulnerable server.
d709d4dc02083dc2a4a63a3939a57f68b30a1a2724b44314e44b4aec0258c98e
Secunia Security Advisory - Two vulnerabilities have been reported in openswan-2, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the handling of IKE packets with an invalid 3DES key length can be exploited to cause a DoS. 2) An unknown error in the handling of certain specially crafted IKE packets can be exploited to cause a DoS. The vulnerabilities are related to: SA17553 The vulnerabilities have been reported in versions prior to 2.4.2.
e5506c483cdfea03647f7a679b2084145190797d0e1f8f572dd9e65398abc113
arpalert uses ARP address monitoring to help prevent unauthorized connections on the local network. If an illegal connection is detected, a program or script is launched, which could be used to send an alert message, for example.
9fa6dbc00464a0c332d3c31d644bbd9d9931dcbc6876e1f570c7d708602285ac
Whitepaper called Blocking Skype Using Squid And OpenBSD.
b6e11672d312290a29ac341bb69e71f5b97baaf44a2d7993e2f938c88277b329
Secunia Security Advisory - A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to an unspecified error in xterm. This can be exploited by malicious users to gain unauthorised access to an affected system. The vulnerability has been reported in HP-UX B.11.00, B.11.11, and B.11.23.
b1a3b38eef352b8e97b4bb1c8c59339252a01fa71ebb0884df2eac80c55cb027
Secunia Security Advisory - Debian has issued an update for abiword. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. For more information: SA16982 SA17199
290ab2d758c3c807d4c02f1629f5312fcb0df8ca805e12353feee37dc2630e86
Secunia Security Advisory - Some vulnerabilities have been reported in ACID, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. For more information: SA17314 SA17523
ca07b5b2ba9191ada28ab0e551d91b628119944a4f36d0fab9363215b2b00b96
Secunia Security Advisory - Sun has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the libike library when processing IKE messages. This can be exploited to crash the in.iked process, which causes the IPSec key management services fail. The vulnerability is related to: SA17553 The vulnerability has been reported in Solaris 9 and 10 on both SPARC and x86 platforms.
85322bf197ef5bdf0e1a0296650aceb34f76d028d0adb093160824966ad60f04
Secunia Security Advisory - Debian has issued an update for uim. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges. For more information: SA17043
b62839f9b6422190f7ec84f7e06cef10b5fe8cf2bbb3578aea575100a345bf16
Secunia Security Advisory - Fedora has issued an update for lynx. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA17372
87694fb1428506eb64e46226abe56d0ee67790c8ff21284e7bf3157af325d25a
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running xterm. The vulnerability could be exploited by a local user to gain unauthorized access.
da66a5cfb48201539eed609e943e1e4ba9cc435a7d2998bce28593c2a2acb41c
MD4 collision generator.
2bebad65909745571594f17a961b74232c8dfde3ae0949d01246d67c9c0e48a3