HP Security Bulletin - A potential security vulnerability has been identified with HP System Management
6d87d50fb9824e334817a07fa88b27c6537eab444d9cab61219d0000901cc177
Debian Security Advisory 1314-1 - Several local and remote vulnerabilities have been discovered in open-iscsi, a transport-independent iSCSI implementation. Olaf Kirch discovered that due to a programming error access to the management interface socket was insufficiently protected, which allows denial of service. He also discovered that access to a semaphore used in the logging code was insufficiently protected, allowing denial of service.
2e3112d455b4181c431639e215f8985ead559c096d2fbaab69a734e13de5e615
Various commercial IPS products fail to decode HTTP requests that contain 0x0c, 0x0b, and 0x0d instead of normal 0x20/0x09 separators.
8bd2fb21a6f9fe779b10b9809f5d7d778051d40abcfa264fa44340d85608f90a
Debian Security Advisory 1313-1 - Stefan Cornelius and Reimar Doeffinger discovered that the MPlayer movie player performs insufficient boundary checks when accessing CDDB data, which might lead to the execution of arbitrary code.
249deea05498f73ad4a3f06eaa45d4b64df7f87b34781ca7512de62b516383b5
A persistent cross site scripting vulnerability exists in the Wordpress.com dashboard.
dfaba2f61102da0059c193b2576ec0cfd98b29788b91f7a724667e8fc3e02e19
The 5th ACM Workshop On Recurring Malcode (WORM) 2007 Call For Papers has been announced. It will be held on November 2, 2007 in Alexandria, VA, USA.
7ab6cf12db2ea05d1265b04647eb4163b4b0157453df2402b32375452ad9bdcd
YaBB versions 2.1 and below suffer from a local file inclusion vulnerability that allows for remote code execution.
af958fb5a94edadc7e8f93f91b70ddb2da76329318f1774e91870c90573fdf8e
MaraDNS versions 1.2.12.05-stable and below and 1.3.04-testing and below suffer from a denial of service condition.
cca3d3cbe71291d82a55ef07a0fd35c34a7406574ef85478cf3e3bce4d8b2042
FuseTalk version 2.0 suffers from a SQL injection vulnerability in autherror.cfm.
5ebbcffcaeb54aea7359861858adc1e00f52b63b66cc98e800d62c35c2366cd1
iG Shop version 1.4 suffers from an eval inclusion vulnerability.
503e256e013dda3871574a243225434a0123140b50e47040b3018897fbd6b358
Apache Tomcat versions 4.0.0 to 4.0.6, 4.1.0 to 4.1.34, 5.0.0 to 5.0.30, 5.5.0 to 5.5.20, and 6.0.0 to 6.0.5 suffer from a cross site scripting flaw in Accept-Language header processing.
d999b15d8c14e8f9941eb0de2b9fcc406bb711763d4e143d20615de1a557bab6
iDefense Security Advisory 06.18.07 - Remote exploitation of a heap overflow vulnerability in Cerulean Studios Trillian Instant Messenger could allow attackers to execute arbitrary code as the currently logged on user. The vulnerability specifically exists due to improper handling of UTF-8 sequences. When word-wrapping UTF-8 text, the window width is improperly used as a buffer size value. As such, heap corruption can occur leading to a potentially exploitable condition. iDefense has confirmed the existence of this vulnerability in Cerulean Studios Trillian 3.1.5.1. Previous versions are suspected to be vulnerable.
eaec603cc0f1fc35245ab560fc482e2cf32d55c0def227512013cdcf240eb5f1
NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
b681fdbe64e05e8b559c50487a0c4848bd09463d30edb907db2df1c0d2d0001b
Vinetto is a tool intended for forensics examinations. It is a console program to extract thumbnail images and their metadata from those thumbs.db files generated under Microsoft Windows. Vinetto works under Linux, Cygwin(win32) and Mac OS X.
1dccf3385e5654d4cb3bbf6a757e3639b142249f8e4badbdc7f8f2388a1f6367
Nmap Parser is a Perl module that simplifies the process of developing scripts and collecting information from the XML nmap scan data, which can be obtained by using nmap's -oX switch or from the file handle of a pipe to an nmap process. It uses the XML twig library for parsing, and supports filters.
dac4ca1a6fea3548a0920a2be3347bbd7d46166ad9080a8403533fbca96928dc
PHP version 5.2.3 Tidy extension local buffer overflow exploit for win32.
77ab4ff0f5a046cb4cf44bd4a513d14d0712af937e419f340866aac22359816d
FuseTalk version 2.0 suffers from a SQL injection vulnerability.
79e424a6046bfd9991c3bc4708f02f767edba1870e8667c40d360d161345227f
fuzzylime forum versions 1.01b and below suffer from a cross site scripting vulnerability.
9ad9b369d80b57ebf091d1522196700efe20e03fd1e34f801017dcbdfef0aadc
Webif.cgi suffers from a local file inclusion vulnerability.
d547b0f34f12329ecdd8498cec0bf1512aebabcd06b980ebfceddc93406b6a97
PHP Hosting Biller version 1.0 suffers from a cross site scripting vulnerability.
7e237f155c2757d24d19d980e4a283173fa888e2c6f77f59c9789af664d74eb8
Debian Security Advisory 1312-1 - It was discovered that the Apache 1.3 connector for the Tomcat Java servlet engine decoded request URLs multiple times, which can lead to information disclosure.
d6e583ec69a0e856aaa4acac15a004b79f0f9e922d60c725400771ac6e3f4fd8