Slackware Security Advisory - New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
b704efd34fea020dfef8a9b9848cf0433a54a6adea560c6b21f2008b64fa9306
Whitepaper called Dissecting Java Server Faces for Penetration Testing. This paper is divided into two parts. In the first part, they discuss the internals of JSF, a Java based web application framework and its inherent security model. In the second part, they discuss about the security weaknesses and applied security features in the JSF. In addition, they also raise a flag on the security issues present in JSF in order to conduct effective penetration testing.
bb2851a7d694bdfdc081c72877ac631b96b1d0fc6f302e1493882794b986f6d1
RSA, the security division of EMC, announces security fixes to address two security vulnerabilities in RSA enVision. These include arbitrary file retrieval and credentials being mailed in the clear.
21733d753cf541d05c9bdb1f1335a9efc8d4ec5ead044111b3d8aaaab1ffcf89
GLPI versions 0.80.1 and below suffer from a database information disclosure vulnerability.
5eed314db85dc74bd217874b0c50d69d31f0f589c508750bace80938534ca81f
WordPress SendIt plugin versions 1.5.9 and below suffer from a remote blind SQL injection vulnerability.
7106e3bbbc0f0a17bb69813ffc8c3ed81a8b43adfde17b2f5ade3a8ee682330b
Whitepaper called Demystifying the Android Malware. It dives into various phases to discuss the hows and whys behind malware implementation for Android.
ad9e4c33e888d2a10ee1d2ca15fbe4ebac9bb71fc66331e213a36b8563c018b5
Studiomenozzi suffers from a remote SQL injection vulnerability.
e2e3878a7699b0bf0fab22d8b32868d3347e3d5e5073e7c9b51901cda7c29621
Ninuz suffers from a remote SQL injection vulnerability.
bc6d012e5c1d60b0ec9f1046ed573709c4619cd86100d5df4f666e8f2d6069b6
Arya Web suffers from a remote SQL injection vulnerability.
5772c0532f7af420f6af95ca64a90c64f0cb8f73f48dff2dbb9f3d6a85a4f42b
A vulnerability exists in the NetSaro Enterprise Messenger Server Administration Console allowing a remote attacker to obtain unauthenticated access to the applications source code. Attackers may make HTTP GET requests and append a Null Byte to allow download of the source code for the applications web pages. An attacker does not need to authenticate to obtain access to source code for pages that usually require authentication prior to viewing.
1231ae3590ce9f439d6b83bc44f312d176de967ea3fd246651485e8e72f9d537
Microsoft Report Viewer controls suffer from a cross site scripting vulnerability. Microsoft Report Viewer Redistributable 2005 SP1 and Microsoft Visual Studio 2005 Service Pack 1 are affected.
4d9788bddcd51301180727fdb8f1bfb7d0282f2267bc50035868014db7f5b3e7
The LedgerSMB development team has found an SQL injection issue in LedgerSMB version 1.2.24. Because this issue stems from their common SQL-Ledger heritage, it affects all versions of LedgerSMB and has been confirmed in SQL-Ledger version 2.8.33.
d46a40d761ab4f653c338833304f4974937256b45896dba52e8970d226b6ce1c
Lumension Device Control (formerly Sanctuary) version 4.4 SR6 suffers from a remote memory corruption vulnerability.
c57ef1704cb0c41b6705165642f98b7d6449b19cbe982463e50749ab3173be60
Zazavi versions 1.2.1 and below suffer from cross site request forgery and shell upload vulnerabilities.
efc0457b3c527d10101324b43740b9416fa5f5c1b0f2473292acd3a5160b1f47
SmartCMS suffers from a cross site scripting vulnerability.
72b51cc5ee1af6fcd43e3eb3cecfbb596d54706bd14bba01df086d4331da7384
A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPd server. Both the 1.3 and 2.x releases are affected. An attack tool is circulating in the wild. Active use of this tool has been observed. The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server.
a9690ce85ab38ad4c6cee06d55ad11d445eea51f1cdb17fcbcf5b56233597938
Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM Rational ClearCase / ClearQuest, which can be exploited by malicious people to cause a DoS (Denial of Service).
f689b815bb19801e01331128320dd168c381c78360367037b2a583098f264f7e
Secunia Security Advisory - MustLive has discovered two vulnerabilities in neolao FLV Player Multi / Maxi, which can be exploited by malicious people to conduct cross-site scripting attacks.
a67b6e25f69a29517cc95cc007b863dfa9a13aa9021dbfda51a6d6a9b7e4c109
Secunia Security Advisory - A vulnerability has been reported in Apache Wicket, which can be exploited by malicious people to conduct cross-site scripting attacks.
77917786ac8d670b1955d48a208120a0a4b8c00d4822d79141d64e428f81c2ed
Secunia Security Advisory - A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to conduct cross-site scripting attacks.
2c063a72930cf9f627aeebba359665be95b2bf3a97767ae9493c5b20b80060cc
Secunia Security Advisory - A vulnerability has been discovered in VicBlog, which can be exploited by malicious people to conduct SQL injection attacks.
25b2c10661d9dbc640fdf707592272c4d66e4d0fedde2bd648bd4206f2bb8035
Secunia Security Advisory - A vulnerability has been reported in CommodityRentals Books/eBooks Rentals Script, which can be exploited by malicious people to conduct cross-site scripting attacks.
ae01f926b0c695817b4e2a6189b1b0462eb31b47d1f9252c91198b9e67face15
Secunia Security Advisory - A vulnerability has been discovered in the Redirection plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
412f9d361e731ab5b2e205b00f2e0794f8472d9544b8ec30f36413eb637fc2fd
Secunia Security Advisory - Some vulnerabilities have been reported in the WordPress-Amazon-Associate plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
155ffa0806a5c5f715e065d2ebc348ed6321a229f4dc5082c949077cfd1b8567
Secunia Security Advisory - SUSE has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
594154926efe0e8b2c8a242becae22d9d1aa2f0a809662a973da6713f137e7e8