Secunia Security Advisory - Avaya has acknowledged a vulnerability in Avaya CMS / IR, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
5cb76f182845605c9b8bd477556f453533874ace780dcb908c0bfe3f4ecefa63
Secunia Security Advisory - Mandriva has issued an update for gdm. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
cea4378345d98bdb2a717e9f34982722543a08b40e9d46731c9faeb2a64fa846
Secunia Security Advisory - Some vulnerabilities have been reported in italkplus, which potentially can be exploited by malicious people to compromise a vulnerable system.
1ed2a8ad5c77a1027e20cfb6d1fa606d4caedf309adb614c5588b466258066a9
Multiple CRLF injection aka HTTP response splitting vulnerabilities have been identified in Google AdWords which may be exploited to inject arbitrary HTTP headers.
062562a8590bce4277ad7237fb661cbe785c2f43af14a6b3863075554454d6bd
Mandriva Linux Security Advisory MDKSA-2006-231 - Local exploitation of a format string vulnerability in GNOME Foundation's GNOME Display Manager host chooser window (gdmchooser) could allow an unauthenticated attacker to execute arbitrary code on the affected system.
0c112cceaa040d6b5745441618446c47e2238310ec1b95f898cf24d1bf76a4cd
sqlmap is an automatic blind SQL injection tool capable of enumerating entire remote databases, performing an active database fingerprint and much more. The aim of this project is to implement a fully functional database mapper tool which takes advantages of web application security flaws.
0853916caa03e6bd3a882a8a311e991ff641b37315415096cb6755d48f8b090d
Ubuntu Security Notice 396-1 - A format string vulnerability was discovered in the gdmchooser component of the GNOME Display Manager. By typing a specially crafted host name, local users could gain gdm user privileges, which could lead to further account information exposure.
487405d810702e54aed8b64095819c6455709886be82d5a7157e73a96e8467ea
Kerio MailServer version 6.2.2 preauth remote denial of service exploit.
06693eabdbec0e07d5c362d68827a5701df047b339ad16062f4a59c06535f14b
iDefense Security Advisory 12.14.06 - Local exploitation of a format string vulnerability in GNOME Foundation's GNOME Display Manager host chooser window (gdmchooser) could allow an unauthenticated attacker to execute arbitrary code on the affected system. This vulnerability has been confirmed to exist in the gdm-2.14.1-1 RPM from Red Hat Fedora Core 5. The vulnerability was introduced into the gdmchooser.c file in version 1.78 of gdm2/gui/gdmchooser.c in the GNOME CVS source code repository.
60e13d7ba3ec336f69ef6b3c60e8c771e80e26eff375096edace3ed83b991b25
Hyper Access version 8.4 suffers from multiple command execution vulnerabilities.
f80fc49dfe1d0c19441f024ce5707fa40f9889fac4146b376d88524c20396f30
GenesisTrader version 1.0 suffers from source code disclosure, arbitrary file upload, and cross site scripting vulnerabilities.
ee7e2884ae63b593717c14addfc45ea732e00d65bd6aed60db1ec42f4540b836
Call For Papers for the eighth annual CanSecWest applied technical security conference - where the eminent figures in the international security industry will get together share best practices and technology - will be held in downtown Vancouver at the the Marriott Renaissance Harbourside on April 18-20, 2007.
6054c1c326863609ebd14bd8dcfb750dcb9445781692c9046b4a44dbf4c99112
Secunia Security Advisory - Ubuntu has issued an update for gdm. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
4db147a0a8418a0e00afab553f3a10233c5f34286afdb95f1b949219bcda8451
Secunia Security Advisory - A vulnerability has been reported in the gdmchooser application of the GNOME Display Manager, which can be exploited by malicious, local users to gain escalated privileges.
742a5a593cd89f7c2ef7f93e8c3226492e087a0dc7b23c5f2a824bc4905b95ba
Secunia Security Advisory - Gentoo has issued an update for links. This fixes a vulnerability, which can be exploited by malicious people to expose sensitive information and manipulate data.
2b028ea4ba5c4cbecee679de129a439963cb2ba2e8e5e3260e3abbb206e3914a
Core Security Technologies Advisory - A locally exploitable stack overflow vulnerability has been found in the mod_ctrls module of ProFTPD server. ProFTPD versions 1.3.0a and 1.3.0 are affected.
d36acaee71f87bea897777e3ff93edf6478e47c07c9a9d32a58514040e1ae1cf
IBM's DB2 suffers from a remote denial of service condition during CONNECT processing.
e3fb513c3bd7301e0e847c155ed0caa6b969013f311609b7d19963f17e1da5d3
Coolplayer versions 215 and below suffer from multiple boundary error conditions.
df5c5375bc2513702a3db5629c8089df53be7c6c76658ba4068f25baf3aac941
IIS 5.1 suffers from a flaw where it allows an ASP shell to be spawned via execute rights for IUSR_Machine.
5a7c990b18f1d8d2164f708100f81623d7bd6a8ef8350f992cd9f06143afe20a
Secunia Research has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within the exception handling of script errors. This can be exploited to corrupt memory via an HTML document containing specially crafted JavaScript that triggers certain errors simultaneously. Microsoft Internet Explorer 6.0 is affected.
dd22c9ed6d25b103da6b72c0e33253fcf2f55360ddb41df5df49a8f3b264a4d9
iDefense Security Advisory 12.12.06 - Local exploitation of a directory traversal vulnerability in ld.so could potentially allow a non root user to execute arbitrary code as root. iDefense has confirmed that Solaris 10 for both x86 and SPARC is vulnerable. It is speculated that older versions of Solaris are vulnerable as well.
6a56303b2aea9deebd5cd8cd085fcba5d42d35526149bcaa8c66c36de075f914
iDefense Security Advisory 12.12.06 - Local exploitation of a buffer overflow vulnerability in ld.so could potentially allow a non root user to execute arbitrary code as root. iDefense has confirmed that Solaris 10 for both x86 and SPARC is vulnerable. Older versions of Solaris are likely to be vulnerable as well.
21a9a1fb7b07e47ddb789eb978a278eb538aa3eaed4094520c4e5cac4e97a314
Rad Upload version 3.02 suffers from a remote file inclusion vulnerability.
ca59ec9dd17403e450af918832e392ef2d826537152c07fce23358a20094cbdf
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Anti-Virus. The specific flaw exists in the parsing of SIT archives. When a long non-null terminated filename is processed by veex.dll, a heap overflow occurs due to the miscalculation of the string's actual size. Exploitation is possible leading to remote code execution running under the SYSTEM context.
113bb902ae3854e7000b6296de7caa6c006d48c11e4e7e15ba976dc6d4b73102
Exploit for a buffer overflow in the Kerberos KBIND authentication code in the OpenLDAP slapd server for versions 2.4.3 and below. Note that the vulnerable code only exists in versions compiled with the --enabled-kbind option.
caeceb13a21843c70ef44e4acb32c112873063011f8be8a62366988ea194cee7