Secunia Security Advisory - A vulnerability has been reported in Adobe Reader and Acrobat, which can be exploited by malicious people to bypass certain security restrictions.
5e58669f66340f63c18044c1f25cccbe9fe0d8205a0f9c0e221dcbcaaf6f4b03
Secunia Security Advisory - A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions.
25ce44530aba234c3fd4d58453369863ede2ef6f5f569a681c01f8dbc2a2fc73
Secunia Security Advisory - A vulnerability has been reported in HP DreamScreen, which can be exploited by malicious people to disclose sensitive information.
1f735d7963a070eedf34bfca2ff1fbcd33dc26677833269e57789c7c93343c34
Secunia Security Advisory - A vulnerability has been reported in Accellion File Transfer Appliance, which can be exploited by malicious people to disclose sensitive information.
749a40fdfd338995be33c648e94bdc538d325114a9a8a480b5dad065280d8a5d
Secunia Security Advisory - Red Hat has issued an update for flash-plugin. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
227757af38e1a98a1ff17d2767f0b5ab1aa80b026b5b70dc4dbbd9a87a9bc33c
Secunia Security Advisory - Some vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system.
8a199e34bddb253ef1ede76f32fe0a8e1a2642fe5651dc842871cd7412493934
Secunia Security Advisory - A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service).
e4a0b971747b2d2c986b608cef792f64911daf861b06972b9287f1f433fb85ee
Secunia Security Advisory - A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service).
8bec50ebd3685d78985c9918c0917b06b336607843da281634ba8cff3b0aaa39
iDefense Security Advisory 02.09.10 - Remote exploitation of an invalid array indexing vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing an "OEPlaceholderAtom" record. This record type is used to create a placeholder for an object (picture, text, etc.) on a slide. By providing a value greater than the size of an array, it is possible to corrupt stack memory beyond the bounds of the array with a fixed value. By overwriting critical structures like the saved return address, it is possible to execute arbitrary code.
d24ab20b5c6803e83455df245fd1d72cec4062ce382bd5942e5050ec5a1b7c50
iDefense Security Advisory 02.09.10 - Remote exploitation of a use-after-free vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing multiple "OEPlaceholderAtom" records present in a "msofbtClientData" container. This record type is used to create a placeholder for an object #picture, text, etc.# on a slide. When a certain series of these records are present, it is possible to trigger a use-after-free vulnerability, which can lead to the execution of arbitrary code.
dbd9b1e1b4fe84087828c9ac7476d63ad752095f77c348da83b6f055470ebb87
iDefense Security Advisory 02.09.10 - Remote exploitation of a heap-based buffer overflow vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs during the parsing of two related PowerPoint record types. The first record type, the "LinkedSlideAtom" record, is used to specify collaboration information for different slides. One of the fields in this record is used to specify the number of certain records that are present in the file. The code responsible for filling the array used to store the records does not perform any bounds checking when storing elements into the array. This results in a heap-based buffer overflow vulnerability.
0b18b14e0c9795855204e86c10b7b6ae28c39e0d8eb4143c1a19f92d340ad60c
Trade Manager Script suffers from a remote SQL injection vulnerability.
419d6f92e6cf69d48339e371a3c7bd31eb4b739d21e915e53391a506d7435693
Ubuntu Security Notice 899-1 - It was discovered that Tomcat did not correctly validate WAR filenames or paths when deploying. A remote attacker could send a specially crafted WAR file to be deployed and cause arbitrary files and directories to be created, overwritten, or deleted.
79dea4703a1e1264a83cf53d734c37ff6cadc030eca4eb1ca5afe6bd0dc7303e
Video Games Rentals Script suffers from a remote SQL injection vulnerability.
1c72b8a6ccfd4b4f32b9fed0ab0a9294af148a1b06f7f0c56f45e78224912e18
HP Security Bulletin - Potential security vulnerabilities have been identified with HP ProLiant Support Pack 8.30 for Windows. The vulnerabilities could be exploited remotely to execute code and to gain unauthorized access to information.
10900692b92a1dc7551b9258e1f7ab8b20ab635c81dd03190ad5a5bd88a3bc3c
RSA SecurID suffers from a cross site scripting vulnerability.
fdf3ec7c27e8f90d59244fdbd73743a4bae6f125118eeecb3bf91ae9a739fdda
apemCMS suffers from a remote SQL injection vulnerability.
e6772a891fa33d6b1eafd2e06a54b44876c11b1d2ab6c524f93761fefaf75720
myPHP Guestbook suffers from a database backup disclosure vulnerability.
5b3133e1ca5c4db149ef4df5a39730443c1be455c8a965fc68391e515fd374ac
Debian Linux Security Advisory 1994-1 - It was discovered that ajaxterm, a web-based terminal, generates weak and predictable session IDs, which might be used to hijack a session or cause a denial of service attack on a system that uses ajaxterm.
01f42fb15d52253fce43542edbfa8cbe981715dacca0392a6536379ca8948e33
This Metasploit module exploits a stack-based buffer overflow within HyleosChemView.ocx of Hyleos ChemView 1.9.5.1. By setting an overly long value to 'SaveAsMolFile()', an attacker can overrun a buffer and execute arbitrary code.
2111452c07f6f459fec0e621e32b38716a36704b4edb3b7e1ad40e65a3148000
The LWRES dissector in Wireshark version 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allows remote attackers to execute arbitrary code due to a stack-based buffer overflow. This bug found and reported by babi. This particular exploit targets the dissect_getaddrsbyname_request function. Several other functions also contain potentially exploitable stack-based buffer overflows. The Windows version (of 1.2.5 at least) is compiled with /GS, which prevents exploitation via the return address on the stack. Sending a larger string allows exploitation using the SEH bypass method. However, this packet will usually get fragmented, which may cause additional complications. NOTE: The vulnerable code is reached only when the packet dissection is rendered. If the packet is fragmented, all fragments must be captured and reassembled to exploit this issue. This version loops, sending the packet every X seconds until the job is killed.
d28668098a27e6e86e0f65642a8b1c8bf5e3de86d7aa8ab2556e021ec839c378
AlstraSoft Video Share Enterprise suffers from a remote SQL injection vulnerability.
6e8f9f98006d082edb7a449ffef3b90b71585a75d150e6ccd21cfdb75e1d4938
J.A.G. aka Just Another Guestbook suffers from a database disclosure vulnerability.
7160952509441954e71aeddc49db1ff8cb76f512249ba558a3df5fefff144b48
CD Rentals Script suffers from a remote SQL injection vulnerability.
1c150f39da53833f62886db3166a0ded1ae2258c72349491d04504ff96d88e3f
E-Books Rental Software suffers from a remote SQL injection vulnerability.
6faa08e4dd900198c365fcb97725405e3b8b02ee60c796304a1e1258406862a8