Gallery version 1.3 suffers from a cross site scripting vulnerability.
229c231ed66b5072f0c7252f95e68d812e05b303a3c4d0c7da35829d556a4e5c
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
bc9e8bf841ef64f8b06eef91eeab430f91147a3c4d7a6919826fa33b20453387
The remote manager in Novell Netware version 6.5 suffers from an HTML injection vulnerability.
d55104ed15bb268ae818564d5a27a9f645fab016c404a789b83dd37ee602b8f7
Debian Security Advisory 1631-1 - Andreas Solberg discovered that libxml2, the GNOME XML library, could be forced to recursively evaluate entities, until available CPU & memory resources were exhausted.
6c9094554c9bda05ea0527025db2031ca7ecdcbbd3fbd883d35e2efbd4657bd8
The xine free multimedia player suffers from a number of vulnerabilities ranging in severity. The worst of these vulnerabilities results in arbitrary code execution and the least, in unexpected process termination. xine-lib versions 1.1.14 and below are affected.
6ca037f9e8d51e3f07cc53661d3f13706366e6df2b215a8e1e7ad67c75a07c41
Secunia Security Advisory - Some vulnerabilities have been reported in La!cooda WIZ, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks, and malicious users to compromise a vulnerable system.
dddce2566ca62ebf43305489e657b15b449fc0e6bd919b159536de6783de3ab9
NoName Script version 1.0 suffers from a local file inclusion vulnerability in index.php.
b5059165ce522db5dd2e0b5206223b1d4b94a64fe55acb6439d7c5039ff49ecb
Vim version 3 suffers from multiple arbitrary code execution vulnerabilities.
0df0a0a662b76dfb71b8da8346939e317d1a638e718c3ebbea161707aec73cf4
The OpenVAS Team (Open Vulnerability Assessment System) has started a contest and calls for submission of patches, scripts, converters or anything else that significantly improves the OpenVAS framework and extends Open Source Network Vulnerability Testing.
1c902166709d7c8418dfe56f54563cd1fe810521ea6823311102d7a389bdd9f5
The call for papers is open for the Hackers to Hackers Conference being held in November, 2008. It will take place in Sao Paulo, Brazil.
ca3ffb6085d139655ca4126b5ac7c5b71af894cfc51d4d84edd39f71d5f94d05
Microsoft ASP.NET ValidateRequest filters can be bypassed allowing for cross site scripting and HTML injection attacks.
991d123ab5c384f1961576752ae8de0178e17504175d1d5b7d6c72a0c878c48b
Secunia Research has discovered a vulnerability in certain Trend Micro products, which can be exploited by malicious people to bypass authentication. The vulnerability is caused by insufficient entropy being used to create a random session token for identifying an authenticated manager using the web management console. The entropy in the session token comes solely from the system time when the real manager logs in with a granularity of one second. This can be exploited to impersonate a currently logged on manager by brute forcing the authentication token. Successful exploitation further allows execution of arbitrary code via manipulation of the configuration.
ca4e60fcbf1cd56bcfc9d59316819297548491779e2e6b28a1bfa5e6428c35cd
Windows Media Services (nskey.dll) on Windows 2000 Server, Advanced Server, and Datacenter Edition all suffer from a stack overflow vulnerability. Using an Active-X control that is safe for scripting/initialize, passing at least 9752 bytes to CallHTMLHelp will overwrite the EIP and remote code execution may be possible.
7dd68791afc2235b0b12444e2fd32dbc8395c768e03a777ceda41ac3bed58fe0
Secunia Security Advisory - Some vulnerabilities have been reported in Uniwin eCart Professional, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
64d1ea95b532d350e1f3917c6cb8b48c8e7ec8ca44fcdfef869dc476e99f712f
Secunia Security Advisory - e.wiZz! has discovered a vulnerability in phpBazar, which can be exploited by malicious people to conduct SQL injection attacks.
761fa4d60c1d2b1ec30d44bec7b23b2468f1fa3af0697914fa0492a9082dde8d
Secunia Security Advisory - Doz has discovered two vulnerabilities in TimeTrex, which can be exploited by malicious people to conduct cross-site scripting attacks.
30fd1519a195ddc0ca12be11a80e14a8df9442a91d4e788676341841fe6931e4
Secunia Security Advisory - A vulnerability has been reported in Xen, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially bypass certain security restrictions.
c4b8d901e7dc1770dd557f04bb11f4d032e42a8739d26e8e8bfd954a6cd9631d
Secunia Security Advisory - SirGod has discovered two vulnerabilities in Easy Site, which can be exploited by malicious people to disclose sensitive information.
cba64fa0703e020df75bf072ad8c7d5cdc71c21dcf9494b7145a7da9477628a4
Secunia Security Advisory - Red Hat has issued an update for openssh, which corrects a small number of OpenSSH packages that have been tampered with.
cd7d275235c1f477c544de546d82937b5e30ea3baf51fed2c84c991eb3bfbbee
Secunia Security Advisory - A vulnerability has been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
c1448671788db90cc9e0be174b3cc2bbbb7d0498828078c7c7e9b862a77280e2
Mandriva Linux Security Advisory - Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding. The updated packages have been patched to prevent this issue.
0ebde274e431550f35a889527dc2b914d5dea262f2c261477dd76032479d4aaa
Mandriva Linux Security Advisory - An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server. Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server. The Metisse program is likewise affected by these issues; the updated packages have been patched to prevent them.
21ab26995f3e8ac3cf68bea088a9613c7a17cdd32ee933bb7754a04a8a14dea0
Mandriva Linux Security Advisory - Alin Rad Pop found an array index vulnerability in the SDP parser of xine-lib. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. The ASF demuxer in xine-lib did not properly check the length of ASF headers. If a user was tricked into opening a crafted ASF file, a remote attacker could possibly cause a denial of service or execute arbitrary code with the privileges of the user using the program. The Matroska demuxer in xine-lib did not properly verify frame sizes, which could possibly lead to the execution of arbitrary code if a user opened a crafted ASF file. Luigi Auriemma found multiple integer overflows in xine-lib. If a user was tricked into opening a crafted FLV, MOV, RM, MVE, MKV, or CAK file, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. Guido Landi found A stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title. The updated packages have been patched to correct this issue.
cc1af7aa9af190d5e08578ee557ea3356fcedf52d35bb1e99c652fdbdc04649d
Debian Security Advisory 1630-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution.
a2c27af084e632dacda1f2b548a743f20c48db967b5e065f17020aa096f656a0
tinyCMS version 1.1.2 suffers from a local file inclusion vulnerability in templater.php.
1582e2ca40a2b46e1501addfce561fc531390d74107c85fe4c7b39dd88104320