Mandriva Linux Security Advisory 2009-030 - Data length values in metadata Audible Audio media file (.aa) can lead to an integer overflow enabling remote attackers use it to trigger an heap overflow and enabling the possibility to execute arbitrary code. Failure on checking heap allocation on Audible Audio media files (.aa) allows remote attackers either to cause denial of service or execute arbitrary code via a crafted media file. This update provide the fix for these security issues.
2448fae9480dabfbee30745fd109ad6366e611bdd9d4839b93e762b8fd443e63
Total Video Player local universal buffer overflow exploit.
5f9935344ceff71d0ce787a1d6dea73dcc38ec45f4bd6a6799293332dae4c3f2
Ubuntu Security Notice USN-712-1 - Jan Minar discovered that Vim did not properly sanitize inputs before invoking the execute or system functions inside Vim scripts. If a user were tricked into running Vim scripts with a specially crafted input, an attacker could execute arbitrary code with the privileges of the user invoking the program. Ben Schmidt discovered that Vim did not properly escape characters when performing keyword or tag lookups. If a user were tricked into running specially crafted commands, an attacker could execute arbitrary code with the privileges of the user invoking the program.
77e456932ebdd05bc73a584e56d2845a523908dcbc0f87dc7d0ba23a4e7ed27b
PHP-CMS 1 remote blind SQL injection exploit.
afded64fc3f323cac0c8c1270b3e3adb5376506bc912052c970fdfc45b7a1ae8
E-PHP CMS suffers from a remote SQL injection vulnerability in browsecats.php.
ad615b7aa2f67777c3660d484f10d052f72008b3cc5925029756dba16b71ede0
Groone's GLink Organizer suffers from a remote SQL injection vulnerability in index.php.
8b3f23426555ecaeef1df606854df256de9bb0b6382a4ee6b1a08b9e3732768c
COMPASS SECURITY ADVISORY - NetWeaver/Web DynPro suffers from a cross site scripting vulnerability.
7224c93c7bcf9522b8f518d32e5aab9f0d37aea5781ca32ead0d93641e8059a0
Max Blog versions 1.0.6 and below suffer from a remote SQL injection vulnerability in show_post.php.
5b99846cf28e8c4f8d861700b93a0852c16dbe3a2bd7edd2178caf48755b40c9
NewsCMSlite suffers from an insecure cookie handling vulnerability.
7049b3b902170f6c0170a6a9d39a6f8e67bb66351e2b4ae950ee8adcd9b10ed4
ClickAuction suffers from a remote SQL injection vulnerability that allows for authentication bypass.
fc1f9fcdef41dadff547a0230befcf4c2f6234aaf344758752bfe5ab82a1fd98
JetAudio Basic version 7.0.3 proof of concept buffer overflow exploit that creates a malicious .m3u file.
8de9344f8f6c782900324d053090f15a7232ee12ab8d78a32eee8ea55e72074e
Multiple security risks exist in Apache Tomcat as included with CA Cohesion and products that contain CA Cohesion. These include, but are not limited to, arbitrary command execution. Affected products include CA Cohesion Application Configuration Manager 4.5, CA CMDB Application Server 11.1, and Unicenter Service Desk 11.2.
c8609f8dceb80de59813e4e08c5e56ee0e21604a9ddf888c621eda88cd823b65
OpenX version 2.6.3 suffers from a local file inclusion vulnerability in fc.php.
9be6fffc6654589b5b28189e36b36c265a1b5286217e71af87209e56267a8a70
The Joomla Flash Magazine Deluxe component suffers from a remote SQL injection vulnerability.
0495347c6d5d1b63df6b2185941a7a362171af5570df45352dda82e39c0facdd
Zinf Audio Player version 2.2.1 local buffer overflow proof of concept denial of service exploit that creates a malicious .gqmpeg file.
34f9df1c80fc96df4fdb7d271ddc2736dc11e2ab725036ba1f7205d8513ea723
Zinf Audio Player version 2.2.1 local heap overflow proof of concept denial of service exploit that creates a malicious .m3u file.
8cf6aeec8c76137e5ca994d71b12f7ecfb9048116af73e7da1c86ad37c131871
Zinf Audio Player version 2.2.1 local stack overflow proof of concept denial of service exploit that creates a malicious .pls file.
e87b137aca80ef3abb606a15246e7dcb7341eeb11457364949db9d4c4eae0e47
Zinf Audio Player version 2.2.1 local buffer overflow exploit that creates a malicious .pls file and launches calc.exe.
d7e84a348837dc984a3c166a076bab72ab897753568ccc530ce42eb9763f640f
Secunia Security Advisory - fuzion has discovered a vulnerability in ITLPoll, which can be exploited by malicious people to conduct SQL injection attacks.
f1e96eeed7a03f0fb72a0c2db1d748495f7c028ab32fce60dc560394890e7ec4
Secunia Security Advisory - k1n9k0ng has reported a vulnerability in Script Toko Online, which can be exploited by malicious people to conduct SQL injection attacks.
8a2777ccb2c57cb42400134d9d436ece0c3ea194792114a4c6b585e7b27d6a61
Secunia Security Advisory - A vulnerability has been reported in Piggydb, which can be exploited by malicious people to conduct cross-site scripting attacks.
db8eb42c12fb21b547d50a403c7e7f6df95eadd37e1f3a3a0b9e790de673ff56
Secunia Security Advisory - nuclear has discovered a vulnerability in GLinks, which can be exploited by malicious people to conduct SQL injection attacks.
1a1c5724a76420762a33c669be49cf52432ac5ad06e66893ae01c808585db526
Secunia Security Advisory - David Vieira-Kurz has discovered some vulnerabilities in ConPresso, which can be exploited by malicious people to conduct session fixation and script insertion attacks.
b0eb0c791101097871c86667dff5cfa69d55bb79f997d35bbe47e4ba645012b7
Secunia Security Advisory - A vulnerability has been reported in SHOP-INET, which can be exploited by malicious people to conduct SQL injection attacks.
48c1c1198bdac5dce132f3b0b10909cd8253fc3d62c083bfaf469e38b88b01f7
Secunia Security Advisory - Ubuntu has issued an update for ktorrent. This fixes some vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and malicious people to bypass certain security restrictions.
b94bc0a3ee2dc5dc210bddc779b14c068ba0a9e2ce7afb896b0bb0fe7f138b7d