Packet Storm's last 100 added files.
Last Updated: Thu May 15 13:16:38 EDT 2008


[ aid-051408.asc ] 66fe78e297c3c703c1907d3bf9ea75e9 Aruba Networks Security Advisory - A user authentication vulnerability was discovered during standard bug reporting procedures in the Aruba Mobility Controller. This vulnerability only affects customers using TACACS authentication for Controller management users. Cross-site scripting vulnerabilities were discovered during standard bug reporting procedures in the Aruba Mobility Controller. Certain malformed inputs to the web UI allow the injection of cross-site scripting (XSS) components, leading to a potential compromise of client web session integrity.  
[ altiris.pdf ] 7b154786710db1561e36d1a40d1f30cb Whitepaper discussing privilege escalation vulnerability in the Symantec Altiris Deployment Solution.  
[ 68classifieds-sql.txt ] 3b3ebdce3b4618dd50834e56127e5584 68 Classifieds version 4.0 suffers from a SQL injection vulnerability in category.php.  
[ newsmanager-rfisql.txt ] 8f5c781a660fc81ca7987d6654ef1486 Newsmanager version 2.09 suffers from remote file inclusion, remote file disclosure, SQL injection, and permission bypass vulnerabilities.  
[ kostenloses-sql.txt ] 30d1e5b0cb68d4ba861ad2483d5ed7a6 Kostenloses Linkmanagementscript suffers from multiple SQL injection vulnerabilities.  
[ symantec-escalate.txt ] c09a21fc404f17fb885125e45f0dd579 Symantec Altiris Client Service versions 6.5.248, 6.5.299, and 6.8.378 local privilege escalation exploit. Based on the vulnerability noted in MS04-019.  
[ cisco-sa-20080514-cup.txt ] fddfe8a3e45e0c202a50e5bc67fa484a Cisco Security Advisory - Administrators of systems running all Cisco Unified Presence versions can determine the software version by viewing the main page of the Cisco Unified Presence Administration interface. The software version can be determined by running the command show version active via the Command Line Interface (CLI).  
[ cisco-sa-20080514-cucmdos.txt ] f01d649c7340d9b0d53c17cf1ce68606 Cisco Security Advisory - Cisco Unified Communications Manager, formerly Cisco CallManager, contains multiple denial of service (DoS) vulnerabilities that may cause an interruption in voice services, if exploited. These vulnerabilities were discovered internally by Cisco.  
[ cisco-sa-20080514-csm.txt ] 0a7dfcd9f771e114ed6eafdd02388931 Cisco Security Advisory - The Cisco Content Switching Module (CSM) and Cisco Content Switching Module with SSL (CSM-S) contain a memory leak vulnerability that can result in a denial of service condition. The vulnerability exists when the CSM or CSM-S is configured for layer 7 load balancing. An attacker can trigger this vulnerability when the CSM or CSM-S processes TCP segments with a specific combination of TCP flags while servers behind the CSM/CSM-S are overloaded and/or fail to accept a TCP connection.  
[ debian-sploit.txt ] bc660b433dce3c75055028112f9966d3 A nice walk through discussing step by step how to brute force ssh logins using the recent Debian OpenSSL random number generator vulnerability.  
[ EC2ND-2008-CFP.txt ] 25512bf60111f41dda218b3da90bc361 Call For Papers for EC2ND. The fourth annual EC2ND conference will take place on December 11th and 12th 2008 in the Faculty of Engineering and Computing at Dublin City University.  
[ sqlfuzzer.py.txt ] 30658df42570e5cc8bf5a21363643df6 SQL Injector version 1.0 is a fuzzing utility written in Python.  
[ xsschecker.py.txt ] 87e7d424c10d56a7fc8c08dc5f96dc2a Cross site scripting fuzzing utility written in Python.  
[ msie-crosszone.txt ] ac941e58ffb4c9380b7ee22bd963676f Microsoft Internet Explorer is prone to a cross-zone scripting vulnerability in its Print Table of Links feature.  
[ idautomation-activex.txt ] bd0a4833bf16133cc511ff0451fd6589 The IDAutomation Bar Code ActiveX controller suffers from multiple vulnerabilities.  
[ AD20080514.txt ] 349d87c5c46ed91f4800ece0f2e55999 The Microsoft Malware Protection Engine is susceptible to two denial of service vulnerabilities.  
[ win32-generator.txt ] 3f071fcc1f92a0892c3107f22313a641 win32 Download and Execute shellcode generator (browsers edition).  
[ dsa-1577-1.txt ] 81f578fa45368e855560e91c2dd60d4e Debian Security Advisory 1577-1 - Stephen Gran and Mark Hymers discovered that some scripts run by GForge, a collaborative development tool, open files in write mode in a potentially insecure manner. This may be exploited to overwrite arbitrary files on the local system.  
[ dsa-1576-1.txt ] a79fd4e6e656f73f69d8c73cf16f3723 Debian Security Advisory 1576-1 - The recently announced vulnerability in Debian's openssl package (DSA-1571-1, CVE-2008-0166) indirectly affects OpenSSH. As a result, all user and host keys generated using broken versions of the openssl package must be considered untrustworthy, even after the openssl update has been applied.  
[ glsa-200805-16.txt ] c5ac7f6c3461ccefbfb9d489ee5db5b6 Gentoo Linux Security Advisory GLSA 200805-16 - Multiple vulnerabilities have been reported in OpenOffice.org, possibly allowing for user-assisted execution of arbitrary code. Versions less than 2.4.0 are affected.  
[ glsa-200805-15.txt ] a924bb8eeda8ff0dbe39e3cd31978d5e Gentoo Linux Security Advisory GLSA 200805-15 - Kentaro Oda reported an infinite loop in the file field.c when parsing an MP3 file with an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0'. Versions less than 0.15.1b-r2 are affected.  
[ USN-612-6.txt ] 1b121b32f5b219bf781da551ba98e314 Ubuntu Security Notice 612-6 - USN-612-3 addressed a weakness in OpenSSL certificate and keys generation in OpenVPN by adding checks for vulnerable certificates and keys to OpenVPN. A regression was introduced in OpenVPN when using TLS and multi-client/server which caused OpenVPN to not start when using valid SSL certificates. It was also found that openssl-vulnkey from openssl-blacklist would fail when stderr was not available. This caused OpenVPN to fail to start when used with applications such as NetworkManager. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.  
[ USN-612-5.txt ] 12c2407158560e7b8cd3525552c71aec Ubuntu Security Notice 612-5 - Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with options (such as "no-port-forwarding" or forced commands) were ignored by the new ssh-vulnkey tool introduced in OpenSSH (see USN-612-2). This could cause some compromised keys not to be listed in ssh-vulnkey's output. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.  
[ USN-612-4.txt ] fbb384be18c0b97874a042383317e896 Ubuntu Security Notice 612-4 - USN-612-1 fixed vulnerabilities in openssl. This update provides the corresponding updates for ssl-cert -- potentially compromised snake-oil SSL certificates will be regenerated. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.  
[ rgboard-rfixss.txt ] f28af15ada7cfa6dd19a7611e4129ee5 Rgboard versions 3.0.12 and below suffer from remote file inclusion and cross site scripting vulnerabilities.  
[ hordeturba-xss.txt ] 6eadbbe84f8cd8b298ef48dbfbf36532 Horde and Turbo Contact Manager suffers from multiple cross site scripting vulnerabilities.  
[ feedback-sql.txt ] 21f464b4844474eebe7e334da0b7af4b Feedback and Rating Script version 1.0 suffers from a SQL injection vulnerability in detail.php.  
[ freelance-sql.txt ] 4688f6564b2442e608a0e833731029b3 Freelance Auction Script version 1.0 suffers from a SQL injection vulnerability in browseproject.php.  
[ internetphotoshow-cookie.txt ] 9c65fb8fb64e4c7c2e5da154b8c156a5 Internet Photoshow Special Edition suffers from an insecure cooking handling vulnerability that allows for arbitrary administrative access.  
[ activekb-cookie.txt ] 2e810d72d6b158782557b88d1ffe1399 ActiveKB versions 1.5 and below suffer from an insecure cooking handling vulnerability that allows for arbitrary administrative access.  
[ asgastracker-cookie.txt ] 94b5d6605cfcdc708076e832bbe4154d AS-GasTracker version 1.0.0 suffers from an insecure cookie handling vulnerability.  
[ lanaicms-upload.txt ] 79d8311c28ed23e1e4ac9a1205284f7e La-Nai CMS versions 1.2.16 and below arbitrary file upload exploit.  
[ xsrf-paper.txt ] 8c450745dbb41e254f73345fc61d0051 Whitepaper regarding cross site request forgery attacks. Written in Spanish.  
[ officepub-corrupt.txt ] c3c39fb97be35f9f59393df7386d6245 A memory corruption vulnerability exists in Microsoft Office Publisher when it is parsing a PUB file. An attacker who successfully exploits this vulnerability can execute arbitrary code on the affected system.  
[ kostenloses-rfi.txt ] fae2a293f77133d45a58586e661fd1ff Kostenloses Linkmanagementscript suffers from a remote file inclusion vulnerability.  
[ emo-sql.txt ] 913ecff89e5dda1d8edc211a9ecdb13a EMO Realty Manager suffers from a SQL injection vulnerability in news.php.  
[ restate-sql.txt ] 3d3e7b19028a556a2e886d848b15a9a1 The Real Estate Script suffers from a SQL injection vulnerability in dpage.php.  
[ linkspile-sql.txt ] 24c9cae18ccfe87aa50764ad041ad946 Linkspile suffers from a remote SQL injection vulnerability in link.php.  
[ glsa-200805-14.txt ] fb60597d6c2b729facceb809547eadbd Gentoo Linux Security Advisory GLSA 200805-14 - Alfredo Ortega (Core Security Technologies) reported a boundary error within the Read32s_64() function when processing CDF files. Versions less than 3.2.1 are affected.  
[ ciscobbsm-xss.txt ] 2ca2083dc04f5038f679e2cf05a831d8 Cisco BBSM Captive Portal suffers from a cross site scripting vulnerability.   
[ metoforum-sql.txt ] 02d328a7a5f0480e1032bb421629f838 Meto Forum version 1.1 suffers from multiple remote SQL injection vulnerabilities.  
[ calogic-sql.txt ] 5fdfcd69e2d4b0ce12411c5ea8574b5a CaLogic Calendars version 1.2.2 suffers from a remote SQL injection vulnerability.  
[ wgcc-sql.txt ] 0cb95f9f4ef457ba2b4bacab721211ed Web Group Communication Center versions 1.0.3 PreRelease #1 and below suffer from cross site scripting and SQL injection vulnerabilities.  
[ TA08-134A.txt ] 1b674f3df657c92d13731b2e7392126e Technical Cyber Security Alert TA08-134A - Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Office, Jet Database Engine, Windows Live OneCare, Antigen, Windows Defender, and Forefront Security as part of the Microsoft Security Bulletin Summary for May 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. For more information, see the US-CERT Vulnerability Notes Database.  
[ 05.13.08-1.txt ] fd7486dbe9fda5cc2883cbfa6ad3cc65 iDefense Security Advisory 05.13.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code with the privileges of the logged in user. This vulnerability exists in the way Word handles CSS rules in an HTML document. When the number of CSS selectors is above some specific amount, an unspecified object will be corrupted causing Word to access a memory region that has already been freed. iDefense has confirmed fully patched Microsoft Word 2003 SP2, Microsoft Word XP SP3, Microsoft Word 2000 SP3 are vulnerable. Microsoft Word 2003 SP3 and Microsoft Word 2007 do not appear to be affected. Microsoft reports that all supported versions of Word, Word Viewer, and Outlook 2007 are vulnerable.  
[ ZDI-08-023.txt ] 3a4c70d8165cb815e52e832667c68280 A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious email, or open a malicious file. The specific flaw exists when parsing malformed RTF documents. When processing a combination of RTF tags a heap overflow occurs. Successful exploitation can lead to remote compromise of a system under the credentials of the currently logged in user.  
[ USN-612-3.txt ] fbc9eb044bb2cb99c735320b168eeffe Ubuntu Security Notice 612-3 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of shared encryption keys and SSL/TLS certificates in OpenVPN. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.  
[ TPTI-08-04.txt ] b0741f928fbcdfe0d4a4a46f4d209d1b A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the target opens an Office file that contains malicious Jet DB Engine objects. The specific flaw exists within the parsing of a column structure. The DWORD value from the structure that specifies the column count is trusted. If this value is changed, an inline memcpy to the stack can overflow while reading a column name. Typically Jet DB structures are used within MDB files which are considered unsafe. However, it is possible to embed such files within a trusted format, such as an Office Document (.doc). This issue allows for remote code execution under the context of the currently logged in user.  
[ e107zogo-sql.txt ] 322ae457f7fde32d03fcfd45c84f7249 The e107 zogo-shop plugin version 1.16 Beta 13 suffers from a SQL injection vulnerability.  
[ aih-sql.txt ] 2fe3fbda650d07c9ad79a11a1e801859 Advanced Image Hosting version 2.1 remote SQL injection exploit.  
[ e107blog-blindsql.txt ] b05712a59df33220ff5ee6e3f89dc461 The e107 BLOG engine plugin version 2.2 suffers from a blind SQL injection vulnerability.  
[ ajhyip-sql.txt ] 458ef9a0a2a7bbf650eacfbbef348da7 AJ HYIP ACME suffers from a remote SQL injection vulnerability in topic_detail.php.  
[ eqdkp-bypass.txt ] fe7b232aa60e6af31f20bdfe14a8ecdf EQDKP version 1.3.2f authentication bypass proof of concept exploit.  
[ USN-612-2.txt ] 08b7a276f7d12fdf3ce857fbdc45404e Ubuntu Security Notice 612-2 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. We consider this an extremely serious vulnerability, and urge all users to act immediately to secure their systems.  
[ dsa-1571-1.txt ] 3519042f913d5ce265ca79a43a1d7f92 Debian Security Advisory 1571-1 - Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package. As a result, cryptographic key material may be guessable. This is a Debian-specific vulnerability which does not affect other operating systems which are not based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation.  
[ articlelive-xss.txt ] 9fa199b5cd48bc7fdf7cc96985762f98 Interspire ArticleLive NX is vulnerable to a cross site scripting vulnerability.  
[ major_rls52.txt ] 19ba93db8b59387052a87f09e89fb657 Actual Analyzer Server versions 8.37 and below, Gold versions 7.74 and below, Pro versions 6.95 and below, and Lite versions 2.78 and below all suffer from a cross site scripting vulnerability.  
[ dsa-1575-1.txt ] a095807a32a3fc4ee13e1e39f557b145 Debian Security Advisory 1575-1 - A vulnerability has been discovered in the Linux kernel that may lead to a denial of service. Alexander Viro discovered a race condition in the fcntl code that may permit local users on multi-processor systems to execute parallel code paths that are otherwise prohibited and gain re-ordered access to the descriptor table.  
[ omerta-xss.txt ] 5dce48eef901007dbfddfcfd20143a48 Omerta versions 2.7c and 2.8 suffer from a cross site scripting vulnerability.  
[ USN-612-1.txt ] 4798966590d2c04dbeae52eda8904882 Ubuntu Security Notice 612-1 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. We consider this an extremely serious vulnerability, and urge all users to act immediately to secure their systems.  
[ megafile-sql.txt ] 7bfb2b315e9d54d4629ad395fd196d20 Mega File Hosting Script version 1.2 suffers from a remote SQL injection vulnerability.  
[ phpclassifieds-sql.txt ] 7227def1561146867845e591a1392736 PHP Classifieds Script versions 05122008 and below suffer from remote SQL injection vulnerabilities.  
[ cmsmadesimple-upload.txt ] f7c929656a32839f6177fcc805b36cb4 CMS Made Simple versions 1.2.4 and below arbitrary file upload exploit.  
[ battlenet15x-sql.txt ] b3389cf8628c8c2e58144086ac8ba012 Battle.net Clan Script versions 1.5.x and below remote SQL injection exploit.  
[ 05.12.08-1.txt ] 9a855b4f3e57f9d46308c1a0f2293ded iDefense Security Advisory 05.12.08 - Local exploitation of an input validation vulnerability within version 5.1.2600.2180 of i2omgmt.sys, as included with Microsoft Corp's Windows XP operating system, could allow an attacker to execute arbitrary code in the context of the kernel. iDefense has confirmed the existence of this vulnerability in i2omgmt.sys version 5.1.2600.2180 as installed on some Windows XP SP2 systems. All other Windows releases with this driver, including previous versions, are suspected to be vulnerable.  
[ glsa-200805-13.txt ] 15830348aa8fe782c793f470674bbf22 Gentoo Linux Security Advisory GLSA 200805-13 - Multiple issues were found in the teTeX 2 codebase that PTeX builds upon (GLSA 200709-17, GLSA 200711-26). PTeX also includes vulnerable code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12, GLSA 200711-22) and from T1Lib (GLSA 200710-12). Versions less than 3.1.10_p20071203 are affected.  
[ glsa-200805-12.txt ] 448f5fac796df4e8c92d9693409be43e Gentoo Linux Security Advisory GLSA 200805-12 - Stefan Cornelius (Secunia Research) reported a boundary error within the imb_loadhdr() function in in the file source/blender/imbuf/intern/radiance_hdr.c when processing RGBE images (CVE-2008-1102). Multiple vulnerabilities involving insecure usage of temporary files have also been reported (CVE-2008-1103). Versions less than 2.43-r2 are affected.  
[ glsa-200805-11.txt ] d9d22fd1973d39963760ae4fd6fe5097 Gentoo Linux Security Advisory GLSA 200805-11 - Chicken includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory corruption vulnerabilities (GLSA 200711-30). Versions less than 3.1.0 are affected.  
[ SSRT071403.txt ] 775ab8659a58b7670f90f607b3a6d47e HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running ftp. The vulnerability could be exploited remotely to create a Denial of Service (DoS). The Denial of Service (DoS) affects the ftp server application only.  
[ ibdmicro-sql.txt ] 81a3d19c1f162cf34b0aa3eaebddf61d IBD Micro CMS version 3.5 suffers from a SQL injection vulnerability that allows for login bypass.  
[ dsa-1574-1.txt ] 88c086a46a80505846192144f8ae384e Debian Security Advisory 1574-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. "moz_bug_r_a4" discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper. "moz_bug_r_a4" discovered that insecure handling of event handlers could lead to cross-site scripting. Boris Zbarsky, Johnny Stenback, and "moz_bug_r_a4" discovered that incorrect principal handling can lead to cross-site scripting and the execution of arbitrary code. Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code. "georgi", "tgirmann" and Igor Bukanov discovered crashes in the Javascript engine, which might allow the execution of arbitrary code.  
[ rdesktoppdu-overflow.txt ] 4dd0d30ddab49e31e492dd01e046c7fb rdesktop version 1.5.0 BSS overflow vulnerability proof of concept exploit that makes use of process_redirect_pdu().  
[ bigace-rfi.txt ] 3cf0449edfa61d072ac4cf33885c2cb1 BIGACE version 2.4 suffers from multiple remote file inclusion vulnerabilities.  
[ nipper-0.11.7.tgz ] cc6e500d2cefef2322ad8b4a1102aae1 nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing. 
[ nipper-0.11.7.zip ] e9a5c045af4cfb8381c08ab8e4c3bec7 nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing. This is the Windows version. 
[ zeuscart-sql.txt ] 9f56ae8de6f905649eebecbc325a0919 ZeusCart versions 2.0 and below suffers from a remote SQL injection vulnerability in category_list.php.  
[ ajdating-sql.txt ] 6ff250e2852d1741513ab401f4d86cac AJ Dating version 1.0 suffers from a remote SQL injection vulnerability in view_profile.php.  
[ ajclassifieds-sql.txt ] 269788aea5798db728097ce1c7ab5c03 AJ Classifieds 2008 suffers from a remote SQL injection vulnerability in index.php.  
[ ajauction-sql.txt ] 76e75e0aa524213c05795e87d51fc05c AJ Auctions versions 6.2.1 and below suffer from a remote SQL injection vulnerability in classifide_ad.php.  
[ ajarticle-sql.txt ] 15db8e649ef149755b65e4e47c37acd1 AJ Article version 1.0 suffers from a remote SQL injection vulnerability in featured_article.php.  
[ otherlogic-sql.txt ] 5d8065f2be3cb7b5b40884d3f2d1ac72 OtherLogic suffers from a SQL injection vulnerability in vocourse.php.  
[ glsa-200805-10.txt ] 7cfec10bfa57130b88afb7bff74c84e3 Gentoo Linux Security Advisory GLSA 200805-10 - It has been reported that Pngcrush includes a copy of libpng that is vulnerable to a memory corruption (GLSA 200804-15). Versions less than 1.6.4-r1 are affected.  
[ dsa-1573-1.txt ] ba15a8cc0a3d8d809028c215d0f8f9a2 Debian Security Advisory 1573-1 - Several remote vulnerabilities have been discovered in rdesktop, a Remote Desktop Protocol client. Remote exploitation of an integer underflow vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user. Remote exploitation of a BSS overflow vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user. Remote exploitation of an integer signedness vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user.  
[ dsa-1572-1.txt ] 65c9c530978f313191386160ca68b3a9 Debian Security Advisory 1572-1 - Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The glob function allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter. Integer overflow allows context-dependent attackers to cause a denial of service and possibly have other impact via a printf format parameter with a large width specifier. Stack-based buffer overflow in the FastCGI SAPI. The escapeshellcmd API function could be attacked via incomplete multibyte chars.  
[ glsa-200805-09.txt ] f5912af55302350b385b5dd9c8aea1a1 Gentoo Linux Security Advisory GLSA 200805-09 - It has been reported that the user form processing in the file userform.py does not properly manage users when using Access Control Lists or a non-empty superusers list. Versions less than 1.6.3 are affected.  
[ MDVSA-2008-100.txt ] 513fa7b59cd18f23cdf5a4d38273458e Mandriva Linux Security Advisory - A double free vulnerability in Perl 5.8.8 and earlier versions, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters.  
[ clanlite-sqlxss.txt ] efca3ad0c4a676108c64cfbd5b33cab1 ClanLite version 2.x suffers from SQL injection and cross site scripting vulnerabilities.  
[ joomlaxsstream-sql.txt ] 7300f264123bbdbaa1bba29c0167eae5 Remote SQL injection exploit for the xsstream-dm module version 0.01b for Joomla.  
[ joomladatso-blindsql.txt ] 20c1e597e468c6c4b7e4de029dd4c7a0 Remote blind SQL injection exploit for the com_datsogallery module version 1.6 for Joomla.  
[ ktools-sql.txt ] e493a4c2e2d16399af14cbc21264bed5 Ktools PhotoStore versions 3.5.2 and below suffer from multiple remote SQL injection vulnerabilities.  
[ phpblock85-rfi.txt ] e8c8a6373faf3e78bda48f06da3d9d1f PHP Block version a8.5 suffers from multiple remote file inclusion vulnerabilities.  
[ alm-sql.txt ] c278efde166d49766cb85c9dfdcf4447 Advanced Links Management version 1.52 suffers from a remote SQL injection vulnerability.  
[ hispah-sql.txt ] 56372410603357c087d00006cb931d71 HispaH Model Search suffers from a remote SQL injection vulnerability in cat.php.  
[ sazcart-sql.txt ] 4bd3e69d3bf9bc4006706b639fdfa953 SazCart versions 1.5.1 and below remote SQL injection exploit.  
[ admidio-disclose.txt ] fb96b4a0cd332e49bb1509f593db6916 Admidio version 1.4.8 suffers from a remote file disclosure vulnerability.  
[ wpgallery-sql.txt ] 6ad18afafb09a0396e624aa6cdc26680 The WordPress Photo Gallery module suffers from a remote SQL injection vulnerability.  
[ glsa-200805-08.txt ] cdb2393100a4faec5400559fd35ff0f8 Gentoo Linux Security Advisory GLSA 200805-08 - The namesx and uhnames modules do not properly validate network input, leading to a buffer overflow. Versions less than 1.1.19 are affected.  
[ glsa-200805-07.txt ] b99107d7cc4efe620d3b52050bad0f8f Gentoo Linux Security Advisory GLSA 200805-07 - LTSP version 4.2, ships prebuilt copies of programs such as the Linux Kernel, the X.org X11 server (GLSA 200705-06, GLSA 200710-16, GLSA 200801-09), libpng (GLSA 200705-24, GLSA 200711-08), Freetype (GLSA 200705-02, GLSA 200705-22) and OpenSSL (GLSA 200710-06, GLSA 200710-30) which were subject to multiple security vulnerabilities since 2006. Please note that the given list of vulnerabilities might not be exhaustive. Versions less than 5.0 are affected.  
[ glsa-200805-06.txt ] 85f645f65baa0b3fe9c141d775831681 Gentoo Linux Security Advisory GLSA 200805-06 - Viesturs reported that the default configuration for Gentoo's init script (/etc/conf.d/firebird) sets the ISC_PASSWORD environment variable when starting Firebird. It will be used when no password is supplied by a client connecting as the SYSDBA user. Versions less than 2.0.3.12981.0-r6 are affected.  
[ oracleasp-bypass.txt ] 949ba1c17d5c6ccbaf300ec9175e3dd4 The Oracle Application Server Portal 10G suffers from an authentication bypass vulnerability. Details are provided.