Secunia Security Advisory 14918
Secunia Security Advisory - Aviv Raff has reported a vulnerability in Maxthon, which potentially can be exploited by malicious people to compromise a user's system.
View ArticleSecunia Security Advisory 14907
Secunia Security Advisory - Unixware has issued an update for telnet. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.
View ArticleSecunia Security Advisory 14906
Secunia Security Advisory - Diabolic Crab has reported some vulnerabilities in RadBids Gold, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, and...
View Articlewaraxe-2005-SA041.txt
PHPNuke versions 6.x through 7.6 suffer from SQL injection flaws in their Top module.
View Articlelinksys-WET11_pass-reset.txt
The Cisco Linksys WET11 is vulnerable to having the password reset simply by going to a known URL on the administrative interface recently after the systems administrator has logged in. It is not...
View Articlesurgeftp22m1.txt
SurgeFTP is susceptible to a LEAK command denial of service vulnerability. Tested versions include SurgeFTP versions 2.2m1 and 2.2k3 Windows on English Win2K SP4, WinXP SP2.
View Articlenokia_mms_gateway_vuln.txt
Nokia MMS "Terminal Gateway" software is vulnerable to a login-bypass issue where attackers can gain access to MMSs as long as they know the phone number to which the MMS was originally sent. Exploit...
View ArticlePHPNuke76dl.txt
PHPNuke 7.6 is susceptible to multiple SQL injection vulnerabilities in the Downloads module cXIb803.13.
View ArticlePHPNuke76wl.txt
PHPNuke 7.6 is susceptible to multiple SQL injection vulnerabilities in the Web_Links module cXIb803.14.
View ArticleiDEFENSE Security Advisory 2005-04-07.1
iDEFENSE Security Advisory 04.07.05 - Local exploitation of an information disclosure vulnerability in the gr_osview command included in multiple versions of Silicon Graphics Inc.'s IRIX Operating...
View Articlemsn_plus_pass_bypass.txt
MSN Plus "locking" can be bypassed by changing the lock password. Changing the lock password does not require knowing the current lock password.
View ArticleiDEFENSE Security Advisory 2005-04-07.2
iDEFENSE Security Advisory 04.07.05 - Local exploitation of a file overwrite vulnerability in the gr_osview command included in multiple versions of Silicon Graphics Inc.'s IRIX operating system could...
View ArticleSCOSA-2005.18.txt
SCO Security Advisory - The CDE dtlogin utility has a double-free vulnerability in the X Display Manager Control Protocol (XDMCP). By sending a specially-crafted XDMCP packet to a vulnerable system, a...
View ArticleSCOSA-2005.15.txt
SCO Security Advisory - A very long HOME environment variable will cause a buffer overflow in auditsh, atcronsh and termsh.
View Articlempsb05-02.txt
ColdFusion 6.1 Updater 1 creates a directory named /WEB-INF/cfclasses, and places compiled Java .class files there. These files can be downloaded by the end user. It is possible to decompile .class...
View ArticleopentextExec.txt
OpenText FirstClass 8.0 client allows for arbitrary file execution due to insufficient validation of user input.
View ArticleGentoo Linux Security Advisory 200504-7
Gentoo Linux Security Advisory GLSA 200504-07 - Joseph VanAndel has discovered a buffer overflow in Grip when processing large CDDB results (see GLSA 200503-21). The same overflow is present in...
View ArticlephpBBupload.txt
The up.php script in phpBB 2.0.x allows malicious remote attackers to upload files and execute them with the permissions of the webserver uid.
View Articlemac_osx_java_jre_deserialization.txt
MacOSX Java Runtime Environment Remote Denial of Service. Java SDK and JRE contain a flaw which crops up when objects are being de-serialized. This affects servers which are remotely getting data fed...
View Articleissue_15_2005.pdf
Astalavista Security Newsletter Issue 15 - The latest security events, trends, tools and resources, two articles - "P2P networks - unaware employees, security threats and your organization in between"...
View ArticlepostnukeSQL.txt
PostNuke 0.760-RC3 is susceptible to SQL injection and cross site scripting attacks.
View Articlepunbb_email_sql_injection.txt
PunBB forum software contains a vulnerability where SQL injection can be performed by first entering an email address containing exploitation data into the change_email function, and then redisplaying...
View Articlemaxthon_mulvulns.txt
Maxthon (essentially a wrapper for Internet Explorer to allow tabbed browsing, plugins, etc.) can be exploited by a malicious website to read and write arbitrary local files on the machine running it.
View Articlemaxthon_arbitrary_read-write.html.txt
Maxthon arbitrary-file read/write exploit example.
View Article