Joomla A Cool Debate component version 1.0.3 suffers from a local file inclusion vulnerability.
e03c70e6830a95bd19a0e07f540b560e329839d04b516b6b4d70b54a2b1e42cb
AiCart version 2.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
d4064aee1d33bfdc3ab27932d8faf5714072e60f83af00d5db6703244d353e57
The Joomla Free Consultation component suffers from a shell upload vulnerability.
3dbeac7570aba2a4d0b5f363f1566b067ea446a36bc5ef45143a9ba9b97b1057
WeBid version 1.0.2 suffers from multiple cross site request forgery vulnerabilities.
05b7ea39d283319d934b014dec9d61011e8ed16e7a7ca7a370459f06d5a073bc
ImmoPHP version 1.1.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
05a327d6c96b95010a10c9c036e72076351356bc240c50e97f28b261444dcb68
Miniblog version 1.0.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
8b565f2831b1710eebd03f8ffad05323b9419a9dbb712cca3ad4c811d6d17212
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer underflow error in the Object Linking and Embedding (OLE) Automation component when processing malformed Windows Metafile (WMF) data via the "_PictLoadMetaFileRaw()" function, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.
0bcbe6ddf0f6d9f9565bd58d17901ffc57ad45dde4e3569f63328534b3f27176
EQDKP Plus versions 0.6.4.5 and below suffer from a cross site scripting vulnerability.
72d9c8f4d6b72f953096a645576534585fea819967a019175610dd26f398afc1
myBloggie version 2.1.6 suffers from a remote SQL injection vulnerability.
9100ce6e2002fd13b7e37a95eaf2aa28615a7922545368ed8f273d60567f928a
e107 version 0.7.25 suffers from cross site scripting and remote SQL injection vulnerabilities.
508e2264de222779d99c876535fa46cd425719bf284a3b07ccab07ccbe1fd70d
Secunia Security Advisory - Red Hat has issued an update for java-1.6.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
e3fe3314d9ddb2f1d6f5503c0a2b1be127e29bd4960c5f6398ca301902d31727
Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in e107, which can be exploited by malicious users to conduct SQL injection attacks.
6d185a8b7325a6e13da628f62531b50827d7cf3b20e8a97c75cb335faec2cf8b
HP Security Bulletin HPSBUX02657 SSRT100460 1 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS). Revision 1 of this advisory.
3ef8602f6dfa5b0b1dc32e28f78484581f6ab01005aa9deb6b822ca3df996745
Mandriva Linux Security Advisory 2011-110 - Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow.
2fdbbf771f216ac57653ff70385e0996b57fbad35d9dd3b2bb53e51bd41d7159
The Smart Communication Protocols and Algorithms (SCPA 2011) Call For Papers has been announced. It will take place December 5th through the 9th, 2011 in Houston, Texas in conjunction with Globecom 2011.
2d364a033aad26df0b00f9e7fb447a052e1e411cdc326d6b7a27b1aaeeb756ab
Taha Portal version 3.2 suffers from a cross site scripting vulnerability.
c0db6a706663ac481b133e17f3c955886ae9757b79682b088de95c62f8e61709
HTTP Bog is a slow HTTP denial-of-service tool that works similarly to other attacks, but rather than leveraging request headers or POST data Bog consumes sockets by slowly reading responses. Requires .NET 3.5. Written in C#.
21b49d0423d9dfda5e5ab125414ed0306b679f58a4bc84e2b5e2625ab7253788
57 bytes small OpenBSD/x86 execve("/bin/sh") shellcode.
031406f5d641637744283f2f8f37b2fbe0869e2adeff064ca915a34de216ad54
iDefense Security Advisory 06.14.11 - Remote exploitation of a heap overflow vulnerability in Adobe Systems Inc.'s Shockwave could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when Shockwave processes a maliciously constructed "DRCF" chunk. Specifically, when parsing a substructure inside of this chunk, it is possible to trigger a code path that leads to an incorrect string copy operation. The vulnerable code performs a certain operation on a heap-based buffer, which has the effect of overwriting the NULL terminator of the string in the middle of the copy operation. This will lead to an endless copy loop until the read operation hits the end of the memory segment. This operation writes beyond the allocated heap buffer, and can lead to the execution of arbitrary code. Shockwave Player version 11.5.9.620 and prior are vulnerable.
3b0ec1fef75086d0e796f5ce1dea0706958798bc9b403f2258059ba1d3e7612f
iDefense Security Advisory 06.14.11 - Remote exploitation of a integer signedness vulnerability in Adobe Systems Inc.'s Shockwave could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when Shockwave processes a maliciously constructed "Lscr" record. This record can embed Lingo script code, which is Shockwave's scripting language. The vulnerability occurs when processing certain opcodes. Specifically, a 32-bit value from the file is used as an offset into a heap buffer without proper validation. When comparing the value to the maximum buffer size, a signed comparison is performed. By using a negative value, it is possible to index outside of the allocated buffer. This results in data outside of the buffer being treated as a valid pointer, and this pointer is later used as the destination of a write operation. This can corrupt an arbitrary memory address, which can lead to the execution of arbitrary code. Shockwave Player version 11.5.9.620 and prior are vulnerable.
952c40d913beb9b78faaad430aeb7a3d76e8f0453128f6534822d4e3d407462d
Secunia Security Advisory - A vulnerability has been reported in Hitachi Web Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
c4900f6f71739d6e1e711dad69cd173b9ffebe097dafda9be5bc075b4d30198a
Secunia Security Advisory - SUSE has issued an update for php5. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
8e067f3268d65ffbd5866153e41b44c1019700edaccada4ae5296369c4e7de88
Secunia Security Advisory - Ubuntu has issued an update for libvirt. This fixes two vulnerabilities, which can be exploited by malicious, local users in a guest system to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service).
6f3f402554469a8efda9cce183cf69977e9d9a50552acfcf88209429e6211f70
Secunia Security Advisory - OpenVZ has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, disclose certain system information, cause a DoS (Denial of Service), and gain escalated privileges and by malicious people to cause a DoS (Denial of Service).
3faceb0ad836fc74828769f16d6231d174d879cb15be85b7261b84889c958188
Secunia Security Advisory - SUSE has issued an update for groff. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
85fab29d10d54100e8fbd82d269b73105e01de15543ad9914fa2056275927413