CentOS 3 / 4 : freeradius (CESA-2006:0271)

Updated freeradius packages that fix an authentication weakness are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized...

FreeBSD : horde -- multiple parameter XSS vulnerabilities (09429f7c-fd6e-11da-b1cd-0050bf27ba24)

FrSIRT advisory ADV-2006-2356 reports : Multiple vulnerabilities have been identified in Horde Application Framework, which may be exploited by attackers to execute arbitrary scripting code. These flaws are due to input validation errors in the 'test.php' and 'templates/problem/problem.inc' scrip...

CVE-2006-2976

Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors...

CVE-2006-2976

CVE-2006-2976 affects Coppermine Photo Gallery, specifically the file usermgr.php, with the vulnerability present in releases prior to 1.4.7. The available documents describe an unspecified vulnerability with unknown impact and remote attack vectors, potentially tied to authorization/authenticati...

horde -- multiple parameter cross site scripting vulnerabilities

FrSIRT advisory ADV-2006-2356 reports: Multiple vulnerabilities have been identified in Horde Application Framework, which may be exploited by attackers to execute arbitrary scripting code. These flaws are due to input validation errors in the "test.php" and "templates/problem/problem.inc" script...

DSA-1089-1 freeradius - several vulnerabilities

Bulletin has no description...

Alstrasoft Article Manager Pro v1.6

Alstrasoft Article Manager Pro v1.6 - XSS & Full Path errors Homepage: http://www.alstrasoft.com Description: Article Manager Pro is the next generation article publishing system designed to make your life a whole lot easier by enabling webmasters to publish articles or news into their website in...

Publicist v0.95 - XSS And Full Path Errors

Publicist v0.95 Homepage: http://publicist.kau.se/ Description: Publicist is a free web server software, created for web papers, that allows groups of people to write and publish together on the web i.e. schools or single classes, clubs, or other groups who wish to express themselves...

CVE-2006-2314

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "" backslash byte 0x5c to be the trailing byt...

Sql injection

Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors and possibly conduct SQL injection attacks via unspecified vectors in join.php...

CVE-2006-2543

Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors and possibly conduct SQL injection attacks via unspecified vectors in join.php...

CVE-2006-2543

CVE-2006-2543 affects Xtreme Topsites 1.1. The vulnerability is in join.php and allows remote attackers to trigger MySQL errors and, possibly, conduct SQL injection via unspecified vectors. The NVD entry rates the impact at a base score of 5.1 (Medium) with a network attack vector, no authenticat...

Xtremescripts Topsites v1.1

Xtremescripts Topsites v1.1 Homepage: http://www.xtremescripts.com/topsites.php Description: Xtreme Topsites is a popular topsite PHP script for websites. Most commonly used across anime websites at the moment. The topsite will count hits/clicks in and hits out and will rank them on total hits so...

CVE-2006-2480

Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a...

CVE-2006-2413

GNUnet before SVN revision 2781 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an empty UDP datagram, possibly involving FIONREAD errors...

DEBIAN-CVE-2006-2413

GNUnet before SVN revision 2781 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an empty UDP datagram, possibly involving FIONREAD errors...

Code injection

GNUnet before SVN revision 2781 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an empty UDP datagram, possibly involving FIONREAD errors...

CVE-2006-2413

GNUnet before SVN revision 2781 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an empty UDP datagram, possibly involving FIONREAD errors...

FreeBSD : ethereal -- Multiple Protocol Dissector Vulnerabilities (21c223f2-d596-11da-8098-00123ffe8333)

Secunia reports : Multiple vulnerabilities have been reported in Ethereal, which can be exploited by malicious people to cause a DoS Denial of Service or compromise a vulnerable system. The vulnerabilities are caused due to various types of errors including boundary errors, an off-by-one error, a...

FreeBSD : libgadu -- multiple vulnerabilities (3b4a6982-0b24-11da-bc08-0001020eed82)

Wojtek Kaniewski reports : Multiple vulnerabilities have been found in libgadu, a library for handling Gadu-Gadu instant messaging protocol. It is a part of ekg, a Gadu-Gadu client, but is widely used in other clients. Also some of the user contributed scripts were found to behave in an insecure...