HTML Email Creator HTML Tags Multiple Buffer Overflow Vulnerabilities www.securityfocus.com | 7/30/10 1:00 AM

KVIrc '\r' Carriage Return in DCC Handshake Remote Command Execution Vulnerability www.securityfocus.com | 7/30/10 1:00 AM

Pidgin 'X-Status' Message Denial of Service Vulnerability www.securityfocus.com | 7/30/10 1:00 AM

IBM Tivoli Directory Server 'DIGEST-MD5' Denial of Service Vulnerability www.securityfocus.com | 7/30/10 1:00 AM

[SECURITY] [DSA 2077-1] New openldap packages fix potential code execution www.securityfocus.com | 7/30/10 12:31 AM

[HITB-Ann] Reminder: HITB2010 Malaysia Call for Papers Closing August 9th www.securityfocus.com | 7/30/10 12:16 AM

[security bulletin] HPSBUX02556 SSRT100014 rev.2 - HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code www.securityfocus.com | 7/30/10 12:01 AM

CFP NcN 2010 www.securityfocus.com | 7/29/10 11:46 PM

Serenity Audio Player '.m3u' File Buffer Overflow Vulnerability www.securityfocus.com | 7/29/10 1:00 AM

PHP Traverser 'mp3_id.php' Remote File Include Vulnerability www.securityfocus.com | 7/29/10 1:00 AM

Mundi Mail Multiple Remote Command Execution Vulnerabilities www.securityfocus.com | 7/29/10 12:42 AM

New vulnerabilities in Cetera eCommerce www.securityfocus.com | 7/29/10 12:27 AM

Vulnerabilities in Cetera eCommerce www.securityfocus.com | 7/29/10 12:12 AM

PhotoMap Gallery 1.6.0 Joomla Component Multiple Blind SQL Injection www.securityfocus.com | 7/28/10 11:57 PM

[security bulletin] HPSBMA02549 SSRT090158 rev.2 - HP Insight Control Power Management for Windows, Local Unauthorized Read Access to Data www.securityfocus.com | 7/28/10 11:42 PM

SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. web.nvd.nist.gov | 7/28/10 1:00 AM

Stack-based buffer overflow in KSP 2006 FINAL allows remote attackers to execute arbitrary code via a long string in a .M3U playlist file. web.nvd.nist.gov | 7/28/10 1:00 AM

Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors. web.nvd.nist.gov | 7/28/10 1:00 AM

IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors. web.nvd.nist.gov | 7/28/10 1:00 AM

SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. web.nvd.nist.gov | 7/28/10 1:00 AM

SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. web.nvd.nist.gov | 7/28/10 1:00 AM

SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. web.nvd.nist.gov | 7/28/10 1:00 AM

The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. web.nvd.nist.gov | 7/28/10 1:00 AM

SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. web.nvd.nist.gov | 7/28/10 1:00 AM

Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the box parameter. web.nvd.nist.gov | 7/28/10 1:00 AM

SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. web.nvd.nist.gov | 7/28/10 1:00 AM

SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action. web.nvd.nist.gov | 7/28/10 1:00 AM

SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. web.nvd.nist.gov | 7/28/10 1:00 AM

Cross-site scripting (XSS) vulnerability in index.php (aka the log in page) in SimpleID before 0.6.5 allows remote attackers to inject arbitrary web script or HTML via the s parameter. web.nvd.nist.gov | 7/28/10 1:00 AM

Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. web.nvd.nist.gov | 7/28/10 1:00 AM

Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe. web.nvd.nist.gov | 7/28/10 1:00 AM

OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. web.nvd.nist.gov | 7/28/10 1:00 AM

BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers. web.nvd.nist.gov | 7/28/10 1:00 AM

The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired. web.nvd.nist.gov | 7/28/10 1:00 AM

Directory traversal vulnerability in Cisco Internet Streamer, as used in Cisco Content Delivery System (CDS) 2.2.x, 2.3.x, 2.4.x, and 2.5.x before 2.5.7 allows remote attackers to read arbitrary files via a crafted URL. web.nvd.nist.gov | 7/28/10 1:00 AM

Open redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors. web.nvd.nist.gov | 7/28/10 1:00 AM

Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response. web.nvd.nist.gov | 7/28/10 1:00 AM

The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the client command queue. web.nvd.nist.gov | 7/28/10 1:00 AM

Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long HTTP request to nnmrptconfig.exe. web.nvd.nist.gov | 7/28/10 1:00 AM

SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. web.nvd.nist.gov | 7/28/10 1:00 AM

Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. web.nvd.nist.gov | 7/28/10 1:00 AM

Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function. web.nvd.nist.gov | 7/28/10 1:00 AM

Stack-based buffer overflow in Fat Player 0.6b allows remote attackers to execute arbitrary code via a long string in a .wav file. NOTE: some of these details are obtained from third party information. web.nvd.nist.gov | 7/28/10 1:00 AM

SQL injection vulnerability in video.php in EMO Breader Manager allows remote attackers to execute arbitrary SQL commands via the idd parameter. web.nvd.nist.gov | 7/28/10 1:00 AM

Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors. web.nvd.nist.gov | 7/28/10 1:00 AM

SQL injection vulnerability in the Ozio Gallery (com_oziogallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. web.nvd.nist.gov | 7/28/10 1:00 AM